Jump to content


Photo

There's something suspicious about this computer...


  • This topic is locked This topic is locked
21 replies to this topic

#1 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 21 December 2010 - 02:47 PM

There are no popups or really obvious malware symptoms, yet something definitely does seem to be wrong with this computer:

1) Malwarebytes doesn't work. Typically, it will start up and then disappear after a few seconds. I've tried changing the name of the executable a couple different ways, manually installing updated versions of the entire program and rules files, but nothing helps.

2) In preparation for posting here, I read the FAQ and tried running SecurityCheck as well. It didn't work. The window said "Collecting information done", then "Preparing", and then there was an error "Objlist.ext has encountered a problem and needs to close, etc." The SecurityCheck window read "Preparing Done!" at that point, and hung forever.

3) The system tends to be more sluggish than it ought to be. There are also occasional, unexpected shutdowns, and sometimes it will hang on startup. For the startup hangs, unplugging it and trying again will usually work.

4) There don't seem to be problems with other programs, just Malwarebytes and SecurityCheck.

5) I verified that all programs are up-to-date: dds, SecurityCheck and HijackThis were all downloaded today. Malwarebytes was updated today on another computer and all the files (including user files) copied over manually.

I am not sure what to make of this, due to the inability to run Malwarebytes and SecurityCheck. However, HiJackThis and dds both worked fine, so I am going to post their log files here and see if you guys can spot anything wrong, or offer any suggestions on what might be going on.

Here are the logs:



DDS (Ver_10-12-12.02) - NTFSx86
Run by kelli at 14:19:21.99 on Tue 12/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2784 [GMT -6:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\kelli\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261588921093
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 192.168.0.1 members.oshkoshchamber.com
Hosts: 192.168.0.1 events.oshkoshchamber.com
Hosts: 192.168.0.1 sbaweb.oshkoshchamber.com
Hosts: 192.168.0.1 shop.oshkoshchamber.com

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-4-21 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-4-21 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-4-21 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-23 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101221.002\NAVENG.SYS [2010-12-21 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101221.002\NAVEX15.SYS [2010-12-21 1360760]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-19 1390976]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-15 38224]

=============== Created Last 30 ================

2010-12-21 16:18:54 -------- d-----w- c:\windows\pss
2010-12-21 16:10:27 -------- d-----w- c:\docume~1\kelli\applic~1\Malwarebytes
2010-12-13 19:45:15 -------- d-sh--w- c:\documents and settings\kelli\IECompatCache
2010-12-08 15:35:27 -------- d-sh--w- c:\documents and settings\kelli\PrivacIE

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 14:20:28.99 ===============







Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:14 PM, on 12/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\kelli\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1261588921093
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OshkoshChamber.local
O17 - HKLM\Software\..\Telephony: DomainName = OshkoshChamber.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = OshkoshChamber.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7424 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 24 December 2010 - 03:21 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 24 December 2010 - 09:29 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Nothing suspicious was found on your logs.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 28 December 2010 - 08:57 AM

TDSSKiller apparently didn't find anything. The report is below.

Combofix ran through 50 steps, then said it was removing a couple of files. Then after a couple of minutes the computer went black and restarted. I am guessing Combofix did not finish, because there was no ComboFix.txt produced.


2010/12/28 08:32:18.0635 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/28 08:32:18.0635 ================================================================================
2010/12/28 08:32:18.0635 SystemInfo:
2010/12/28 08:32:18.0635
2010/12/28 08:32:18.0635 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/28 08:32:18.0635 Product type: Workstation
2010/12/28 08:32:18.0635 ComputerName: 2009BOEHM
2010/12/28 08:32:18.0635 UserName: kelli
2010/12/28 08:32:18.0635 Windows directory: C:\WINDOWS
2010/12/28 08:32:18.0635 System windows directory: C:\WINDOWS
2010/12/28 08:32:18.0635 Processor architecture: Intel x86
2010/12/28 08:32:18.0635 Number of processors: 2
2010/12/28 08:32:18.0635 Page size: 0x1000
2010/12/28 08:32:18.0635 Boot type: Normal boot
2010/12/28 08:32:18.0635 ================================================================================
2010/12/28 08:32:18.0931 Initialize success
2010/12/28 08:32:32.0369 ================================================================================
2010/12/28 08:32:32.0369 Scan started
2010/12/28 08:32:32.0369 Mode: Manual;
2010/12/28 08:32:32.0369 ================================================================================
2010/12/28 08:32:33.0056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/28 08:32:33.0103 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/28 08:32:33.0166 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/28 08:32:33.0228 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/28 08:32:33.0338 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/12/28 08:32:33.0447 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/28 08:32:33.0463 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/28 08:32:33.0650 ati2mtag (02b985fc4d5ba17e528f7c9f889f7d22) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/28 08:32:33.0760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/28 08:32:33.0806 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/28 08:32:33.0853 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/28 08:32:33.0931 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/28 08:32:33.0994 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/28 08:32:34.0010 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/28 08:32:34.0025 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/28 08:32:34.0150 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/28 08:32:34.0213 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/28 08:32:34.0260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/28 08:32:34.0291 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/28 08:32:34.0322 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/28 08:32:34.0369 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/28 08:32:34.0463 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/28 08:32:34.0510 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/28 08:32:34.0635 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/28 08:32:34.0666 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/28 08:32:34.0728 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/28 08:32:34.0775 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/28 08:32:34.0791 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/28 08:32:34.0822 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/28 08:32:34.0853 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/28 08:32:34.0931 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/28 08:32:34.0994 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/28 08:32:35.0041 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/28 08:32:35.0103 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/28 08:32:35.0181 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/28 08:32:35.0244 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/28 08:32:35.0322 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/28 08:32:35.0338 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/28 08:32:35.0353 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/28 08:32:35.0385 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/28 08:32:35.0431 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/28 08:32:35.0494 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/28 08:32:35.0525 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/28 08:32:35.0541 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/28 08:32:35.0588 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/28 08:32:35.0635 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/28 08:32:35.0681 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/28 08:32:35.0760 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/12/28 08:32:35.0806 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/28 08:32:35.0869 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/28 08:32:35.0916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/28 08:32:35.0963 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/28 08:32:35.0978 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/28 08:32:36.0010 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/28 08:32:36.0056 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/28 08:32:36.0103 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/28 08:32:36.0135 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/28 08:32:36.0166 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/28 08:32:36.0181 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/28 08:32:36.0244 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/28 08:32:36.0291 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/12/28 08:32:36.0306 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/28 08:32:36.0416 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101227.034\NAVENG.SYS
2010/12/28 08:32:36.0463 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101227.034\NAVEX15.SYS
2010/12/28 08:32:36.0588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/28 08:32:36.0650 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/28 08:32:36.0697 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/28 08:32:36.0806 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/28 08:32:36.0869 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/28 08:32:36.0931 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/28 08:32:36.0978 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/28 08:32:37.0056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/28 08:32:37.0119 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/28 08:32:37.0181 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/28 08:32:37.0244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/28 08:32:37.0260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/28 08:32:37.0322 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/28 08:32:37.0353 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/28 08:32:37.0400 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/28 08:32:37.0416 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/28 08:32:37.0431 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/28 08:32:37.0478 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/28 08:32:37.0635 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/28 08:32:37.0681 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/28 08:32:37.0697 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/28 08:32:37.0713 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/28 08:32:37.0806 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/28 08:32:37.0838 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/28 08:32:37.0869 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/28 08:32:37.0931 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/28 08:32:37.0963 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/28 08:32:38.0010 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/28 08:32:38.0056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/28 08:32:38.0088 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/28 08:32:38.0150 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/28 08:32:38.0181 RTLE8023xp (b0e1648aae1e59bdd0854af07a605399) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/28 08:32:38.0260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/28 08:32:38.0306 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/28 08:32:38.0338 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/28 08:32:38.0385 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/28 08:32:38.0525 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/28 08:32:38.0572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/28 08:32:38.0744 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/28 08:32:38.0869 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/12/28 08:32:38.0931 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/12/28 08:32:39.0056 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/12/28 08:32:39.0103 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/28 08:32:39.0166 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/28 08:32:39.0260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/28 08:32:39.0338 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/28 08:32:39.0369 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/28 08:32:39.0447 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/28 08:32:39.0494 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/28 08:32:39.0572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/28 08:32:39.0603 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/28 08:32:39.0728 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/28 08:32:39.0806 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/28 08:32:39.0869 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/28 08:32:39.0947 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/28 08:32:39.0978 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/28 08:32:39.0994 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/28 08:32:40.0025 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/28 08:32:40.0056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/28 08:32:40.0088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/28 08:32:40.0103 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/28 08:32:40.0166 VIAHdAudAddService (8586d10602ff4994e0f56a13a47d2b28) C:\WINDOWS\system32\drivers\viahduaa.sys
2010/12/28 08:32:40.0338 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/28 08:32:40.0400 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/28 08:32:40.0447 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/28 08:32:40.0494 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/28 08:32:40.0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/28 08:32:40.0588 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/28 08:32:41.0666 ================================================================================
2010/12/28 08:32:41.0666 Scan finished
2010/12/28 08:32:41.0666 ================================================================================

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 28 December 2010 - 09:28 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

===

When the run is complete.

Please download MBRCheck.exe and save it to your desktop - not a folder on the desktop - save it directly to the desktop.


* Be sure to disable your security programs.
* Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
* A window will open on your desktop.
* if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
* If nothing unusual is found just press Enter
* A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
* In your next reply, please include the log from MBRChecker.
====

Run the ComboFix tool and submit the log is you can.

Let me know what issues persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 28 December 2010 - 02:25 PM

Before running rkill I made sure that Symantec Endpoint was disabled.

rkill.exe ran, and partway through, the taskbar and all desktop icons disappeared. I don't know if that is normal, so I rebooted and tried it again with rkill.com. The same thing happened. In both cases, rkill didn't report anything unusual.

MBRCheck apparently found nothing. I've included the log below.

I then ran ComboFix again. Right at the beginning, it gave me a warning that Symantec Endpoint Protection was active, even though the system tray icon indicated it wasn't. Just to be sure, I opened the Symantec application to verify that protection was turned off. Still, ComboFix insisted that it was active and to only continue at my own risk. Not knowing for sure how to exit at that point, I clicked the red "X" on the warning dialog, and from there ComboFix continued running. Early in the scan, the taskbar and desktop icons disappeared again. The scan continued, much slower than the last time I tried. It went through stage 50 and then produced a log file successfully, which I've included at the bottom of this post.

One final oddity--I save all of these logfiles onto a USB flash drive to move them over to my own computer. When I attempted to "stop" the USB drive, I received a warning that it was unable to stop, due to being in use. This was odd, because there were no applications open which might have been using it. I waited a bit and tried again--same error. Finally I just gave up and yanked the drive out.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x001c115c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xBA288000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xB5967000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB5953000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB5930000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA298000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB590D000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB58E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB58C1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB58AD000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA568000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA709000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA570000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB5896000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB5885000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA318000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB5855000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA138000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB57CF000 \SystemRoot\system32\DRIVERS\update.sys
0xBA590000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA148000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA158000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9045000 \SystemRoot\system32\drivers\viahduaa.sys
0xA9021000 \SystemRoot\system32\drivers\portcls.sys
0xBA1B8000 \SystemRoot\system32\drivers\drmk.sys
0xA8CF7000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xA8A44000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101228.002\NAVEX15.SYS
0xA8A1F000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xA8A0B000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101228.002\NAVENG.SYS
0xBA554000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA558000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA248000 \SystemRoot\system32\drivers\usbaudio.sys
0xBA268000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xBA5F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7A9000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA458000 \SystemRoot\System32\drivers\vga.sys
0xBA5FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA460000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB52DF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA89D8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA897F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8957000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8931000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA278000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA890F000 \SystemRoot\System32\drivers\afd.sys
0xB5373000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA88A5000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xA887A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA880A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB5353000 \SystemRoot\System32\Drivers\Fips.SYS
0xA87AC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA878F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB5333000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA874F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8BAF000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA480000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA755000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF068000 \SystemRoot\System32\ati2cqag.dll
0xBF107000 \SystemRoot\System32\atikvmag.dll
0xBF18E000 \SystemRoot\System32\atiok3x2.dll
0xBF1EE000 \SystemRoot\System32\ati3duag.dll
0xBF4CE000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA580E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5461000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA5201000 \SystemRoot\system32\DRIVERS\srv.sys
0xA4DD8000 \SystemRoot\System32\Drivers\HTTP.sys
0xA4C33000 \SystemRoot\system32\drivers\wdmaud.sys
0xA4CC0000 \SystemRoot\system32\drivers\sysaudio.sys
0xA4579000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA454E000 \SystemRoot\system32\drivers\kmixer.sys
0xBA378000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
652 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
736 C:\WINDOWS\system32\services.exe
748 C:\WINDOWS\system32\lsass.exe
920 C:\WINDOWS\system32\ati2evxx.exe
964 C:\WINDOWS\system32\svchost.exe
1048 svchost.exe
1144 C:\WINDOWS\system32\svchost.exe
1264 C:\Program Files\Symantec AntiVirus\Smc.exe
1356 svchost.exe
1408 svchost.exe
1532 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1720 C:\WINDOWS\system32\spoolsv.exe
1880 svchost.exe
2012 C:\Program Files\Bonjour\mDNSResponder.exe
228 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
464 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
996 C:\WINDOWS\system32\svchost.exe
1180 C:\WINDOWS\system32\svchost.exe
1208 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
1428 C:\WINDOWS\system32\searchindexer.exe
2096 alg.exe
2432 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
2880 wmiprvse.exe
3504 C:\WINDOWS\system32\wscntfy.exe
4044 C:\WINDOWS\system32\ati2evxx.exe
4092 C:\WINDOWS\explorer.exe
3596 C:\Program Files\Symantec AntiVirus\SmcGui.exe
3804 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3396 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3848 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1892 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
2380 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
2156 C:\WINDOWS\system32\searchprotocolhost.exe
1476 searchfilterhost.exe
3400 C:\Documents and Settings\kelli\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00006000 (NTFS)

PhysicalDrive0 Model Number: ST3250318AS, Rev: CC45

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!





ComboFix 10-12-26.01 - kelli 12/28/2010 14:03:22.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2790 [GMT -6:00]
Running from: c:\documents and settings\kelli\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\ArCLabemailtoolbox.dll
c:\windows\system32\Oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-21 16:10 . 2010-12-21 16:10 -------- d-----w- c:\documents and settings\kelli\Application Data\Malwarebytes
2010-12-13 19:45 . 2010-12-13 19:45 -------- d-sh--w- c:\documents and settings\kelli\IECompatCache
2010-12-08 15:35 . 2010-12-08 15:35 -------- d-sh--w- c:\documents and settings\kelli\PrivacIE
2010-12-07 20:30 . 2010-12-07 20:30 -------- d-----w- c:\documents and settings\bart\Application Data\Windows Search
2010-12-02 22:24 . 2010-12-02 22:24 -------- d-----w- c:\documents and settings\andrea

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2009-10-19 16:34 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2009-10-19 19:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2009-10-19 19:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2009-10-19 19:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2009-10-19 19:24 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-10-19 19:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2009-10-19 19:24 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-10-19 19:24 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-21 115560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-12-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/23/2010 6:12 AM 102448]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/19/2009 1:20 PM 1390976]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/15/2010 3:58 PM 38224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus
AddRemove-HijackThis - c:\documents and settings\intern\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-28 14:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\wininet.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(748)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-12-28 14:11:55
ComboFix-quarantined-files.txt 2010-12-28 20:11

Pre-Run: 226,776,223,744 bytes free
Post-Run: 226,736,529,408 bytes free

- - End Of File - - 78C945AB1291EBDC0ED9F81EDAF70F6F

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 30 December 2010 - 09:32 AM

Sorry for this delay.

I'm experiencing computer problem with the unit I was working on.

Now using an old box with is not convevial.

Any change after having run ComboFix?

What issues remains.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 05 January 2011 - 10:47 AM

Hello -

Sorry for the late reply, I've been away.

Malwarebytes still won't run, it just disappears a few seconds after start, like before. However, I was able to get SecurityCheck to finish this time. It did give the same "Objlist.ext has encountered a problem and needs to close" error as before, but then went on to generate this report:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Symantec Endpoint Protection
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player
Adobe Reader 9.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Symantec AntiVirus Smc.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus SmcGui.exe
``````````End of Log````````````

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 05 January 2011 - 12:28 PM

Try this

Rename Malwarebytes.exe to winlogon.exe and run the remaned version.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 06 January 2011 - 03:17 PM

Nope - same problem as before.

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 07 January 2011 - 08:36 AM

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 07 January 2011 - 10:23 AM

Here you go:

OTL logfile created on: 1/7/2011 10:11:36 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\kelli\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 211.04 Gb Free Space | 90.62% Space Free | Partition Type: NTFS
Drive G: | 456.99 Gb Total Space | 364.90 Gb Free Space | 79.85% Space Free | Partition Type: NTFS
Drive I: | 101.73 Gb Total Space | 50.62 Gb Free Space | 49.76% Space Free | Partition Type: NTFS
Drive M: | 456.99 Gb Total Space | 364.90 Gb Free Space | 79.85% Space Free | Partition Type: NTFS
Drive S: | 456.99 Gb Total Space | 364.90 Gb Free Space | 79.85% Space Free | Partition Type: NTFS
Drive T: | 101.73 Gb Total Space | 50.62 Gb Free Space | 49.76% Space Free | Partition Type: NTFS
Drive U: | 456.99 Gb Total Space | 364.90 Gb Free Space | 79.85% Space Free | Partition Type: NTFS

Computer Name: 2009BOEHM | User Name: kelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kelli\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\kelli\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec AntiVirus\SNAC.EXE (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\kelli\LOCALS~1\Temp\catchme.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110106.036\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110106.036\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/19 11:10:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/28 08:49:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261588921093 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OshkoshChamber.local
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 10:35:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 10:10:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kelli\Desktop\OTL.exe
[2011/01/05 14:16:24 | 000,241,664 | ---- | C] (Arclab Sofware Technologies www.arclab.com) -- C:\WINDOWS\System32\arclabemailtoolbox.dll
[2010/12/29 16:01:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/28 14:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/28 08:51:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/12/28 08:40:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/28 08:36:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/28 08:35:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/28 08:32:13 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\kelli\Desktop\TDSSKiller.exe
[2010/12/21 13:56:33 | 000,388,096 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\kelli\Desktop\HiJackThis.exe
[2010/12/21 10:18:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/21 10:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kelli\Application Data\Malwarebytes
[2010/12/13 13:45:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kelli\IECompatCache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 10:09:24 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/01/07 10:09:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/07 10:07:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelli\Desktop\OTL.exe
[2011/01/06 15:17:51 | 000,465,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/06 15:17:51 | 000,079,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/06 15:13:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/06 15:13:39 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/01/06 15:13:17 | 3488,727,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/28 13:41:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\kelli\Desktop\MBRCheck.exe
[2010/12/28 13:41:00 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\kelli\Desktop\rkill.com
[2010/12/28 13:40:26 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\kelli\Desktop\rkill.exe
[2010/12/28 08:49:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/28 08:40:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/28 08:28:48 | 003,998,686 | R--- | M] () -- C:\Documents and Settings\kelli\Desktop\ComboFix.exe
[2010/12/28 08:26:30 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\kelli\Desktop\tdsskiller.zip
[2010/12/21 14:15:48 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\kelli\Desktop\SecurityCheck.exe
[2010/12/21 14:15:20 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\kelli\Desktop\dds.scr
[2010/12/21 10:43:44 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\kelli\Desktop\Windows Explorer.lnk
[2010/12/21 10:36:46 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/16 09:47:00 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\kelli\Desktop\TDSSKiller.exe
[2010/12/16 03:23:27 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/12/16 03:19:33 | 004,505,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 03:02:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/28 13:59:05 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\kelli\Desktop\MBRCheck.exe
[2010/12/28 13:55:02 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\kelli\Desktop\rkill.com
[2010/12/28 13:48:19 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\kelli\Desktop\rkill.exe
[2010/12/28 08:40:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/28 08:40:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/28 08:31:58 | 003,998,686 | R--- | C] () -- C:\Documents and Settings\kelli\Desktop\ComboFix.exe
[2010/12/28 08:31:58 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\kelli\Desktop\tdsskiller.zip
[2010/12/21 14:19:09 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\kelli\Desktop\dds.scr
[2010/12/21 14:18:25 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\kelli\Desktop\SecurityCheck.exe
[2010/12/21 13:53:44 | 3488,727,040 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/21 10:43:44 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\kelli\Desktop\Windows Explorer.lnk
[2010/09/15 14:36:22 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\kelli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 10:13:10 | 000,000,606 | ---- | C] () -- C:\WINDOWS\PObjects.ini
[2010/04/12 10:12:57 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010/04/12 10:12:57 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/04/12 10:12:57 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\lffpx90n.dll
[2009/12/28 09:29:33 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/12/28 09:14:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/08 05:28:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/10/19 13:22:11 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/10/19 13:22:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/19 11:23:09 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/19 05:29:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/01 17:32:32 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/19 10:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kelli\Application Data\Windows Desktop Search

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 1/7/2011 10:11:36 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\kelli\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 211.04 Gb Free Space | 90.62% Space Free | Partition Type: NTFS
Drive G: | 456.99 Gb Total Space | 364.90 Gb Free Space | 79.85% Space Free | Partition Type: NTFS
Drive I: | 101.73 Gb Total Space | 50.62 Gb Free Space | 49.76% Space Free | Partition Type: NTFS
Drive M: | 456.99 Gb Total Space | 364.90 Gb Free Space | 79.85% Space Free | Partition Type: NTFS
Drive S: | 456.99 Gb Total Space | 364.90 Gb Free Space | 79.85% Space Free | Partition Type: NTFS
Drive T: | 101.73 Gb Total Space | 50.62 Gb Free Space | 49.76% Space Free | Partition Type: NTFS
Drive U: | 456.99 Gb Total Space | 364.90 Gb Free Space | 79.85% Space Free | Partition Type: NTFS

Computer Name: 2009BOEHM | User Name: kelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = HemeraThumbnail.Archive] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance -- (Microsoft Corporation)
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance -- (Microsoft Corporation)
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Symantec AntiVirus\Smc.exe" = C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec AntiVirus\SNAC.EXE" = C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7fb9f32c-8dbb-4842-be01-c0ec2b08538f}" = Nero 9 Essentials
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{934F5F1F-79EE-48C7-9CAE-7A70586A0D7F}" = Adobe Setup
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.01
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD14F66C-EEC8-40EA-B5D7-421F524FC333}" = Adobe Creative Suite 3 Design Standard
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_cc3de31c9bb4dd729259509c74a7512" = Add or Remove Adobe Creative Suite 3 Design Standard
"ATI Display Driver" = ATI Display Driver
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Photo-Objects 10,000 Premium Image Collection" = Photo-Objects 10,000 Premium Image Collection
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2010 4:22:06 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 12/21/2010 4:22:07 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 12/21/2010 4:25:08 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 12/21/2010 4:25:08 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 12/21/2010 4:26:03 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 12/21/2010 4:26:04 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 12/21/2010 4:33:47 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 12/21/2010 4:33:48 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 1/5/2011 12:38:42 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

Error - 1/5/2011 12:38:43 PM | Computer Name = 2009BOEHM | Source = Application Error | ID = 1000
Description = Faulting application objlist.exe, version 0.0.9.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009de9.

[ System Events ]
Error - 1/6/2011 5:09:37 PM | Computer Name = 2009BOEHM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/6/2011 5:09:53 PM | Computer Name = 2009BOEHM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/6/2011 5:14:04 PM | Computer Name = 2009BOEHM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/6/2011 5:14:19 PM | Computer Name = 2009BOEHM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No a

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 08 January 2011 - 10:19 AM

Please execute these instructions.

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next,

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
    - Note: If you are running an x64 (64-bit) version of Windows, you need to install both the Windows (x32) and Windows x64 version.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your Desktop double-click on jre-6u23-windows-i586.exe that you downloaded to install the newest version (the x64 version is jre-6u23-windows-x64.exe).
    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.
===

Flash player and Adobe Reader
Check for updates here:
http://www.adobe.com...wnloads/new.jsp
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 11 January 2011 - 04:43 PM

Below is the JavaRa log.

While I was at it, I also checked up on Adobe Reader and Flash. Reader was already set to do auto-updates, so that was fine. I also upgraded to the current version of Flash.

The log:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 11 16:22:50 2011

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

------------------------------------

Finished reporting.

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 12 January 2011 - 08:50 AM

Please run ComboFix again. You will be asked to update, please do so.

Post the logs if you can.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 12 January 2011 - 02:31 PM

Here's the latest ComboFix log:

ComboFix 11-01-11.03 - kelli 01/12/2011 14:17:33.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2748 [GMT -6:00]
Running from: c:\documents and settings\kelli\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ArCLabemailtoolbox.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 )))))))))))))))))))))))))))))))
.

2011-01-11 22:32 . 2011-01-11 22:32 -------- d-----w- c:\program files\Common Files\Java
2011-01-11 22:32 . 2011-01-11 22:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-11 22:32 . 2011-01-11 22:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-11 22:31 . 2011-01-11 22:31 -------- d-----w- c:\program files\Java
2010-12-21 16:10 . 2010-12-21 16:10 -------- d-----w- c:\documents and settings\kelli\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2009-10-19 16:34 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2009-10-19 19:24 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2009-10-19 19:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2009-10-19 19:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2009-10-19 19:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2009-10-19 19:24 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-10-19 19:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2009-10-19 19:24 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-10-19 19:24 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-28_20.10.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-12 09:05 . 2011-01-12 09:05 16384 c:\windows\temp\Perflib_Perfdata_1c8.dat
+ 2009-10-19 19:24 . 2011-01-12 09:09 79162 c:\windows\system32\perfc009.dat
- 2009-10-19 19:24 . 2010-12-28 19:57 79162 c:\windows\system32\perfc009.dat
- 2009-10-19 16:36 . 2010-12-28 02:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-19 16:36 . 2011-01-11 02:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-19 16:36 . 2010-12-28 02:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-19 16:36 . 2011-01-11 02:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-10-19 16:36 . 2010-12-28 02:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-01-04 02:01 . 2011-01-11 02:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-19 19:24 . 2011-01-12 09:09 465402 c:\windows\system32\perfh009.dat
- 2009-10-19 19:24 . 2010-12-28 19:57 465402 c:\windows\system32\perfh009.dat
+ 2011-01-11 22:41 . 2011-01-11 22:41 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2011-01-11 22:41 . 2011-01-11 22:41 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2011-01-11 22:32 . 2011-01-11 22:31 157472 c:\windows\system32\javaws.exe
+ 2011-01-11 22:32 . 2011-01-11 22:31 145184 c:\windows\system32\javaw.exe
+ 2011-01-11 22:32 . 2011-01-11 22:31 145184 c:\windows\system32\java.exe
+ 2009-10-19 19:24 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2009-10-19 19:24 . 2008-04-14 13:00 249856 c:\windows\system32\dllcache\odbc32.dll
- 2009-10-19 16:34 . 2008-04-14 13:00 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-10-19 16:34 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2009-10-19 16:34 . 2008-04-14 13:00 200704 c:\windows\system32\dllcache\msadox.dll
+ 2009-10-19 16:34 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2009-10-19 16:34 . 2008-04-14 13:00 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2009-10-19 16:34 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2009-10-19 16:34 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
- 2009-10-19 16:34 . 2008-04-14 13:00 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-10-19 16:34 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2009-10-19 16:34 . 2008-04-14 13:00 143360 c:\windows\system32\dllcache\msadco.dll
+ 2011-01-11 22:32 . 2011-01-11 22:32 180224 c:\windows\Installer\1db11.msi
+ 2011-01-11 22:31 . 2011-01-11 22:31 677376 c:\windows\Installer\1db0c.msi
+ 2009-12-23 17:44 . 2011-01-12 09:00 37403080 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-21 115560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-12-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/23/2010 6:12 AM 102448]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/19/2009 1:20 PM 1390976]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/15/2010 3:58 PM 38224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-12 14:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\wininet.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(744)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2011-01-12 14:26:17
ComboFix-quarantined-files.txt 2011-01-12 20:26
ComboFix2.txt 2010-12-28 20:11

Pre-Run: 226,046,201,856 bytes free
Post-Run: 226,113,527,808 bytes free

- - End Of File - - 84D8EF478BB6894E76A7EAAE1AD8E24F

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 13 January 2011 - 08:30 AM

The log is clean.

Any remaining issues?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 14 January 2011 - 05:00 PM

Well, MalwareBytes still won't run.

Out of curiosity, I tried running it in safe mode, and it wouldn't even run that way (that is, it had the same problem as normally, it would start up and then just disappear after a few seconds). The only difference in Safe Mode is that when it crashed there was a standard Microsoft Windows error message asking if I wanted to submit a crash report. (That never happens in normal mode).

#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 17 January 2011 - 08:14 AM

Sorry for this long delay.
Having problems with my old computer box.
I'm building an other one.

If your only issue is with Malwarebytes please go to this page.

http://forums.malwar...showtopic=10138

You may be able to find a solution.

===

They also have a forum at:
http://forums.malwar...hp?showforum=41

Any other issues with the computer?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#20 ce9999

ce9999

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 19 January 2011 - 08:06 AM

As far as I can tell, it's only Malwarebytes that is not working now. THanks for the help!

#21 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 20 January 2011 - 07:29 AM

Please read this Prevention page with lots of info and tips how to prevent this in the future.
How did I get infected in the first place?
http://spywareinfofo...showtopic=60955

The SWI Community News - December 2010
http://www.spywarein...howtopic=130628
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#22 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 October 2011 - 09:09 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button