WiredWX Hobby Weather ToolsLog in

 


descriptionFirewall Problems EmptyFirewall Problems

more_horiz
Just got rid of Antivir Pro. Thanks to Malwarebytes. Still having a fiew problems.

1) When I click on a link in a search, my browser is still being redirected to somewhere entirely different.

2) My Windows Firewall has been disabled and I can't get it enabled.

3) This may be connected to the firewall issue. My Ad-aware just popped up a message that it blocked an exploit just before an attack.

Please help!

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
Hi SASSY_Nc And Welcome to GP!

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    • DDS.scr
    • DDS.pif

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    Firewall Problems DDS

  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt




descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
DDS (Ver_10-03-17.01) - NTFSx86
Run by Stephan and Melesia at 11:01:07.39 on Sun 07/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.128 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe -k getPlusHelper
C:\Documents and Settings\Stephan and Melesia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride =
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn5\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program

files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [cehdhyqa] c:\documents and settings\stephan and melesia\local settings\application data\yubsgksid\ejiduuptssd.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: download.com
Trusted Zone: gardner-webb.edu
Trusted Zone: gardner-webb.edu\gwudogs
Trusted Zone: musicmatch.com\online
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147918735875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E63543CB-2073-4AA5-874C-BC7A28248DE1} - hxxp://www.amphire.com/assets/datacontrol/Data_Manager.CAB
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-10 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-28 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-5 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-5 40384]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys --> c:\windows\system32\drivers\urvpndrv.sys [?]

=============== Created Last 30 ================

2010-07-25 14:18:52 0 d-----w- c:\program files\Sun
2010-07-25 14:18:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-25 00:01:14 0 d-----w- c:\docume~1\stepha~1\applic~1\Malwarebytes
2010-07-24 23:03:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 23:03:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 23:03:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-24 23:03:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 10:35:12 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 22:58:00 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-30 09:55:53 38848 ----a-w- c:\windows\avastSS.scr

==================== Find3M ====================

2010-06-19 00:57:58 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-06 23:00:44 12496 -c--a-w- c:\windows\MSPuzzle.dat
2010-06-06 13:29:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-06 13:27:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2009-03-14 17:02:40 251 -c--a-w- c:\program files\wt3d.ini
2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-08-25 18:49:31 88 -csh--r- c:\windows\system32\A3DE2715B2.sys
2009-01-25 00:36:08 56 -csh--r- c:\windows\system32\B21527DEA3.sys
2009-08-25 18:49:34 5018 -csha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-02 23:56:06 32768 -csha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008100220081003\index.dat
2010-02-05 19:40:22 16384 -csha-w- c:\windows\temp\cookies\index.dat
2010-02-05 19:40:22 32768 -csha-w- c:\windows\temp\history\history.ie5\index.dat
2010-02-05 19:40:22 32768 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 11:03:04.29 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/15/2006 3:12:56 PM
System Uptime: 7/25/2010 8:53:01 AM (3 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz |

Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 49.691 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP715: 6/6/2010 10:53:34 AM - Removed QuickBooks.
RP716: 6/7/2010 9:38:32 PM - System Checkpoint
RP717: 6/8/2010 9:55:32 PM - System Checkpoint
RP718: 6/8/2010 10:00:42 PM - Software Distribution Service 3.0
RP719: 6/11/2010 2:54:59 PM - System Checkpoint
RP720: 6/13/2010 9:27:42 AM - System Checkpoint
RP721: 6/19/2010 4:45:37 PM - System Checkpoint
RP722: 6/20/2010 6:59:35 PM - System Checkpoint
RP723: 6/22/2010 9:57:49 PM - Software Distribution Service 3.0
RP724: 6/26/2010 1:57:45 PM - System Checkpoint
RP725: 6/27/2010 3:11:43 PM - System Checkpoint
RP726: 7/1/2010 8:04:26 PM - System Checkpoint
RP727: 7/4/2010 12:23:32 PM - System Checkpoint
RP728: 7/5/2010 12:55:19 PM - System Checkpoint
RP729: 7/10/2010 5:36:02 PM - System Checkpoint
RP730: 7/11/2010 5:45:46 PM - System Checkpoint
RP731: 7/14/2010 5:19:37 PM - Software Distribution Service 3.0
RP732: 7/15/2010 7:55:15 PM - System Checkpoint
RP733: 7/15/2010 10:00:19 PM - Software Distribution Service 3.0
RP734: 7/17/2010 7:52:14 PM - System Checkpoint
RP735: 7/22/2010 8:24:36 PM - System Checkpoint
RP736: 7/23/2010 9:19:31 PM - System Checkpoint
RP737: 7/25/2010 10:10:22 AM - Installed Java(TM) SE Development Kit 6

Update 21
RP738: 7/25/2010 10:17:23 AM - Removed Java(TM) 6 Update 12
RP739: 7/25/2010 10:18:00 AM - Installed Java(TM) 6 Update 21
RP740: 7/25/2010 10:55:30 AM - Removed Adobe Reader 8.1.5
RP741: 7/25/2010 10:57:38 AM - Installed Adobe Reader 9.3.3.

==== Installed Programs ======================

4 Elements (remove only)
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AOLIcon
avast! Free Antivirus
Blasterball 2
CardRd81
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
CR2
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DVD Solution
EducateU
ELIcon
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 21
kgcbase
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LightScribe 1.4.136.1
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Entertainment Pack: The Puzzle Collection
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 98
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Basic Edition 2003
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works 4.5
Mobipocket Reader 6.1
Modem Helper
MSN
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Nero 7 Essentials
NetWaiting
Norton Spyware Scan
Norton Spyware Scan provided by Yahoo!
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Otto
Palm Desktop
PC Connectivity Solution
Polar Bowler
PowerProducer
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SFR
SFR2
SHASTA
SKIN0001
SKINXSDK
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
staticcr
SupportSoft Assisted Service
Time Zone Data Update Tool for Microsoft Office Outlook
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
WIDCOMM Bluetooth Software
WildTangent Web Driver
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/24/2010 8:01:32 PM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load:

IntelIde
7/24/2010 6:12:27 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service MDM with arguments "" in order to run

the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
7/24/2010 6:02:43 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service StiSvc with arguments "" in order to

run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/24/2010 5:15:11 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service MDM with arguments "" in order to run

the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
7/24/2010 5:05:45 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments "" in order

to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/24/2010 5:05:14 PM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load:

Aavmker4 aswSP aswTdi Fips intelppm
7/23/2010 9:36:20 PM, error: Service Control Manager [7023] - The

Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: The system cannot find the file specified.
7/23/2010 9:36:17 PM, error: Ftdisk [49] - Configuring the Page file

for crash dump failed. Make sure there is a page file on the boot

partition and that is large enough to contain all physical memory.
7/23/2010 9:36:17 PM, error: Ftdisk [45] - The system could not

sucessfully load the crash dump driver.
7/19/2010 6:32:53 AM, error: ipnathlp [30013] - The DHCP allocator has

disabled itself on IP address 173.212.12.134, since the IP address is

outside the 192.168.0.0/255.255.255.0 scope from which addresses are

being allocated to DHCP clients. To enable the DHCP allocator on this

IP address, please change the scope to include the IP address, or

change the IP address to fall within the scope.

==== End Of File ===========================

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
---------------------------------------------------------------------------------------------


Download TDSSKiller and save it to your Desktop.


  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

========

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


  • Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the TDSSKiller and C:\ComboFix.txt in your next reply.

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
I ran TDSSKiller, and it found some sort of rootkit thing. I was instructed to reboot. Once it came back up, my firewallt has come back on.

No log ever came up so I ran it again. Here is the log I got.

2010/07/25 11:34:02.0763 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/25 11:34:02.0778 ================================================================================
2010/07/25 11:34:02.0778 SystemInfo:
2010/07/25 11:34:02.0778
2010/07/25 11:34:02.0778 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/25 11:34:02.0778 Product type: Workstation
2010/07/25 11:34:02.0778 ComputerName: TULLY
2010/07/25 11:34:02.0794 UserName: Stephan and Melesia
2010/07/25 11:34:02.0794 Windows directory: C:\WINDOWS
2010/07/25 11:34:02.0794 System windows directory: C:\WINDOWS
2010/07/25 11:34:02.0794 Processor architecture: Intel x86
2010/07/25 11:34:02.0794 Number of processors: 2
2010/07/25 11:34:02.0794 Page size: 0x1000
2010/07/25 11:34:02.0794 Boot type: Normal boot
2010/07/25 11:34:02.0794 ================================================================================
2010/07/25 11:34:03.0700 Initialize success
2010/07/25 11:34:43.0419 ================================================================================
2010/07/25 11:34:43.0419 Scan started
2010/07/25 11:34:43.0419 Mode: Manual;
2010/07/25 11:34:43.0419 ================================================================================
2010/07/25 11:34:46.0013 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/07/25 11:34:46.0138 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/07/25 11:34:46.0247 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/25 11:34:46.0372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/25 11:34:46.0450 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/07/25 11:34:46.0575 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/25 11:34:46.0763 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/25 11:34:46.0982 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/25 11:34:47.0060 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/07/25 11:34:47.0091 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/07/25 11:34:47.0185 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/07/25 11:34:47.0247 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/07/25 11:34:47.0341 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/07/25 11:34:47.0482 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/07/25 11:34:47.0560 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/07/25 11:34:47.0591 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/07/25 11:34:47.0716 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/07/25 11:34:47.0778 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/07/25 11:34:47.0810 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/07/25 11:34:48.0044 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/07/25 11:34:48.0200 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/07/25 11:34:48.0263 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/07/25 11:34:48.0357 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/07/25 11:34:48.0450 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/07/25 11:34:48.0513 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/07/25 11:34:48.0622 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/25 11:34:48.0653 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/25 11:34:48.0825 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/25 11:34:48.0950 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/25 11:34:48.0997 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/25 11:34:49.0232 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
2010/07/25 11:34:49.0341 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/07/25 11:34:49.0497 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/07/25 11:34:49.0591 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/07/25 11:34:49.0638 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/07/25 11:34:49.0732 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/07/25 11:34:49.0872 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/07/25 11:34:49.0888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/25 11:34:49.0950 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/07/25 11:34:49.0997 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/25 11:34:50.0122 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/25 11:34:50.0278 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/25 11:34:50.0528 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/07/25 11:34:50.0653 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/07/25 11:34:50.0732 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/07/25 11:34:50.0763 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/07/25 11:34:50.0825 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/25 11:34:50.0888 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/07/25 11:34:50.0966 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/07/25 11:34:51.0060 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/07/25 11:34:51.0075 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/07/25 11:34:51.0091 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/07/25 11:34:51.0122 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/07/25 11:34:51.0153 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/07/25 11:34:51.0185 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/07/25 11:34:51.0263 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/07/25 11:34:51.0560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/25 11:34:51.0638 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/25 11:34:51.0747 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/25 11:34:51.0778 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/25 11:34:51.0841 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/07/25 11:34:51.0935 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/25 11:34:51.0966 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/07/25 11:34:51.0982 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/07/25 11:34:52.0153 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/07/25 11:34:52.0263 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/07/25 11:34:52.0435 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/07/25 11:34:52.0607 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/25 11:34:52.0669 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/25 11:34:52.0763 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/25 11:34:52.0778 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/25 11:34:52.0950 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/25 11:34:53.0107 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/25 11:34:53.0138 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/25 11:34:53.0216 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/25 11:34:53.0372 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/07/25 11:34:53.0388 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/25 11:34:53.0466 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/07/25 11:34:53.0513 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/07/25 11:34:53.0575 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/07/25 11:34:53.0685 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/25 11:34:53.0700 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/25 11:34:53.0747 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/07/25 11:34:53.0763 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/25 11:34:53.0903 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/07/25 11:34:54.0122 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/25 11:34:54.0200 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/07/25 11:34:54.0435 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/07/25 11:34:54.0544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/25 11:34:54.0607 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/25 11:34:54.0669 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/25 11:34:54.0700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/25 11:34:54.0747 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/25 11:34:54.0841 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/25 11:34:54.0935 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/25 11:34:54.0997 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/25 11:34:55.0028 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/25 11:34:55.0122 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/25 11:34:55.0310 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/25 11:34:55.0419 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/25 11:34:55.0482 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/25 11:34:55.0575 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/07/25 11:34:55.0778 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/07/25 11:34:55.0857 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/07/25 11:34:56.0028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/25 11:34:56.0153 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/25 11:34:56.0247 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/07/25 11:34:56.0310 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/25 11:34:56.0419 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/25 11:34:56.0435 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/25 11:34:56.0482 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/07/25 11:34:56.0560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/25 11:34:56.0638 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/25 11:34:56.0700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/25 11:34:56.0825 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/25 11:34:56.0888 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/25 11:34:56.0966 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/25 11:34:57.0044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/25 11:34:57.0091 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/25 11:34:57.0263 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/25 11:34:57.0403 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/25 11:34:57.0450 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/25 11:34:57.0528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/25 11:34:57.0607 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/25 11:34:57.0607 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/25 11:34:57.0638 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/25 11:34:57.0716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/25 11:34:57.0747 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/25 11:34:57.0763 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/25 11:34:57.0857 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/25 11:34:57.0935 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/25 11:34:58.0013 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/25 11:34:58.0185 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/07/25 11:34:58.0247 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/25 11:34:58.0310 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/25 11:34:58.0435 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/25 11:34:58.0638 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/07/25 11:34:58.0716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/25 11:34:58.0778 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/25 11:34:58.0841 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/25 11:34:58.0982 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/07/25 11:34:59.0075 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/07/25 11:34:59.0153 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/25 11:34:59.0169 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/25 11:34:59.0247 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/25 11:34:59.0294 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/25 11:34:59.0372 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/07/25 11:34:59.0528 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/07/25 11:34:59.0622 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/07/25 11:34:59.0685 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/07/25 11:34:59.0747 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/07/25 11:34:59.0810 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/25 11:34:59.0857 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/25 11:34:59.0935 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/25 11:35:00.0028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/25 11:35:00.0278 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/25 11:35:00.0450 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/25 11:35:00.0482 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/25 11:35:00.0560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/25 11:35:00.0716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/25 11:35:00.0857 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/25 11:35:00.0935 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/25 11:35:00.0997 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/25 11:35:01.0044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/25 11:35:01.0247 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/07/25 11:35:01.0482 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/07/25 11:35:01.0591 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/25 11:35:01.0653 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/25 11:35:01.0747 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/25 11:35:01.0857 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/07/25 11:35:02.0357 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/07/25 11:35:02.0528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/25 11:35:02.0607 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/25 11:35:02.0653 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/07/25 11:35:02.0700 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/07/25 11:35:02.0716 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/07/25 11:35:02.0747 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/07/25 11:35:02.0794 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/25 11:35:02.0872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/25 11:35:02.0935 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/25 11:35:02.0950 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/25 11:35:02.0997 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/25 11:35:03.0107 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/07/25 11:35:03.0216 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/25 11:35:03.0263 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/07/25 11:35:03.0388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/25 11:35:03.0685 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/07/25 11:35:03.0810 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/25 11:35:03.0857 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/25 11:35:03.0935 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/25 11:35:04.0138 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/25 11:35:04.0325 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/25 11:35:04.0372 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/25 11:35:04.0388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/25 11:35:04.0450 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/07/25 11:35:04.0466 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/07/25 11:35:04.0513 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/25 11:35:04.0544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/25 11:35:04.0607 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/25 11:35:04.0653 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/07/25 11:35:04.0747 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/07/25 11:35:04.0810 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/25 11:35:04.0903 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/25 11:35:04.0997 ================================================================================
2010/07/25 11:35:04.0997 Scan finished
2010/07/25 11:35:04.0997 ================================================================================

Since the firewall is back up, do you still want me to download and run ComboFix?

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
Yes please run ComboFix and post the log.

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
ComboFix 10-07-24.03 - Stephan and Melesia 07/25/2010 12:01:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.326 [GMT -4:00]
Running from: c:\documents and settings\Stephan and Melesia\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\encapi32.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-25 14:46 . 2010-07-25 14:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 14:41 . 2010-07-25 14:41 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-25 14:41 . 2010-07-25 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-25 14:18 . 2010-07-25 14:18 -------- d-----w- c:\program files\Sun
2010-07-25 14:18 . 2010-07-25 14:18 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-25 00:01 . 2010-07-25 00:01 -------- d-----w- c:\documents and settings\Stephan and Melesia\Application Data\Malwarebytes
2010-07-24 23:35 . 2010-07-24 23:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-07-24 23:03 . 2010-07-24 23:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-24 23:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 23:03 . 2010-07-24 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-24 23:03 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 23:03 . 2010-07-24 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 22:53 . 2010-07-24 22:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-24 22:53 . 2010-07-24 22:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-24 10:35 . 2010-07-25 15:19 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-24 01:26 . 2010-07-24 23:59 -------- d-----w- c:\documents and settings\Stephan and Melesia\Local Settings\Application Data\yubsgksid
2010-07-15 22:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-30 09:55 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 15:26 . 2005-08-16 08:18 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-25 14:58 . 2006-05-20 13:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-25 14:30 . 2006-05-11 02:17 -------- d-----w- c:\program files\Java
2010-07-25 14:19 . 2006-05-11 02:17 -------- d-----w- c:\program files\Common Files\Java
2010-07-11 00:50 . 2006-05-15 20:39 32104 -c--a-w- c:\documents and settings\Stephan and Melesia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 21:30 . 2006-05-22 22:59 -------- d-----w- c:\program files\Microsoft Money
2010-06-28 20:57 . 2009-03-28 15:34 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-28 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-28 15:34 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-28 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-28 15:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-03-28 15:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-03-28 15:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-03-28 15:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-20 16:29 . 2010-06-20 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2010-06-20 16:28 . 2010-06-20 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-06-20 16:27 . 2010-06-20 16:27 -------- d-----w- c:\program files\Yahoo! Games
2010-06-19 00:57 . 2009-04-12 01:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-14 14:31 . 2005-08-16 08:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 23:00 . 2006-06-25 03:19 12496 -c--a-w- c:\windows\MSPuzzle.dat
2010-06-06 14:57 . 2009-11-01 23:36 -------- d-----w- c:\program files\Common Files\Intuit
2010-06-06 13:29 . 2010-06-06 13:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-06 13:27 . 2009-04-10 17:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-06 13:24 . 2009-04-10 17:09 -------- d-----w- c:\program files\Lavasoft
2010-06-06 13:23 . 2010-06-06 13:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-06 13:11 . 2006-09-26 03:01 1327 -c--a-w- c:\windows\EntPack.dat
2010-06-05 02:25 . 2008-08-23 13:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-06 10:41 . 2005-08-16 08:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-08-16 08:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-03-14 17:02 . 2009-03-14 17:02 251 -c--a-w- c:\program files\wt3d.ini
2004-10-01 19:00 . 2007-04-21 08:46 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-08-25 18:49 . 2009-08-25 18:44 88 -csh--r- c:\windows\system32\A3DE2715B2.sys
2009-01-25 00:36 . 2006-05-19 22:38 56 -csh--r- c:\windows\system32\B21527DEA3.sys
2009-08-25 18:49 . 2006-05-19 22:37 5018 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-02-17 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-11 98304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-19 864112]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-10 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/10/2009 1:57 PM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/28/2009 11:34 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/28/2009 11:34 AM 17744]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\urvpndrv.sys --> c:\windows\system32\DRIVERS\urvpndrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmd24
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder

2010-07-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: download.com
Trusted Zone: gardner-webb.edu
Trusted Zone: gardner-webb.edu\gwudogs
Trusted Zone: musicmatch.com\online
DPF: {E63543CB-2073-4AA5-874C-BC7A28248DE1} - hxxp://www.amphire.com/assets/datacontrol/Data_Manager.CAB
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cehdhyqa - c:\documents and settings\Stephan and Melesia\Local Settings\Application Data\yubsgksid\ejiduuptssd.exe
SafeBoot-klmdb.sys
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 12:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-25 12:14:08
ComboFix-quarantined-files.txt 2010-07-25 16:14

Pre-Run: 53,208,891,392 bytes free
Post-Run: 53,347,590,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - C76EE846F29FF37517B69A857BD98783

The redirection problem has been corrected too.

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

Code:

KILLALL::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride =
Trusted Zone: download.com
Trusted Zone: gardner-webb.edu
Trusted Zone: gardner-webb.edu\gwudogs
Trusted Zone: musicmatch.com\online


Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



Firewall Problems Cfscriptb4



This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt and MBAM Report in your next reply.


Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Next



Update Run Malwarebytes



  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
ComboFix 10-07-24.03 - Stephan and Melesia 07/25/2010 13:08:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.233 [GMT -4:00]
Running from: c:\documents and settings\Stephan and Melesia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stephan and Melesia\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-25 14:46 . 2010-07-25 14:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 14:41 . 2010-07-25 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-25 14:18 . 2010-07-25 14:18 -------- d-----w- c:\program files\Sun
2010-07-25 14:18 . 2010-07-25 14:18 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-25 00:01 . 2010-07-25 00:01 -------- d-----w- c:\documents and settings\Stephan and Melesia\Application Data\Malwarebytes
2010-07-24 23:35 . 2010-07-24 23:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-07-24 23:03 . 2010-07-24 23:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-24 23:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 23:03 . 2010-07-24 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-24 23:03 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 23:03 . 2010-07-24 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 22:53 . 2010-07-24 22:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-24 22:53 . 2010-07-24 22:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-24 10:35 . 2010-07-25 15:19 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-24 01:26 . 2010-07-24 23:59 -------- d-----w- c:\documents and settings\Stephan and Melesia\Local Settings\Application Data\yubsgksid
2010-07-15 22:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-30 09:55 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 15:26 . 2005-08-16 08:18 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-25 14:58 . 2006-05-20 13:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-25 14:41 . 2010-07-25 14:41 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-25 14:30 . 2006-05-11 02:17 -------- d-----w- c:\program files\Java
2010-07-25 14:19 . 2006-05-11 02:17 -------- d-----w- c:\program files\Common Files\Java
2010-07-11 00:50 . 2006-05-15 20:39 32104 -c--a-w- c:\documents and settings\Stephan and Melesia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 21:30 . 2006-05-22 22:59 -------- d-----w- c:\program files\Microsoft Money
2010-06-28 20:57 . 2009-03-28 15:34 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-28 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-28 15:34 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-28 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-28 15:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-03-28 15:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-03-28 15:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-03-28 15:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-20 16:29 . 2010-06-20 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2010-06-20 16:28 . 2010-06-20 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-06-20 16:27 . 2010-06-20 16:27 -------- d-----w- c:\program files\Yahoo! Games
2010-06-19 00:57 . 2009-04-12 01:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-06 23:00 . 2006-06-25 03:19 12496 -c--a-w- c:\windows\MSPuzzle.dat
2010-06-06 14:57 . 2009-11-01 23:36 -------- d-----w- c:\program files\Common Files\Intuit
2010-06-06 13:29 . 2010-06-06 13:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-06 13:27 . 2009-04-10 17:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-06 13:24 . 2009-04-10 17:09 -------- d-----w- c:\program files\Lavasoft
2010-06-06 13:23 . 2010-06-06 13:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-06 13:11 . 2006-09-26 03:01 1327 -c--a-w- c:\windows\EntPack.dat
2010-06-05 02:25 . 2008-08-23 13:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-06 10:41 . 2005-08-16 08:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-08-16 08:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-03-14 17:02 . 2009-03-14 17:02 251 -c--a-w- c:\program files\wt3d.ini
2004-10-01 19:00 . 2007-04-21 08:46 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-08-25 18:49 . 2009-08-25 18:44 88 -csh--r- c:\windows\system32\A3DE2715B2.sys
2009-01-25 00:36 . 2006-05-19 22:38 56 -csh--r- c:\windows\system32\B21527DEA3.sys
2009-08-25 18:49 . 2006-05-19 22:37 5018 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-02-17 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-11 98304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-19 864112]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-10 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\urvpndrv.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-06 64288]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]

.
Contents of the 'Scheduled Tasks' folder

2010-07-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:56]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {E63543CB-2073-4AA5-874C-BC7A28248DE1} - hxxp://www.amphire.com/assets/datacontrol/Data_Manager.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 13:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(440)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-07-25 13:45:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-25 17:44
ComboFix2.txt 2010-07-25 16:14

Pre-Run: 53,375,098,880 bytes free
Post-Run: 53,254,119,424 bytes free

- - End Of File - - 7F4591DE1E9A35353DA2691EE331CC9F

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4345

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/25/2010 9:21:35 PM
mbam-log-2010-07-25 (21-21-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 212867
Time elapsed: 59 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
There are some older versions of Java on your computer. These can be a source of infection.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel

J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 7


Your Computer is Clean
Firewall Problems CLEAN-1


Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware


  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    Firewall Problems CF_Uninstall-1
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips


Firewall Problems 6567E80CC55576485246E130E48A9FA8

descriptionFirewall Problems EmptyRe: Firewall Problems

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum