addl logs in addl posts

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts22nd October 2011, 1:55 am

Re: "Is the computer running better?" It's hard to say if it is or isn't running better. I'm not seeing as many pop-ups, right now. We have had a couple of large pop-up boxes today, asking permission to run a couple of .dll files as .exe files, and each time I just clicked "NO" and closed the box.

I did just try to access Task Manager (Ctrl/Alt/Del) again and, once more, all that opens is the CPU Usage frame and there are no tabs to access anything else or close it down.

I ran the eSet scan twice, because I misread your instructions the first time. (I printed out your last message and the blue image type didn't print). The first time it finished it indicated that it had found 15 threats. When I realized that I didn't have your full instructions printed out, I ran it again. This time it only indicated 1 Found Threat.

Here is the list of found threats:

C:\Program Files\CyberLink\Shared files\RichVideo.exe Win32/Patched.HN trojan error while cleaning
C:\WINDOWS\system32\drivers\netbt.sys Win32/Rootkit.Agent.NUT trojan unable to clean
Operating memory Win32/Patched.HN trojan

and here is the eset log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0e16a7a8847a3f4289bb8d28a3906510
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-21 09:43:54
# local_time=2011-10-21 05:43:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775142 100 93 0 90937975 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=225194
# found=16
# cleaned=13
# scan_time=10373
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\52\17602ef4-35629b27 Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\Cache\2\A6\60A5Dd01 HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CyberLink\Shared files\RichVideo.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\352585ba\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Avira\AntiVir Desktop\avguard.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Avira\AntiVir Desktop\sched.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\NETGEAR\WN111v2\jswpsapi.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\acs.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvsvc32.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\SearchIndexer.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ZuneBusEnum.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\5123.js JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\netbt.sys Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng06.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0e16a7a8847a3f4289bb8d28a3906510
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-22 12:46:08
# local_time=2011-10-21 08:46:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775142 100 93 0 90949020 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=225227
# found=3
# cleaned=0
# scan_time=10263
C:\Program Files\CyberLink\Shared files\RichVideo.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\netbt.sys Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I

Sorry about the mis-read, I should have just opened the message on my other computer---but hindsight is 20/20.

I'll check back for further instructions. Thanks again, for your patience and help.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts22nd October 2011, 6:02 pm

We have had a couple of large pop-up boxes today, asking permission to run a couple of .dll files as .exe files, and each time I just clicked "NO" and closed the box.

Do you have your browser set up to block pop-ups?

Please try this one first. If nothing comes up, go on to the second one.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
************************************************************
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts24th October 2011, 9:15 pm

Hi Super Dave,

I submitted this post earlier today, but it doesn't appear now, so I'll try again. Please excuse if this is a double posting.

Re: pop-ups, I did change the setting to disallow pop-ups, but still got the error messages. It appears to be part of the 'security' system, reset by the trojans, that is not allowing access to programs. That's just my guess, but we've seen a lot of it since this thing started.

We did run Kaspersky, took a loooooong time, and I'll paste the log of threats below.

Since running that KAS, the computer will not connect to the internet. I looked at Network Connections and it says "acquiring connection," but it seems to hang up there.

I'll look forward to further instructions to get the pc back online. Meanwhile, I'm using my own desktop pc to respond.

Threat log:

Status: Deleted (events: 24)
10/22/2011 3:47:16 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\21\480ea855-2ada807f High
10/23/2011 12:36:06 AM Deleted Trojan program Trojan-Clicker.Win32.Agent.vdt C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\352585ba\U\80000000.@.vir High
10/23/2011 12:36:06 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP204\A0013069.sys High
10/23/2011 12:36:06 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP204\A0013070.ini High
10/23/2011 12:41:52 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013162.sys High
10/23/2011 12:42:52 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013269.sys High
10/23/2011 12:44:18 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013370.ini High
10/23/2011 12:44:18 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013369.sys High
10/23/2011 12:44:18 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013394.sys High
10/23/2011 12:44:32 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013395.ini High
10/23/2011 12:44:47 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014394.sys High
10/23/2011 12:44:38 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014395.ini High
10/23/2011 12:46:11 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014424.sys High
10/23/2011 12:46:20 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014425.ini High
10/23/2011 2:22:09 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP211\A0015155.sys High
10/23/2011 2:22:09 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP211\A0015156.ini High
10/23/2011 2:47:22 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015433.sys High
10/23/2011 2:47:22 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015434.ini High
10/23/2011 9:42:02 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\WINDOWS\assembly\GAC_MSIL\Desktop(2).ini High
10/23/2011 9:42:03 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini High
10/23/2011 11:02:50 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\WINDOWS\system32\drivers\netbt.sys High
10/23/2011 8:13:34 PM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015759.ini High
10/23/2011 8:13:31 PM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015758.ini High
10/23/2011 8:13:31 PM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015760.sys High
Status: Disinfected (events: 22)
10/22/2011 10:28:07 PM Disinfected Trojan program Trojan.Win32.Patched.mf C:\Program Files\CyberLink\Shared files\RichVideo.exe High
10/23/2011 12:40:45 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013179.EXE High
10/23/2011 12:40:45 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013180.exe High
10/23/2011 12:40:53 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013181.exe High
10/23/2011 12:41:17 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013182.exe High
10/23/2011 12:42:37 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013272.exe High
10/23/2011 12:42:36 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013273.exe High
10/23/2011 12:42:50 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013274.exe High
10/23/2011 12:42:53 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013275.exe High
10/23/2011 2:21:22 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP211\A0015157.exe High
10/23/2011 2:46:26 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015602.exe High
10/23/2011 2:47:18 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015603.exe High
10/23/2011 2:47:36 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015605.exe High
10/23/2011 2:47:36 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015604.exe High
10/23/2011 2:47:44 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015607.EXE High
10/23/2011 2:47:48 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015606.exe High
10/23/2011 2:47:48 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015608.exe High
10/23/2011 2:47:57 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015609.exe High
10/23/2011 2:48:47 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP213\A0015710.exe High
10/23/2011 2:49:19 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015756.exe High
10/23/2011 9:41:12 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe High
10/23/2011 8:12:37 PM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015757.exe High

Thanks for all your help~

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts24th October 2011, 10:13 pm

Ok. Let's see what happened with your connection.

Please download MiniToolBox to Desktop and run it.

TR/Kazy infection-OTL.txt/ addl logs in addl posts - Page 1 MiniToolBox

TR/Kazy infection-OTL.txt/ addl logs in addl posts - Page 1 MiniToolBox

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors

List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post. .

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 2:02 am

Thank Heaven for USB drives!

We ran the mini tool bar with those settings-- results below:

MiniToolBox by Farbar
Ran by HP_Administrator (administrator) on 24-10-2011 at 21:59:19
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : BobsPC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-D4-21-21-7C

Ethernet adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B)

Physical Address. . . . . . . . . : 00-13-46-60-52-1E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 13 d4 21 21 7c ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
0x20002 ...00 13 46 60 52 1e ...... D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
255.255.255.255 255.255.255.255 255.255.255.255 20002 1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

System errors:
=============
Error: (10/24/2011 01:32:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%2

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Scheduler service failed to start due to the following error:
%%2

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (10/24/2011 03:47:44 AM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2

Error: (10/24/2011 03:47:44 AM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2

Error: (10/24/2011 03:47:43 AM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\UNINSTALL POWERDVD 8.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\UNINSTALL POWERDVD 8.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\READ ME.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\READ ME.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\ONLINE REGISTRATION.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\ONLINE REGISTRATION.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\POWERDVD 8 HELP FILE.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\POWERDVD 8 HELP FILE.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\CYBERLINK POWERDVD 8.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\CYBERLINK POWERDVD 8.LNK

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1022.41 MB
Available physical RAM: 573.9 MB
Total Pagefile: 2460.27 MB
Available Pagefile: 2087.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.2 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:363.53 GB) (Free:113.02 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.05 GB) (Free:4.4 GB) FAT32
9 Drive k: (HP Personal Media Drive) (Fixed) (Total:279.45 GB) (Free:227.75 GB) NTFS
10 Drive l: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.09 GB) FAT

========================= Users: ========================================

User accounts for \\BOBSPC

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904

**** End of log ****

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 6:56 pm

I'm checking with my colleagues about this problem. In the meantime, please stand by.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 7:07 pm

Hi robbhenningsr.
You have a VERY nasty infection here, a few different infections combined. I'll be helping Dave and we'll see what we can do.

Please bare in the mind the damage here is very extensive and what we do next could potentially trash the OS beyond repair. Right now, you have about a 25% chance of this working.

The tools we need are EXTREMELY powerful and sometimes the malware doesn't like to be shifted and kills the OS to stop us, please keep in mind this may not work at all.

First,

Please download Profiles by noahdfear.

Save it to your desktop.
Double-click profiles.exe and post its log when you reply

Second,

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Please make sure to post both logs.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
TR/Kazy infection-OTL.txt/ addl logs in addl posts - Page 1 DXwU4

TR/Kazy infection-OTL.txt/ addl logs in addl posts - Page 1 DXwU4

TR/Kazy infection-OTL.txt/ addl logs in addl posts - Page 1 VvYDg

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 7:56 pm

Here are the results from Profiles:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1875725558-3976243440-3102216680-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HP_Administrator

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1875725558-3976243440-3102216680-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

and these are the results from TDSSKiller

15:46:23.0390 2104 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
15:46:23.0437 2104 ============================================================
15:46:23.0437 2104 Current date / time: 2011/10/25 15:46:23.0437
15:46:23.0437 2104 SystemInfo:
15:46:23.0437 2104
15:46:23.0437 2104 OS Version: 5.1.2600 ServicePack: 3.0
15:46:23.0437 2104 Product type: Workstation
15:46:23.0437 2104 ComputerName: BOBSPC
15:46:23.0437 2104 UserName: HP_Administrator
15:46:23.0437 2104 Windows directory: C:\WINDOWS
15:46:23.0437 2104 System windows directory: C:\WINDOWS
15:46:23.0437 2104 Processor architecture: Intel x86
15:46:23.0437 2104 Number of processors: 2
15:46:23.0437 2104 Page size: 0x1000
15:46:23.0437 2104 Boot type: Normal boot
15:46:23.0437 2104 ============================================================
15:46:31.0718 2104 Initialize success
15:46:36.0843 2272 ============================================================
15:46:36.0843 2272 Scan started
15:46:36.0843 2272 Mode: Manual;
15:46:36.0843 2272 ============================================================
15:46:37.0281 2272 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys
15:46:37.0296 2272 A3AB - ok
15:46:37.0296 2272 Abiosdsk - ok
15:46:37.0312 2272 abp480n5 - ok
15:46:37.0359 2272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:37.0359 2272 ACPI - ok
15:46:37.0437 2272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:46:37.0437 2272 ACPIEC - ok
15:46:37.0453 2272 adpu160m - ok
15:46:37.0500 2272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:46:37.0500 2272 aec - ok
15:46:37.0546 2272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:46:37.0546 2272 AFD - ok
15:46:37.0562 2272 Aha154x - ok
15:46:37.0578 2272 aic78u2 - ok
15:46:37.0593 2272 aic78xx - ok
15:46:37.0609 2272 AliIde - ok
15:46:37.0625 2272 amsint - ok
15:46:37.0656 2272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:46:37.0656 2272 Arp1394 - ok
15:46:37.0656 2272 asc - ok
15:46:37.0671 2272 asc3350p - ok
15:46:37.0687 2272 asc3550 - ok
15:46:37.0734 2272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:37.0734 2272 AsyncMac - ok
15:46:37.0765 2272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:37.0765 2272 atapi - ok
15:46:37.0781 2272 Atdisk - ok
15:46:37.0812 2272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:37.0812 2272 Atmarpc - ok
15:46:37.0859 2272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:37.0859 2272 audstub - ok
15:46:37.0968 2272 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:46:37.0968 2272 avgio - ok
15:46:38.0031 2272 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:46:38.0031 2272 avgntflt - ok
15:46:38.0062 2272 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:46:38.0078 2272 avipbb - ok
15:46:38.0093 2272 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
15:46:38.0093 2272 bb-run - ok
15:46:38.0156 2272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:46:38.0156 2272 Beep - ok
15:46:38.0156 2272 catchme - ok
15:46:38.0203 2272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:38.0203 2272 cbidf2k - ok
15:46:38.0218 2272 cd20xrnt - ok
15:46:38.0234 2272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:38.0234 2272 Cdaudio - ok
15:46:38.0281 2272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:38.0281 2272 Cdfs - ok
15:46:38.0328 2272 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:38.0328 2272 Cdrom - ok
15:46:38.0343 2272 Changer - ok
15:46:38.0359 2272 CmdIde - ok
15:46:38.0406 2272 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
15:46:38.0437 2272 COMMONFX.DLL - ok
15:46:38.0453 2272 Cpqarray - ok
15:46:38.0484 2272 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
15:46:38.0500 2272 CT20XUT.DLL - ok
15:46:38.0562 2272 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
15:46:38.0562 2272 ctac32k - ok
15:46:38.0593 2272 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
15:46:38.0609 2272 ctaud2k - ok
15:46:38.0625 2272 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
15:46:38.0640 2272 CTAUDFX.DLL - ok
15:46:38.0703 2272 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:46:38.0703 2272 ctdvda2k - ok
15:46:38.0734 2272 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
15:46:38.0734 2272 CTEAPSFX.DLL - ok
15:46:38.0765 2272 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
15:46:38.0765 2272 CTEDSPFX.DLL - ok
15:46:38.0796 2272 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
15:46:38.0796 2272 CTEDSPIO.DLL - ok
15:46:38.0828 2272 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
15:46:38.0843 2272 CTEDSPSY.DLL - ok
15:46:38.0859 2272 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
15:46:38.0859 2272 CTERFXFX.DLL - ok
15:46:38.0937 2272 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
15:46:38.0968 2272 CTEXFIFX.DLL - ok
15:46:39.0000 2272 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
15:46:39.0000 2272 CTHWIUT.DLL - ok
15:46:39.0078 2272 ctlsb16 (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
15:46:39.0078 2272 ctlsb16 - ok
15:46:39.0125 2272 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:46:39.0125 2272 ctprxy2k - ok
15:46:39.0156 2272 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
15:46:39.0156 2272 CTSBLFX.DLL - ok
15:46:39.0187 2272 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:46:39.0187 2272 ctsfm2k - ok
15:46:39.0203 2272 dac2w2k - ok
15:46:39.0218 2272 dac960nt - ok
15:46:39.0265 2272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:39.0265 2272 Disk - ok
15:46:39.0328 2272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:46:39.0343 2272 dmboot - ok
15:46:39.0375 2272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:46:39.0375 2272 dmio - ok
15:46:39.0406 2272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:46:39.0406 2272 dmload - ok
15:46:39.0453 2272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:46:39.0453 2272 DMusic - ok
15:46:39.0500 2272 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
15:46:39.0500 2272 DNINDIS5 - ok
15:46:39.0515 2272 dpti2o - ok
15:46:39.0531 2272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:39.0531 2272 drmkaud - ok
15:46:39.0578 2272 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:46:39.0578 2272 E100B - ok
15:46:39.0640 2272 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
15:46:39.0640 2272 emupia - ok
15:46:39.0687 2272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:39.0687 2272 Fastfat - ok
15:46:39.0703 2272 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
15:46:39.0703 2272 fasttx2k - ok
15:46:39.0750 2272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:46:39.0750 2272 Fdc - ok
15:46:39.0781 2272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:46:39.0781 2272 Fips - ok
15:46:39.0828 2272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:46:39.0828 2272 Flpydisk - ok
15:46:39.0890 2272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:46:39.0890 2272 FltMgr - ok
15:46:39.0953 2272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:39.0953 2272 Fs_Rec - ok
15:46:40.0000 2272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:40.0000 2272 Ftdisk - ok
15:46:40.0046 2272 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
15:46:40.0046 2272 ftsata2 - ok
15:46:40.0078 2272 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
15:46:40.0078 2272 gagp30kx - ok
15:46:40.0140 2272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:46:40.0140 2272 GEARAspiWDM - ok
15:46:40.0171 2272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:40.0171 2272 Gpc - ok
15:46:40.0234 2272 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:46:40.0250 2272 ha10kx2k - ok
15:46:40.0296 2272 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
15:46:40.0296 2272 hap16v2k - ok
15:46:40.0328 2272 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
15:46:40.0343 2272 hap17v2k - ok
15:46:40.0390 2272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:46:40.0390 2272 HDAudBus - ok
15:46:40.0437 2272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:40.0453 2272 HidUsb - ok
15:46:40.0453 2272 hpn - ok
15:46:40.0515 2272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:40.0515 2272 HTTP - ok
15:46:40.0531 2272 i2omgmt - ok
15:46:40.0546 2272 i2omp - ok
15:46:40.0593 2272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:40.0593 2272 i8042prt - ok
15:46:40.0609 2272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:40.0625 2272 Imapi - ok
15:46:40.0640 2272 ini910u - ok
15:46:40.0765 2272 IntcAzAudAddService (98b7fab86755a42fe8eb04538a4cd6c8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:46:40.0859 2272 IntcAzAudAddService - ok
15:46:40.0921 2272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:46:40.0921 2272 IntelIde - ok
15:46:40.0968 2272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:46:40.0968 2272 intelppm - ok
15:46:41.0000 2272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:46:41.0000 2272 Ip6Fw - ok
15:46:41.0031 2272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:41.0031 2272 IpFilterDriver - ok
15:46:41.0078 2272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:41.0093 2272 IpInIp - ok
15:46:41.0140 2272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:41.0140 2272 IpNat - ok
15:46:41.0187 2272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:41.0187 2272 IPSec - ok
15:46:41.0234 2272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:41.0234 2272 IRENUM - ok
15:46:41.0281 2272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:41.0281 2272 isapnp - ok
15:46:41.0343 2272 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
15:46:41.0343 2272 JSWSCIMD - ok
15:46:41.0375 2272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:41.0375 2272 Kbdclass - ok
15:46:41.0390 2272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:46:41.0390 2272 kbdhid - ok
15:46:41.0437 2272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:46:41.0437 2272 kmixer - ok
15:46:41.0484 2272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:41.0484 2272 KSecDD - ok
15:46:41.0500 2272 lbrtfdc - ok
15:46:41.0562 2272 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:46:41.0562 2272 MHNDRV - ok
15:46:41.0609 2272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:41.0609 2272 mnmdd - ok
15:46:41.0671 2272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:46:41.0671 2272 Modem - ok
15:46:41.0718 2272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:41.0718 2272 Mouclass - ok
15:46:41.0734 2272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:46:41.0734 2272 mouhid - ok
15:46:41.0765 2272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:41.0765 2272 MountMgr - ok
15:46:41.0781 2272 mraid35x - ok
15:46:41.0796 2272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:41.0812 2272 MRxDAV - ok
15:46:41.0875 2272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:41.0890 2272 MRxSmb - ok
15:46:41.0937 2272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:46:41.0953 2272 Msfs - ok
15:46:41.0984 2272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:41.0984 2272 MSKSSRV - ok
15:46:42.0000 2272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:42.0000 2272 MSPCLOCK - ok
15:46:42.0015 2272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:42.0015 2272 MSPQM - ok
15:46:42.0062 2272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:42.0078 2272 mssmbios - ok
15:46:42.0093 2272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:46:42.0093 2272 Mup - ok
15:46:42.0140 2272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:46:42.0140 2272 NDIS - ok
15:46:42.0203 2272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:42.0203 2272 NdisTapi - ok
15:46:42.0218 2272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:42.0218 2272 Ndisuio - ok
15:46:42.0234 2272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:42.0234 2272 NdisWan - ok
15:46:42.0281 2272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:42.0281 2272 NDProxy - ok
15:46:42.0312 2272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:42.0312 2272 NetBIOS - ok
15:46:42.0312 2272 NetBT - ok
15:46:42.0375 2272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:46:42.0375 2272 NIC1394 - ok
15:46:42.0421 2272 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:46:42.0421 2272 nm - ok
15:46:42.0437 2272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:46:42.0437 2272 Npfs - ok
15:46:42.0453 2272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:42.0468 2272 Ntfs - ok
15:46:42.0515 2272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:46:42.0515 2272 Null - ok
15:46:42.0781 2272 nv (fee170f182d5167b6e06e490dd7b42d7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:46:42.0984 2272 nv - ok
15:46:43.0015 2272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:43.0015 2272 NwlnkFlt - ok
15:46:43.0046 2272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:43.0046 2272 NwlnkFwd - ok
15:46:43.0093 2272 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
15:46:43.0093 2272 NwlnkIpx - ok
15:46:43.0125 2272 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
15:46:43.0125 2272 NwlnkNb - ok
15:46:43.0171 2272 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
15:46:43.0171 2272 NwlnkSpx - ok
15:46:43.0218 2272 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
15:46:43.0218 2272 NWRDR - ok
15:46:43.0234 2272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:46:43.0234 2272 ohci1394 - ok
15:46:43.0281 2272 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
15:46:43.0281 2272 ossrv - ok
15:46:43.0296 2272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:46:43.0296 2272 Parport - ok
15:46:43.0328 2272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:43.0328 2272 PartMgr - ok
15:46:43.0375 2272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:43.0375 2272 ParVdm - ok
15:46:43.0390 2272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:43.0390 2272 PCI - ok
15:46:43.0406 2272 PCIDump - ok
15:46:43.0437 2272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:43.0437 2272 PCIIde - ok
15:46:43.0468 2272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:46:43.0484 2272 Pcmcia - ok
15:46:43.0484 2272 PDCOMP - ok
15:46:43.0500 2272 PDFRAME - ok
15:46:43.0515 2272 PDRELI - ok
15:46:43.0531 2272 PDRFRAME - ok
15:46:43.0546 2272 perc2 - ok
15:46:43.0562 2272 perc2hib - ok
15:46:43.0625 2272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:43.0625 2272 PptpMiniport - ok
15:46:43.0640 2272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:46:43.0640 2272 Processor - ok
15:46:43.0656 2272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:43.0656 2272 PSched - ok
15:46:43.0687 2272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:43.0687 2272 Ptilink - ok
15:46:43.0750 2272 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:46:43.0750 2272 PxHelp20 - ok
15:46:43.0796 2272 ql1080 - ok
15:46:43.0812 2272 Ql10wnt - ok
15:46:43.0828 2272 ql12160 - ok
15:46:43.0843 2272 ql1240 - ok
15:46:43.0859 2272 ql1280 - ok
15:46:43.0875 2272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:43.0890 2272 RasAcd - ok
15:46:43.0937 2272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:43.0937 2272 Rasl2tp - ok
15:46:43.0953 2272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:43.0953 2272 RasPppoe - ok
15:46:43.0984 2272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:43.0984 2272 Raspti - ok
15:46:44.0015 2272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:44.0015 2272 Rdbss - ok
15:46:44.0062 2272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:44.0062 2272 RDPCDD - ok
15:46:44.0078 2272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:44.0093 2272 rdpdr - ok
15:46:44.0156 2272 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:44.0156 2272 RDPWD - ok
15:46:44.0187 2272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:44.0187 2272 redbook - ok
15:46:44.0250 2272 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:46:44.0250 2272 rtl8139 - ok
15:46:44.0281 2272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:44.0281 2272 Secdrv - ok
15:46:44.0312 2272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:46:44.0312 2272 Serenum - ok
15:46:44.0343 2272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:46:44.0359 2272 Serial - ok
15:46:44.0406 2272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:46:44.0406 2272 Sfloppy - ok
15:46:44.0421 2272 Simbad - ok
15:46:44.0453 2272 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
15:46:44.0453 2272 SISNIC - ok
15:46:44.0468 2272 Sparrow - ok
15:46:44.0500 2272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:46:44.0500 2272 splitter - ok
15:46:44.0531 2272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:44.0531 2272 sr - ok
15:46:44.0562 2272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:44.0578 2272 Srv - ok
15:46:44.0609 2272 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:46:44.0609 2272 ssmdrv - ok
15:46:44.0656 2272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:44.0656 2272 swenum - ok
15:46:44.0687 2272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:46:44.0687 2272 swmidi - ok
15:46:44.0718 2272 symc810 - ok
15:46:44.0734 2272 symc8xx - ok
15:46:44.0750 2272 sym_hi - ok
15:46:44.0765 2272 sym_u3 - ok
15:46:44.0796 2272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:44.0796 2272 sysaudio - ok
15:46:44.0859 2272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:44.0859 2272 Tcpip - ok
15:46:44.0906 2272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:44.0906 2272 TDPIPE - ok
15:46:44.0953 2272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:44.0953 2272 TDTCP - ok
15:46:44.0968 2272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:44.0984 2272 TermDD - ok
15:46:45.0000 2272 TosIde - ok
15:46:45.0046 2272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:46:45.0046 2272 Udfs - ok
15:46:45.0062 2272 ultra - ok
15:46:45.0109 2272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:46:45.0109 2272 Update - ok
15:46:45.0156 2272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:46:45.0156 2272 usbccgp - ok
15:46:45.0171 2272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:45.0171 2272 usbehci - ok
15:46:45.0187 2272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:45.0187 2272 usbhub - ok
15:46:45.0234 2272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:46:45.0234 2272 usbohci - ok
15:46:45.0265 2272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:46:45.0265 2272 usbprint - ok
15:46:45.0312 2272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:46:45.0312 2272 usbscan - ok
15:46:45.0328 2272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:45.0328 2272 USBSTOR - ok
15:46:45.0359 2272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:46:45.0359 2272 usbuhci - ok
15:46:45.0375 2272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:46:45.0375 2272 VgaSave - ok
15:46:45.0406 2272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:46:45.0406 2272 ViaIde - ok
15:46:45.0421 2272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:45.0421 2272 VolSnap - ok
15:46:45.0453 2272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:45.0453 2272 Wanarp - ok
15:46:45.0500 2272 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:46:45.0515 2272 Wdf01000 - ok
15:46:45.0531 2272 WDICA - ok
15:46:45.0546 2272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:45.0546 2272 wdmaud - ok
15:46:45.0625 2272 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:46:45.0640 2272 WinUSB - ok
15:46:45.0687 2272 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
15:46:45.0703 2272 WN111v2 - ok
15:46:45.0796 2272 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
15:46:45.0796 2272 WSIMD - ok
15:46:45.0843 2272 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:46:45.0843 2272 WudfPf - ok
15:46:45.0875 2272 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:46:45.0875 2272 WudfRd - ok
15:46:45.0937 2272 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
15:46:45.0937 2272 zumbus - ok
15:46:45.0984 2272 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
15:46:46.0015 2272 \Device\Harddisk0\DR0 - ok
15:46:46.0031 2272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR7
15:46:46.0031 2272 \Device\Harddisk5\DR7 - ok
15:46:46.0031 2272 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk6\DR21
15:46:46.0046 2272 \Device\Harddisk6\DR21 - ok
15:46:46.0046 2272 Boot (0x1200) (1dbeaa01b2c52f6fd6438412953d3c68) \Device\Harddisk0\DR0\Partition0
15:46:46.0046 2272 \Device\Harddisk0\DR0\Partition0 - ok
15:46:46.0046 2272 Boot (0x1200) (c04adcb60e4989d8fb08ca4a33b0e3fd) \Device\Harddisk0\DR0\Partition1
15:46:46.0046 2272 \Device\Harddisk0\DR0\Partition1 - ok
15:46:46.0062 2272 Boot (0x1200) (64ba2803ee2acc110bf1eeaf66f6c701) \Device\Harddisk5\DR7\Partition0
15:46:46.0062 2272 \Device\Harddisk5\DR7\Partition0 - ok
15:46:46.0078 2272 Boot (0x1200) (076921b656edd1a166574c6bc7b5bc2e) \Device\Harddisk6\DR21\Partition0
15:46:46.0078 2272 \Device\Harddisk6\DR21\Partition0 - ok
15:46:46.0078 2272 ============================================================
15:46:46.0078 2272 Scan finished
15:46:46.0078 2272 ============================================================
15:46:46.0093 0476 Detected object count: 0
15:46:46.0093 0476 Actual detected object count: 0

Thanks for your help, I'll be watching for further instructions.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 7:58 pm

Okay looks good, please re-run Combofix so we can get an updated log.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 10:45 pm

Here we are, I ran the ComboFix again and the log is pasted below.

Please note that, even before running ComboFix, we weren't showing any more "threats"--- However, the pc is still not connecting to the network. I'm guessing that it is just something in the settings that needs to be restored or re-set. I think that is why Super Dave had us run MiniToolBox. Anyway, that is still the problem that remains-- the Network Connections still says "acquiring a connection" but, for whatever reason it doesn't seem to be completing that step. Please see what you can advise, to get that pc re-connected.

Thanks for all your help~

Patricia

Latest ComboFix Log:

15:46:23.0390 2104 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
15:46:23.0437 2104 ============================================================
15:46:23.0437 2104 Current date / time: 2011/10/25 15:46:23.0437
15:46:23.0437 2104 SystemInfo:
15:46:23.0437 2104
15:46:23.0437 2104 OS Version: 5.1.2600 ServicePack: 3.0
15:46:23.0437 2104 Product type: Workstation
15:46:23.0437 2104 ComputerName: BOBSPC
15:46:23.0437 2104 UserName: HP_Administrator
15:46:23.0437 2104 Windows directory: C:\WINDOWS
15:46:23.0437 2104 System windows directory: C:\WINDOWS
15:46:23.0437 2104 Processor architecture: Intel x86
15:46:23.0437 2104 Number of processors: 2
15:46:23.0437 2104 Page size: 0x1000
15:46:23.0437 2104 Boot type: Normal boot
15:46:23.0437 2104 ============================================================
15:46:31.0718 2104 Initialize success
15:46:36.0843 2272 ============================================================
15:46:36.0843 2272 Scan started
15:46:36.0843 2272 Mode: Manual;
15:46:36.0843 2272 ============================================================
15:46:37.0281 2272 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys
15:46:37.0296 2272 A3AB - ok
15:46:37.0296 2272 Abiosdsk - ok
15:46:37.0312 2272 abp480n5 - ok
15:46:37.0359 2272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:37.0359 2272 ACPI - ok
15:46:37.0437 2272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:46:37.0437 2272 ACPIEC - ok
15:46:37.0453 2272 adpu160m - ok
15:46:37.0500 2272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:46:37.0500 2272 aec - ok
15:46:37.0546 2272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:46:37.0546 2272 AFD - ok
15:46:37.0562 2272 Aha154x - ok
15:46:37.0578 2272 aic78u2 - ok
15:46:37.0593 2272 aic78xx - ok
15:46:37.0609 2272 AliIde - ok
15:46:37.0625 2272 amsint - ok
15:46:37.0656 2272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:46:37.0656 2272 Arp1394 - ok
15:46:37.0656 2272 asc - ok
15:46:37.0671 2272 asc3350p - ok
15:46:37.0687 2272 asc3550 - ok
15:46:37.0734 2272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:37.0734 2272 AsyncMac - ok
15:46:37.0765 2272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:37.0765 2272 atapi - ok
15:46:37.0781 2272 Atdisk - ok
15:46:37.0812 2272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:37.0812 2272 Atmarpc - ok
15:46:37.0859 2272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:37.0859 2272 audstub - ok
15:46:37.0968 2272 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:46:37.0968 2272 avgio - ok
15:46:38.0031 2272 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:46:38.0031 2272 avgntflt - ok
15:46:38.0062 2272 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:46:38.0078 2272 avipbb - ok
15:46:38.0093 2272 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
15:46:38.0093 2272 bb-run - ok
15:46:38.0156 2272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:46:38.0156 2272 Beep - ok
15:46:38.0156 2272 catchme - ok
15:46:38.0203 2272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:38.0203 2272 cbidf2k - ok
15:46:38.0218 2272 cd20xrnt - ok
15:46:38.0234 2272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:38.0234 2272 Cdaudio - ok
15:46:38.0281 2272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:38.0281 2272 Cdfs - ok
15:46:38.0328 2272 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:38.0328 2272 Cdrom - ok
15:46:38.0343 2272 Changer - ok
15:46:38.0359 2272 CmdIde - ok
15:46:38.0406 2272 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
15:46:38.0437 2272 COMMONFX.DLL - ok
15:46:38.0453 2272 Cpqarray - ok
15:46:38.0484 2272 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
15:46:38.0500 2272 CT20XUT.DLL - ok
15:46:38.0562 2272 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
15:46:38.0562 2272 ctac32k - ok
15:46:38.0593 2272 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
15:46:38.0609 2272 ctaud2k - ok
15:46:38.0625 2272 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
15:46:38.0640 2272 CTAUDFX.DLL - ok
15:46:38.0703 2272 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:46:38.0703 2272 ctdvda2k - ok
15:46:38.0734 2272 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
15:46:38.0734 2272 CTEAPSFX.DLL - ok
15:46:38.0765 2272 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
15:46:38.0765 2272 CTEDSPFX.DLL - ok
15:46:38.0796 2272 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
15:46:38.0796 2272 CTEDSPIO.DLL - ok
15:46:38.0828 2272 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
15:46:38.0843 2272 CTEDSPSY.DLL - ok
15:46:38.0859 2272 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
15:46:38.0859 2272 CTERFXFX.DLL - ok
15:46:38.0937 2272 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
15:46:38.0968 2272 CTEXFIFX.DLL - ok
15:46:39.0000 2272 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
15:46:39.0000 2272 CTHWIUT.DLL - ok
15:46:39.0078 2272 ctlsb16 (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
15:46:39.0078 2272 ctlsb16 - ok
15:46:39.0125 2272 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:46:39.0125 2272 ctprxy2k - ok
15:46:39.0156 2272 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
15:46:39.0156 2272 CTSBLFX.DLL - ok
15:46:39.0187 2272 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:46:39.0187 2272 ctsfm2k - ok
15:46:39.0203 2272 dac2w2k - ok
15:46:39.0218 2272 dac960nt - ok
15:46:39.0265 2272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:39.0265 2272 Disk - ok
15:46:39.0328 2272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:46:39.0343 2272 dmboot - ok
15:46:39.0375 2272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:46:39.0375 2272 dmio - ok
15:46:39.0406 2272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:46:39.0406 2272 dmload - ok
15:46:39.0453 2272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:46:39.0453 2272 DMusic - ok
15:46:39.0500 2272 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
15:46:39.0500 2272 DNINDIS5 - ok
15:46:39.0515 2272 dpti2o - ok
15:46:39.0531 2272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:39.0531 2272 drmkaud - ok
15:46:39.0578 2272 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:46:39.0578 2272 E100B - ok
15:46:39.0640 2272 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
15:46:39.0640 2272 emupia - ok
15:46:39.0687 2272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:39.0687 2272 Fastfat - ok
15:46:39.0703 2272 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
15:46:39.0703 2272 fasttx2k - ok
15:46:39.0750 2272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:46:39.0750 2272 Fdc - ok
15:46:39.0781 2272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:46:39.0781 2272 Fips - ok
15:46:39.0828 2272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:46:39.0828 2272 Flpydisk - ok
15:46:39.0890 2272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:46:39.0890 2272 FltMgr - ok
15:46:39.0953 2272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:39.0953 2272 Fs_Rec - ok
15:46:40.0000 2272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:40.0000 2272 Ftdisk - ok
15:46:40.0046 2272 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
15:46:40.0046 2272 ftsata2 - ok
15:46:40.0078 2272 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
15:46:40.0078 2272 gagp30kx - ok
15:46:40.0140 2272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:46:40.0140 2272 GEARAspiWDM - ok
15:46:40.0171 2272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:40.0171 2272 Gpc - ok
15:46:40.0234 2272 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:46:40.0250 2272 ha10kx2k - ok
15:46:40.0296 2272 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
15:46:40.0296 2272 hap16v2k - ok
15:46:40.0328 2272 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
15:46:40.0343 2272 hap17v2k - ok
15:46:40.0390 2272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:46:40.0390 2272 HDAudBus - ok
15:46:40.0437 2272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:40.0453 2272 HidUsb - ok
15:46:40.0453 2272 hpn - ok
15:46:40.0515 2272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:40.0515 2272 HTTP - ok
15:46:40.0531 2272 i2omgmt - ok
15:46:40.0546 2272 i2omp - ok
15:46:40.0593 2272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:40.0593 2272 i8042prt - ok
15:46:40.0609 2272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:40.0625 2272 Imapi - ok
15:46:40.0640 2272 ini910u - ok
15:46:40.0765 2272 IntcAzAudAddService (98b7fab86755a42fe8eb04538a4cd6c8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:46:40.0859 2272 IntcAzAudAddService - ok
15:46:40.0921 2272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:46:40.0921 2272 IntelIde - ok
15:46:40.0968 2272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:46:40.0968 2272 intelppm - ok
15:46:41.0000 2272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:46:41.0000 2272 Ip6Fw - ok
15:46:41.0031 2272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:41.0031 2272 IpFilterDriver - ok
15:46:41.0078 2272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:41.0093 2272 IpInIp - ok
15:46:41.0140 2272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:41.0140 2272 IpNat - ok
15:46:41.0187 2272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:41.0187 2272 IPSec - ok
15:46:41.0234 2272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:41.0234 2272 IRENUM - ok
15:46:41.0281 2272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:41.0281 2272 isapnp - ok
15:46:41.0343 2272 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
15:46:41.0343 2272 JSWSCIMD - ok
15:46:41.0375 2272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:41.0375 2272 Kbdclass - ok
15:46:41.0390 2272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:46:41.0390 2272 kbdhid - ok
15:46:41.0437 2272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:46:41.0437 2272 kmixer - ok
15:46:41.0484 2272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:41.0484 2272 KSecDD - ok
15:46:41.0500 2272 lbrtfdc - ok
15:46:41.0562 2272 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:46:41.0562 2272 MHNDRV - ok
15:46:41.0609 2272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:41.0609 2272 mnmdd - ok
15:46:41.0671 2272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:46:41.0671 2272 Modem - ok
15:46:41.0718 2272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:41.0718 2272 Mouclass - ok
15:46:41.0734 2272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:46:41.0734 2272 mouhid - ok
15:46:41.0765 2272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:41.0765 2272 MountMgr - ok
15:46:41.0781 2272 mraid35x - ok
15:46:41.0796 2272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:41.0812 2272 MRxDAV - ok
15:46:41.0875 2272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:41.0890 2272 MRxSmb - ok
15:46:41.0937 2272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:46:41.0953 2272 Msfs - ok
15:46:41.0984 2272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:41.0984 2272 MSKSSRV - ok
15:46:42.0000 2272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:42.0000 2272 MSPCLOCK - ok
15:46:42.0015 2272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:42.0015 2272 MSPQM - ok
15:46:42.0062 2272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:42.0078 2272 mssmbios - ok
15:46:42.0093 2272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:46:42.0093 2272 Mup - ok
15:46:42.0140 2272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:46:42.0140 2272 NDIS - ok
15:46:42.0203 2272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:42.0203 2272 NdisTapi - ok
15:46:42.0218 2272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:42.0218 2272 Ndisuio - ok
15:46:42.0234 2272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:42.0234 2272 NdisWan - ok
15:46:42.0281 2272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:42.0281 2272 NDProxy - ok
15:46:42.0312 2272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:42.0312 2272 NetBIOS - ok
15:46:42.0312 2272 NetBT - ok
15:46:42.0375 2272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:46:42.0375 2272 NIC1394 - ok
15:46:42.0421 2272 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:46:42.0421 2272 nm - ok
15:46:42.0437 2272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:46:42.0437 2272 Npfs - ok
15:46:42.0453 2272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:42.0468 2272 Ntfs - ok
15:46:42.0515 2272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:46:42.0515 2272 Null - ok
15:46:42.0781 2272 nv (fee170f182d5167b6e06e490dd7b42d7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:46:42.0984 2272 nv - ok
15:46:43.0015 2272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:43.0015 2272 NwlnkFlt - ok
15:46:43.0046 2272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:43.0046 2272 NwlnkFwd - ok
15:46:43.0093 2272 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
15:46:43.0093 2272 NwlnkIpx - ok
15:46:43.0125 2272 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
15:46:43.0125 2272 NwlnkNb - ok
15:46:43.0171 2272 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
15:46:43.0171 2272 NwlnkSpx - ok
15:46:43.0218 2272 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
15:46:43.0218 2272 NWRDR - ok
15:46:43.0234 2272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:46:43.0234 2272 ohci1394 - ok
15:46:43.0281 2272 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
15:46:43.0281 2272 ossrv - ok
15:46:43.0296 2272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:46:43.0296 2272 Parport - ok
15:46:43.0328 2272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:43.0328 2272 PartMgr - ok
15:46:43.0375 2272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:43.0375 2272 ParVdm - ok
15:46:43.0390 2272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:43.0390 2272 PCI - ok
15:46:43.0406 2272 PCIDump - ok
15:46:43.0437 2272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:43.0437 2272 PCIIde - ok
15:46:43.0468 2272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:46:43.0484 2272 Pcmcia - ok
15:46:43.0484 2272 PDCOMP - ok
15:46:43.0500 2272 PDFRAME - ok
15:46:43.0515 2272 PDRELI - ok
15:46:43.0531 2272 PDRFRAME - ok
15:46:43.0546 2272 perc2 - ok
15:46:43.0562 2272 perc2hib - ok
15:46:43.0625 2272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:43.0625 2272 PptpMiniport - ok
15:46:43.0640 2272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:46:43.0640 2272 Processor - ok
15:46:43.0656 2272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:43.0656 2272 PSched - ok
15:46:43.0687 2272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:43.0687 2272 Ptilink - ok
15:46:43.0750 2272 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:46:43.0750 2272 PxHelp20 - ok
15:46:43.0796 2272 ql1080 - ok
15:46:43.0812 2272 Ql10wnt - ok
15:46:43.0828 2272 ql12160 - ok
15:46:43.0843 2272 ql1240 - ok
15:46:43.0859 2272 ql1280 - ok
15:46:43.0875 2272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:43.0890 2272 RasAcd - ok
15:46:43.0937 2272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:43.0937 2272 Rasl2tp - ok
15:46:43.0953 2272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:43.0953 2272 RasPppoe - ok
15:46:43.0984 2272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:43.0984 2272 Raspti - ok
15:46:44.0015 2272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:44.0015 2272 Rdbss - ok
15:46:44.0062 2272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:44.0062 2272 RDPCDD - ok
15:46:44.0078 2272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:44.0093 2272 rdpdr - ok
15:46:44.0156 2272 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:44.0156 2272 RDPWD - ok
15:46:44.0187 2272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:44.0187 2272 redbook - ok
15:46:44.0250 2272 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:46:44.0250 2272 rtl8139 - ok
15:46:44.0281 2272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:44.0281 2272 Secdrv - ok
15:46:44.0312 2272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:46:44.0312 2272 Serenum - ok
15:46:44.0343 2272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:46:44.0359 2272 Serial - ok
15:46:44.0406 2272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:46:44.0406 2272 Sfloppy - ok
15:46:44.0421 2272 Simbad - ok
15:46:44.0453 2272 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
15:46:44.0453 2272 SISNIC - ok
15:46:44.0468 2272 Sparrow - ok
15:46:44.0500 2272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:46:44.0500 2272 splitter - ok
15:46:44.0531 2272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:44.0531 2272 sr - ok
15:46:44.0562 2272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:44.0578 2272 Srv - ok
15:46:44.0609 2272 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:46:44.0609 2272 ssmdrv - ok
15:46:44.0656 2272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:44.0656 2272 swenum - ok
15:46:44.0687 2272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:46:44.0687 2272 swmidi - ok
15:46:44.0718 2272 symc810 - ok
15:46:44.0734 2272 symc8xx - ok
15:46:44.0750 2272 sym_hi - ok
15:46:44.0765 2272 sym_u3 - ok
15:46:44.0796 2272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:44.0796 2272 sysaudio - ok
15:46:44.0859 2272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:44.0859 2272 Tcpip - ok
15:46:44.0906 2272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:44.0906 2272 TDPIPE - ok
15:46:44.0953 2272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:44.0953 2272 TDTCP - ok
15:46:44.0968 2272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:44.0984 2272 TermDD - ok
15:46:45.0000 2272 TosIde - ok
15:46:45.0046 2272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:46:45.0046 2272 Udfs - ok
15:46:45.0062 2272 ultra - ok
15:46:45.0109 2272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:46:45.0109 2272 Update - ok
15:46:45.0156 2272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:46:45.0156 2272 usbccgp - ok
15:46:45.0171 2272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:45.0171 2272 usbehci - ok
15:46:45.0187 2272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:45.0187 2272 usbhub - ok
15:46:45.0234 2272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:46:45.0234 2272 usbohci - ok
15:46:45.0265 2272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:46:45.0265 2272 usbprint - ok
15:46:45.0312 2272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:46:45.0312 2272 usbscan - ok
15:46:45.0328 2272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:45.0328 2272 USBSTOR - ok
15:46:45.0359 2272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:46:45.0359 2272 usbuhci - ok
15:46:45.0375 2272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:46:45.0375 2272 VgaSave - ok
15:46:45.0406 2272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:46:45.0406 2272 ViaIde - ok
15:46:45.0421 2272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:45.0421 2272 VolSnap - ok
15:46:45.0453 2272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:45.0453 2272 Wanarp - ok
15:46:45.0500 2272 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:46:45.0515 2272 Wdf01000 - ok
15:46:45.0531 2272 WDICA - ok
15:46:45.0546 2272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:45.0546 2272 wdmaud - ok
15:46:45.0625 2272 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:46:45.0640 2272 WinUSB - ok
15:46:45.0687 2272 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
15:46:45.0703 2272 WN111v2 - ok
15:46:45.0796 2272 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
15:46:45.0796 2272 WSIMD - ok
15:46:45.0843 2272 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:46:45.0843 2272 WudfPf - ok
15:46:45.0875 2272 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:46:45.0875 2272 WudfRd - ok
15:46:45.0937 2272 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
15:46:45.0937 2272 zumbus - ok
15:46:45.0984 2272 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
15:46:46.0015 2272 \Device\Harddisk0\DR0 - ok
15:46:46.0031 2272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR7
15:46:46.0031 2272 \Device\Harddisk5\DR7 - ok
15:46:46.0031 2272 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk6\DR21
15:46:46.0046 2272 \Device\Harddisk6\DR21 - ok
15:46:46.0046 2272 Boot (0x1200) (1dbeaa01b2c52f6fd6438412953d3c68) \Device\Harddisk0\DR0\Partition0
15:46:46.0046 2272 \Device\Harddisk0\DR0\Partition0 - ok
15:46:46.0046 2272 Boot (0x1200) (c04adcb60e4989d8fb08ca4a33b0e3fd) \Device\Harddisk0\DR0\Partition1
15:46:46.0046 2272 \Device\Harddisk0\DR0\Partition1 - ok
15:46:46.0062 2272 Boot (0x1200) (64ba2803ee2acc110bf1eeaf66f6c701) \Device\Harddisk5\DR7\Partition0
15:46:46.0062 2272 \Device\Harddisk5\DR7\Partition0 - ok
15:46:46.0078 2272 Boot (0x1200) (076921b656edd1a166574c6bc7b5bc2e) \Device\Harddisk6\DR21\Partition0
15:46:46.0078 2272 \Device\Harddisk6\DR21\Partition0 - ok
15:46:46.0078 2272 ============================================================
15:46:46.0078 2272 Scan finished
15:46:46.0078 2272 ============================================================
15:46:46.0093 0476 Detected object count: 0
15:46:46.0093 0476 Actual detected object count: 0

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 11:50 pm

Hello.
That's TDSSKiller again.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts26th October 2011, 1:07 am

Sorry, here's the new ComboFix log:

ComboFix 11-10-20.08 - HP_Administrator 10/25/2011 16:32:47.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.501 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-25 19:35 . 2011-10-25 19:35 -------- d-----w- c:\program files\7-Zip
2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\program files\ESET
2011-10-21 02:57 . 2008-06-27 21:24 467028 ----a-w- c:\windows\system32\acs.exe
2011-10-19 00:37 . 2011-10-19 00:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-26 15:41 . 2011-09-26 15:41 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 15:41 . 2011-09-26 15:41 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 17:56 . 2010-11-30 06:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 09:06 . 2010-12-05 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-02-14 06:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-01-12 22:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-01-12 22:39 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-01-12 22:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-01-12 22:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-11-30 06:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-01-13 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-01-12 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-01-12 22:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-01-12 22:38 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-01-12 22:37 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 13:18 . 2011-05-07 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-06-09 23:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-03-05 22:08 . 2009-05-17 01:17 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"nwiz"="nwiz.exe" [2007-08-28 1626112]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-09-28 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CaSup.lnk - c:\hp\region\CustAtStartUp.wsf [N/A]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-2-26 323584]
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-11-6 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\aswMBR.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 5:15 AM 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/8/2010 5:36 PM 96256]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 2:19 PM 268528]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 4:24 AM 453120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 51290763
*Deregistered* - 51290763
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-10-25 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
2011-10-25 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 16:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\nview.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-25 16:56:16
ComboFix-quarantined-files.txt 2011-10-25 20:56
ComboFix2.txt 2011-10-21 03:49
ComboFix3.txt 2010-12-05 01:36
.
Pre-Run: 121,278,013,440 bytes free
Post-Run: 121,507,934,208 bytes free
.
- - End Of File - - BE3353F6B52693D9EDBDEA6449853772

Thank you~

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts26th October 2011, 11:36 pm

Just checking in--- still haven't been able to connect to the internet/network. I will keep watching for further instructions. Thanks for your help.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts27th October 2011, 1:09 am

robbhenningsr wrote:

Just checking in--- still haven't been able to connect to the internet/network. I will keep watching for further instructions. Thanks for your help.

Patricia

Hello Patricia. As Belahzur said this is a serious infection and I'm going to just stand back and watch how he handles it. He's much more experienced than I.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts27th October 2011, 2:37 am

Thanks for responding, Super Dave, I'll keep watching for further instructions... meanwhile, I've turned my pc over to DH, who probably would waste away without his internet connections. : Yikes

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts27th October 2011, 7:21 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
Driver:: 51290763 Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts27th October 2011, 9:05 pm

Okay, I attempted to move that file into ComboFix-- and it just opened ComboFix each time I tried, so I can only guess that is what it is supposed to do. I did have to load a fresh copy of ComboFix, there was a message that the original was expired.

At any rate, here is the latest ComboFix Log:

ComboFix 11-10-27.05 - HP_Administrator 10/27/2011 16:00:58.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.350 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_51290763
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-25 19:35 . 2011-10-25 19:35 -------- d-----w- c:\program files\7-Zip
2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\program files\ESET
2011-10-21 02:57 . 2008-06-27 21:24 467028 ----a-w- c:\windows\system32\acs.exe
2011-10-19 00:37 . 2011-10-19 00:37 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 17:56 . 2010-11-30 06:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 09:06 . 2010-12-05 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-02-14 06:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-01-12 22:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-01-12 22:39 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-01-12 22:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-01-12 22:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-11-30 06:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-01-13 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-01-12 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-01-12 22:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-01-12 22:38 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-01-12 22:37 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 13:18 . 2011-05-07 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-06-09 23:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-03-05 22:08 . 2009-05-17 01:17 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"nwiz"="nwiz.exe" [2007-08-28 1626112]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-09-28 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CaSup.lnk - c:\hp\region\CustAtStartUp.wsf [N/A]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-2-26 323584]
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-11-6 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\aswMBR.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 5:15 AM 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/8/2010 5:36 PM 96256]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 2:19 PM 268528]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 4:24 AM 453120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-10-27 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
2011-10-27 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 16:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2268)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\netdde.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-27 16:29:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-27 20:29
ComboFix2.txt 2011-10-25 20:56
ComboFix3.txt 2011-10-21 03:49
ComboFix4.txt 2010-12-05 01:36
.
Pre-Run: 121,539,563,520 bytes free
Post-Run: 121,526,321,152 bytes free
.
- - End Of File - - 29486CC7EFB7A32F91522606AFCFC8D7

I'll continue to check back for further instructions. Thank you for your help.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts28th October 2011, 3:00 am

Okay this looks rather good now, how is the machine running? any better than when you first started this thread?

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts28th October 2011, 4:50 am

Hello Belahzur,

Re:

by Belahzur Yesterday at 11:00 pm
Okay this looks rather good now, how is the machine running? any better than when you first started this thread?

The machine seems to be running fine EXCEPT we cannot connect to the internet. This has been the same status since we ran scans over the weekend. (It seems we lost our connections when we ran Kaspersky-- see my note on Monday, below in red).

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Mon 24 Oct 2011, 5:15 pm
Hi Super Dave,

I submitted this post earlier today, but it doesn't appear now, so I'll try again. Please excuse if this is a double posting.

Re: pop-ups, I did change the setting to disallow pop-ups, but still got the error messages. It appears to be part of the 'security' system, reset by the trojans, that is not allowing access to programs. That's just my guess, but we've seen a lot of it since this thing started.

We did run Kaspersky, took a loooooong time, and I'll paste the log of threats below.

Since running that KAS, the computer will not connect to the internet. I looked at Network Connections and it says "acquiring connection," but it seems to hang up there.

As for running Eset Online again-- I cannot get online on that machine, not with Internet Explorer, not with Mozilla, not at all. That's why I've been using a USB drive to transfer back and forth:

Post by robbhenningsr on Mon 24 Oct 2011, 10:02 pm
Thank Heaven for USB drives!

We ran the mini tool bar with those settings-- results below:
[/color]

I'm not certain, but I believe that the loss of internet connection was the reason for running MiniToolbar. FWIW, we have a wireless network, and all our other pc's are connecting fine. Network Connections, on the machine we have lost connections on, indicates a strong signal, but says it is "Acquiring Network Connections." In other words, there is something blocking, or something missing, that is keeping us from acquiring an IP address, etc., on this machine. Please review and, if more info is needed from me, let me know...

Meanwhile, I'll be checking back, hoping that you have further instructions that will get us re-connected to the internet/network.

Thanks for your help and patience~

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts28th October 2011, 11:15 pm

Hi.
Please download Winsock XPFix from here:
http://www.snapfiles.com/get/winsockxpfix.html

Run it and press the fix button.
Reboot once it's run and see if you have a connection after the reboot.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts29th October 2011, 12:32 am

Hello Belahzur,

I downloaded WinsockXPFix, above, and ran it on the pc, and rebooted. The pc still isn't connecting. When I tried Internet Explorer, it offered the option "Diagnose Connection Problems." I started the diagnostic, it says there is a problem with the Winsock Catalog on the computer and asked if I wanted to 're-set the catalog.' Since I'm no expert, I stopped there and will wait for your further instructions.

Thank you for your help and patience. I look forward to our next steps.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts31st October 2011, 1:21 am

Yep, go ahead, can't make a dead connection much worse right?

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts31st October 2011, 7:43 am

Hello, again,
Well I did run through the entire Diagnostic, a couple of times. No improvement in connectivity.

I'm wondering about a couple of things. Since the pc is showing a strong connection, and the programs are failing to connect, would it be worthwhile uninstall IE, than download a new copy of IE (to USB), and install it on the pc.--- just in case there is a glitch or setting in the IE program that is blocking the connection. What do you think?

I've pasted the log below:

Last diagnostic run time: 10/31/11 02:38:43 IP Configuration Diagnostic
Invalid IP address

info Zero (0.0.0.0) IP address detected
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
action Automated repair: Reset network connection
action Disabling the network adapter
action Enabling the network adapter
info Network adapter successfully enabled
info Zero (0.0.0.0) IP address detected
action Manual repair: Reboot modem
info Zero (0.0.0.0) IP address detected
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
action Manual repair: Verify wireless network key
info Zero (0.0.0.0) IP address detected
action Automated repair: Renew IP address
action Releasing the current IP address...
error Error releasing the current IP address: The RPC server is unavailable.
info Zero (0.0.0.0) IP address detected
info Redirecting user to support call

Wireless Diagnostic
Wireless - Service disabled

Wireless - User SSID

action User input required: Specify network name or SSID
Wireless - First time setup

info The Wireless Network name (SSID) to which the user would like to connect = DFX1.
Wireless - Radio off

info Zero (0.0.0.0) IP address detected
Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR

WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Wireless Network Connection 2, Device=D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B), MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=Local Area Connection, Device=Intel(R) PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Wireless connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

I will wait for further instructions. Thanks for your help~

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts2nd November 2011, 4:54 am

Hi Belahzur and Super Dave,
We don't seem to be making any progress and I'm wondering if we should take this over to the forum dedicated to networking and online issues. What do you think?

Or do you have some super plans coming up to get this thing straightened out this week?

Let me know what you think-- I'll be waiting for further instructions.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts2nd November 2011, 5:45 pm

Please try running MiniToolBox again and see if we can get a log.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts2nd November 2011, 6:20 pm

Here you go--Mini Tool Bar results, run today.

MiniToolBox by Farbar
Ran by HP_Administrator (administrator) on 02-11-2011 at 14:17:53
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration Host Name . . . . . . . . . . . . : BobsPC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-13-D4-21-21-7CEthernet adapter Wireless Network Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B) Physical Address. . . . . . . . . : 00-13-46-60-52-1E Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : DisabledServer: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 d4 21 21 7c ...... Intel(R) PRO/100 VE Network Connection
0x40004 ...00 13 46 60 52 1e ...... D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 10003 1
255.255.255.255 255.255.255.255 255.255.255.255 40004 1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/01/2011 02:39:00 PM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.

Error: (11/01/2011 02:39:00 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7

Error: (10/31/2011 03:34:12 AM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.

Error: (10/31/2011 03:34:12 AM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7

Error: (10/31/2011 03:31:30 AM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.

Error: (10/31/2011 03:31:30 AM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7

Error: (10/28/2011 08:22:07 PM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.

Error: (10/28/2011 08:22:07 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EE7

Error: (10/27/2011 04:23:06 PM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070002
.

Error: (10/27/2011 04:23:02 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a failure when loading SAP. hr=0x80070002
SAP folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.19

System errors:
=============
Error: (11/01/2011 03:44:45 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/31/2011 03:31:30 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (10/31/2011 03:31:26 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2

Error: (10/31/2011 03:31:26 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%2

Error: (10/31/2011 03:31:26 AM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2

Error: (10/31/2011 03:31:26 AM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Scheduler service failed to start due to the following error:
%%2

Error: (10/31/2011 03:31:26 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (10/31/2011 03:31:26 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (10/30/2011 03:44:44 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/28/2011 08:22:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Microsoft Office Sessions:
=========================
Error: (11/01/2011 02:39:00 PM) (Source: MatSvc)(User: )
Description: hr=0xC004F00E

Error: (11/01/2011 02:39:00 PM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7ISapCatalogService::GetFullSapCatalog

Error: (10/31/2011 03:34:12 AM) (Source: MatSvc)(User: )
Description: hr=0xC004F00E

Error: (10/31/2011 03:34:12 AM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7ISapCatalogService::GetFullSapCatalog

Error: (10/31/2011 03:31:30 AM) (Source: MatSvc)(User: )
Description: hr=0xC004F00E

Error: (10/31/2011 03:31:30 AM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7ISapCatalogService::GetFullSapCatalog

Error: (10/28/2011 08:22:07 PM) (Source: MatSvc)(User: )
Description: hr=0xC004F00E

Error: (10/28/2011 08:22:07 PM) (Source: MatSvc)(User: )
Description: hr=0x80072EE7ISapCatalogService::GetFullSapCatalog

Error: (10/27/2011 04:23:06 PM) (Source: MatSvc)(User: )
Description: hr=0x80070002

Error: (10/27/2011 04:23:02 PM) (Source: MatSvc)(User: )
Description: hr=0x80070002C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.19

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 1022.41 MB
Available physical RAM: 479.06 MB
Total Pagefile: 2460.27 MB
Available Pagefile: 1964.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.14 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:363.53 GB) (Free:113.37 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.05 GB) (Free:4.4 GB) FAT32
9 Drive k: (HP Personal Media Drive) (Fixed) (Total:279.45 GB) (Free:227.87 GB) NTFS
10 Drive l: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.09 GB) FAT

========================= Users: ========================================

User accounts for \\BOBSPC

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904

**** End of log ****

Thanks, again, and I'll check back for further instructions.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts3rd November 2011, 1:58 am

Hello.
I wanna check something that the log shows.

Now open a new notepad file.
Input this into the notepad file:

@echo off
dir C:\Documents and Settings >> log.txt
del look.bat
start notepad look.txt
exit

Save this as look.bat, save it to your desktop.
Double click look.bat and the black cmd window will open and close, this is normal.

Post the look.txt log into your next reply.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts3rd November 2011, 2:17 am

Copied, moved and ran Look batch...here is the log:

Volume in drive C is HP_PAVILION
Volume Serial Number is 38BB-9BE6

Directory of C:\

Directory of C:\Documents and Settings\HP_Administrator\Desktop

Directory of C:\Documents and Settings\HP_Administrator\Desktop

Thanks, will wait for next step.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts3rd November 2011, 2:22 am

God damn that didn't work as I thought it would, ah well, this works, tested it myself.

Now open a new notepad file.
Input this into the notepad file:

@echo off
cd C:\
cd C:\Documents and Settings
dir >> log.txt
start notepad log.txt

Save this as look.bat, save it to your desktop.
Double click look.bat and the black cmd window will open and close, this is normal.

Post the look.txt log into your next reply.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts3rd November 2011, 3:14 am

Once more, this time with these results:

Volume in drive C is HP_PAVILION
Volume Serial Number is 38BB-9BE6

Directory of C:\Documents and Settings

11/02/2011 11:11 PM .
11/02/2011 11:11 PM ..
10/20/2011 10:54 PM Administrator
12/06/2010 12:21 PM All Users
10/20/2011 10:54 PM HP_Administrator
11/02/2011 11:11 PM 0 log.txt
1 File(s) 0 bytes
5 Dir(s) 121,729,421,312 bytes free

Hope this is what you needed~ either way, I'll check back again. Thanks,

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts8th November 2011, 2:17 am

Still waiting for further advice-- hope all is well with you.

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts9th November 2011, 12:57 am

That log came back fine.

Still having the connection problem?

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts9th November 2011, 1:11 am

Yes, we still have no connection. :smile2:

The pc does say that the signal is strong, but it just won't connect and acquire an IP address. Suggestions?

Thanks,
Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts12th November 2011, 6:14 pm

Hey, there, Super Dave and Belahzur,

I'm still hoping that you can help us get that pc back online. I've turned my own pc over to my DH, until we can get his back up, and (much as I hate to admit it) I'm beginning to experience withdrawal.

The status remains the same: the pc indicates that it is receiving a strong signal, but the browsers do not connect. They get stuck at "acquiring network address."

What can be stopping the browser/connections? A missing driver? Something in the registry? I really need help on this.

Thanks,
Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 12:16 am

Not sure, it could be damage from the infection, it was fairly extensive and messy as I pointed out when I jumped in here.

If it's any easier, format is an option.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 12:37 am

No, thanks, format is a bit extreme, yet. I've seen this once before, I just don't remember exactly how to go about tracking down and re-setting the appropriate devices.

One thing I did notice, while just looking around on the pc, is there are a number of items in "Services" that are showing as stopped...among those stopped are IP configuration.

If you know more about "Services" settings, or can refer me to someone who might, your help would be appreciated. Meanwhile, I'll keep researching on this end, as time and talent permit.

Thanks,

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 2:19 am

Hello.
I'm back with an idea.

Please download FSS from here

Press the scan button, and it will make a log file when it's finished.
Copy and paste the log back here.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 3:08 am

I'm sorry, but "from where?" No link in previous message, not sure where to look-- I'll check back. Thanks,

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 4:06 pm

Where it says "here" is a hyperlink.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 4:58 pm

Thanks, for no apparent reason, the link didn't activate when I moused over it, yesterday...got it now!

Thanks,

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 5:02 pm

Here is the FSS log:

Farbar Service Scanner
Ran by HP_Administrator (administrator) on 14-11-2011 at 12:00:10
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to Google returned error: Google site is unreachable
Attemp to yahoo returend error: Yahoo site is unreachable

**** End of log ****

I'll wait for further advice...
Thanks,
Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 5:11 pm

I believe we found the problem. While I do some research, do you have your XP disc? a critical system file was deleted by the infection and needs replacing.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 5:12 pm

No, this pc did not come with an XP disc...sorry.

Thanks for your help,

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 5:16 pm

Darn, lets hope the machine has a backup copy somewhere.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

/md5start
netbt.sys
/md5stop
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the pink Quick Scan button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 6:13 pm

Done! Here are the results of the current OTL scan:

OTL logfile created on: 11/14/2011 12:48:35 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 541.24 Mb Available Physical Memory | 52.94% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 113.62 Gb Free Space | 31.25% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32
Drive K: | 279.45 Gb Total Space | 227.87 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive L: | 245.72 Mb Total Space | 97.06 Mb Free Space | 39.50% Space Free | Partition Type: FAT

Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 12:45:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
PRC - [2010/11/17 13:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/29 15:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/09/28 13:09:05 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/02 11:21:20 | 001,503,306 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/07/25 01:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2003/11/06 18:32:30 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/20 11:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 11:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 11:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/03 19:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 19:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/28 01:59:00 | 001,478,656 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/08/28 01:59:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/03/16 01:17:28 | 000,204,800 | ---- | M] () -- c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
MOD - [2003/11/06 18:32:30 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/11/06 14:40:32 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011/10/23 08:41:12 | 000,060,416 | ---- | M] () [Auto | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [Auto | Running] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)

========== Driver Services (SafeList) ==========

DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 03:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/23 04:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/18 17:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/15 06:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/10 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 15:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 11:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/06 00:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 12:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/news/Burger-King-revamps-coffee-apf-1119327906.html?x=0&.v=6|https://www.facebook.com/home.php?|http://excite.com/|https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {a2adbb75-0c40-1c3b-68b2-6de799200d52}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {776A7CC0-E1A0-4E46-982C-88A8754E5100}:1.9.1
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-b3EH\n&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 08:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/19 22:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/11 18:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/12/11 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/12/11 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/19 22:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions
[2009/11/30 19:02:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/11 18:42:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/07 10:53:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\engine@conduit.com
[2010/01/23 22:28:20 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\bing-ff.xml
[2008/06/23 14:55:06 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\wikipedia.xml
[2011/10/19 23:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/07 18:30:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/01 14:54:22 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}
[2010/02/01 14:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}.del
[2010/12/05 11:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/19 23:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2007/02/28 12:36:51 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010/02/14 01:36:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/03/08 22:33:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 08:18:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/03/05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 10:52:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

O1 HOSTS File: ([2011/10/28 19:17:14 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201B7D01-482D-4862-846E-44904AD96B73}: DhcpNameServer = 10.10.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/13 04:37:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 12:45:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2011/11/13 22:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/28 19:15:35 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\WinsockxpFix.exe
[2011/10/27 15:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/27 14:58:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/27 14:58:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/27 14:58:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/27 14:58:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/27 14:55:26 | 004,274,802 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/10/25 14:45:12 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/10/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/10/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/10/24 02:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Kaspersky
[2011/10/24 02:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2011/10/22 14:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\pics
[2011/10/21 13:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/21 13:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\eset
[2011/10/21 13:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SysProt
[2011/10/20 21:57:32 | 000,467,028 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2011/10/20 20:45:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 15:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/20 00:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Java
[2011/10/19 20:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/18 19:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 12:45:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2011/11/14 12:37:23 | 000,000,203 | ---- | M] () -- C:\WINDOWS\System32\mhncache.dat
[2011/11/14 11:56:36 | 000,324,319 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/11/14 10:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/11/14 00:46:19 | 000,000,336 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/11/13 22:55:35 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/11/13 22:53:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/11/13 22:35:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 22:35:00 | 1072,152,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 22:34:11 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:33:40 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.CDF
[2011/11/13 22:33:40 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.BAK
[2011/11/10 16:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/09 13:36:12 | 000,465,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/09 13:36:12 | 000,080,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/02 22:10:28 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\look.bat
[2011/11/02 13:13:10 | 000,380,805 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2011/10/28 19:17:14 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/28 19:15:32 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\WinsockxpFix.exe
[2011/10/27 15:22:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/10/27 14:55:18 | 004,274,802 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/10/25 14:37:24 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/10/25 14:37:00 | 000,147,832 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\profiles.exe
[2011/10/24 02:41:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/20 15:16:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/20 00:37:44 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 00:06:56 | 048,324,552 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/10/19 22:40:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/19 14:32:56 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/10/19 12:56:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/19 12:55:49 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/18 15:32:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 11:56:46 | 000,324,319 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/11/09 13:29:09 | 1072,152,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/02 22:10:25 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\look.bat
[2011/11/02 13:13:19 | 000,380,805 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2011/10/27 14:58:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/27 14:58:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/27 14:58:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/27 14:58:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/27 14:58:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/25 14:44:39 | 000,147,832 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\profiles.exe
[2011/10/19 22:40:42 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 22:40:42 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/19 14:32:43 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/10/18 15:32:21 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2010/12/01 18:45:43 | 000,000,203 | ---- | C] () -- C:\WINDOWS\System32\mhncache.dat
[2010/11/03 20:19:53 | 000,000,421 | ---- | C] () -- C:\WINDOWS\DeDup.ini
[2010/09/28 13:08:21 | 000,000,336 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/03/09 14:29:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/08 19:43:50 | 048,324,552 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2010/03/08 15:44:02 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2010/02/05 17:07:27 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/23 22:30:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vfidag.dat
[2010/01/23 22:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoneciduwaton.bin
[2009/07/08 10:58:18 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/08 09:07:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/05/21 18:11:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/24 10:27:08 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/17 13:19:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/03/28 20:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/24 13:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/02 12:17:44 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/08/30 14:20:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/17 17:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2007/05/14 10:59:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/09/01 17:38:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\FWWipeALL.dll
[2006/08/11 23:57:12 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/11 23:56:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/11 23:56:51 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/05/13 21:20:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/13 19:38:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/27 21:02:50 | 000,005,717 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2006/04/27 21:02:28 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/03/14 18:14:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/02/27 22:58:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/12 16:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/12 16:14:13 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/12 16:14:06 | 000,003,892 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/27 11:16:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/01/27 11:12:31 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/13 04:56:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/13 04:39:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/01/13 04:39:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/01/13 04:24:05 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/01/13 04:24:05 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/01/13 04:18:40 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/13 04:18:40 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/13 04:16:33 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/13 04:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/13 04:15:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/13 04:12:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/13 03:59:45 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/12 17:39:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/12 17:39:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/12 17:39:23 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/12 17:39:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/12 17:39:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/12 17:38:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/12 17:38:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/12 17:38:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/12 17:38:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dwwin.exe
[2006/01/12 17:37:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 17:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 17:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/08/02 17:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 17:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 17:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/07/02 15:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 15:34:10 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 15:28:10 | 000,465,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 15:28:10 | 000,080,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/02/26 14:31:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/01/28 19:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 19:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 07:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/05/16 20:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/05/14 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/06 12:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/12/06 11:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2007/08/30 10:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/05 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/02/06 12:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/16 20:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
[2008/01/29 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/01/29 17:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/02/14 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2007/09/07 10:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/03/30 19:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/09/28 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/06 12:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/11 20:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/05/31 08:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2011/11/13 22:53:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2011/11/14 10:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: NETBT.SYS >
[2004/08/10 00:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\netbt.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

I'll check back for further instructions.

Thanks,

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 6:27 pm

Hello.
Good, there is a copy there, we can replace it and get the services restarted soon, just gathering as much info as possible about it right now.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
FCopy:: C:\WINDOWS\$NtServicePackUninstall$\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 7:19 pm

Following is log from current ComboFix, with Script:

ComboFix 11-11-14.02 - HP_Administrator 11/14/2011 13:46:47.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.450 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
.
.
--------------- FCopy ---------------f
.
c:\windows\$NtServicePackUninstall$\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 18:46 . 2004-08-10 05:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-14 18:46 . 2004-08-10 05:00 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2011-11-14 03:29 . 2011-11-14 03:33 -------- d-----w- c:\windows\system32\NtmsData
2011-10-25 19:35 . 2011-10-25 19:35 -------- d-----w- c:\program files\7-Zip
2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\program files\ESET
2011-10-21 02:57 . 2008-06-27 21:24 467028 ----a-w- c:\windows\system32\acs.exe
2011-10-19 00:37 . 2011-10-19 00:37 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 17:56 . 2010-11-30 06:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 09:06 . 2010-12-05 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-02-14 06:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-01-12 22:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-01-12 22:39 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-01-12 22:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-01-12 22:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-11-30 06:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-01-13 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-01-12 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-01-12 22:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-01-12 22:38 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-01-12 22:37 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 13:18 . 2011-05-07 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-06-09 23:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-03-05 22:08 . 2009-05-17 01:17 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"nwiz"="nwiz.exe" [2007-08-28 1626112]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-09-28 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CaSup.lnk - c:\hp\region\CustAtStartUp.wsf [N/A]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-2-26 323584]
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-11-6 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\aswMBR.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 4:15 AM 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/8/2010 4:36 PM 96256]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-11-14 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
2011-11-14 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-14 14:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-14 14:09:01
ComboFix-quarantined-files.txt 2011-11-14 19:08
ComboFix2.txt 2011-10-27 20:29
ComboFix3.txt 2011-10-25 20:56
ComboFix4.txt 2011-10-21 03:49
ComboFix5.txt 2011-11-14 18:44
.
Pre-Run: 121,972,133,888 bytes free
Post-Run: 121,955,913,728 bytes free
.
- - End Of File - - 2E1FF050F821F4D247C70F2BB204A9A3

I will wait for next steps. Thanks,

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 8:49 pm

Okay before we get the stopped services running again, I want 1 more piece of information.

Please create a folder on your Desktop called SWReg.

Download SWReg.exe from here.
Save SWReg.exe inside the SWReg folder you just created.

Do not run SWReg.exe just yet.

Now open a new Notepad file, and input this into the Notepad file:

@echo off
swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT" /s >> log.txt
swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP" /s >> log.txt
start notepad log.txt
Save this as SWReg.bat, save it inside the SWReg folder as well.
Make sure both SWReg.exe and SWReg.bat as located next to each other for this to work.
Now, double click on SWReg.bat to run the script.
Once done, a Notepad log file will open, copy and paste that log back here.

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 9:02 pm

Again, done! Following is the log:

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt
Type REG_DWORD 1 (0x1)
Start REG_DWORD 1 (0x1)
ErrorControl REG_DWORD 1 (0x1)
Tag REG_DWORD 5 (0x5)
ImagePath REG_EXPAND_SZ system32\DRIVERS\netbt.sys
DisplayName REG_SZ NetBios over Tcpip
Group REG_SZ PNP_TDI
DependOnService REG_MULTI_SZ Tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ NetBios over Tcpip

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Linkage
OtherDependencies REG_MULTI_SZ Tcpip\0\0
Bind REG_MULTI_SZ \Device\Tcpip_{C72A36E4-3E1C-4AFE-896F-6225AD450C02}\0\Device\Tcpip_{B3C73173-0762-4B81-9895-C2EDEC4748B4}\0\Device\Tcpip_{5B74AE0B-EA56-4AB7-8C7F-58D808595B8A}\0\Device\Tcpip_{56B6407D-44C7-475D-9CF5-2E61B6417829}\0\Device\Tcpip_{201B7D01-482D-4862-846E-44904AD96B73}\0\Device\Tcpip_{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\0\Device\Tcpip_{806D2A77-DA02-437A-8697-82CEA873675A}\0\Device\Tcpip_{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\0\0
Route REG_MULTI_SZ "Tcpip" "{C72A36E4-3E1C-4AFE-896F-6225AD450C02}"\0"Tcpip" "{B3C73173-0762-4B81-9895-C2EDEC4748B4}"\0"Tcpip" "{5B74AE0B-EA56-4AB7-8C7F-58D808595B8A}"\0"Tcpip" "{56B6407D-44C7-475D-9CF5-2E61B6417829}"\0"Tcpip" "{201B7D01-482D-4862-846E-44904AD96B73}"\0"Tcpip" "{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}"\0"Tcpip" "NdisWanIp"\0\0
Export REG_MULTI_SZ \Device\NetBT_Tcpip_{C72A36E4-3E1C-4AFE-896F-6225AD450C02}\0\Device\NetBT_Tcpip_{B3C73173-0762-4B81-9895-C2EDEC4748B4}\0\Device\NetBT_Tcpip_{5B74AE0B-EA56-4AB7-8C7F-58D808595B8A}\0\Device\NetBT_Tcpip_{56B6407D-44C7-475D-9CF5-2E61B6417829}\0\Device\NetBT_Tcpip_{201B7D01-482D-4862-846E-44904AD96B73}\0\Device\NetBT_Tcpip_{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\0\Device\NetBT_Tcpip_{806D2A77-DA02-437A-8697-82CEA873675A}\0\Device\NetBT_Tcpip_{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters
NbProvider REG_SZ _tcp
NameServerPort REG_DWORD 137 (0x89)
CacheTimeout REG_DWORD 600000 (0x927c0)
BcastNameQueryCount REG_DWORD 3 (0x3)
BcastQueryTimeout REG_DWORD 750 (0x2ee)
NameSrvQueryCount REG_DWORD 3 (0x3)
NameSrvQueryTimeout REG_DWORD 1500 (0x5dc)
Size/Small/Medium/Large REG_DWORD 1 (0x1)
SessionKeepAlive REG_DWORD 3600000 (0x36ee80)
TransportBindName REG_SZ \Device\
DhcpNodeType REG_DWORD 8 (0x8)
EnableProxy REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{201B7D01-482D-4862-846E-44904AD96B73}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{56B6407D-44C7-475D-9CF5-2E61B6417829}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{5AB0B083-40AF-4683-96A9-1B28EF6F403D}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{5B74AE0B-EA56-4AB7-8C7F-58D808595B8A}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{806D2A77-DA02-437A-8697-82CEA873675A}
NameServerList REG_MULTI_SZ \0\0
RASFlags REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{B3C73173-0762-4B81-9895-C2EDEC4748B4}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{C72A36E4-3E1C-4AFE-896F-6225AD450C02}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Security
Security REG_BINARY 01001480e8000000f4000000140000003000000002001c000100000002801400ff010f000101000000000001000000000200b80008000000000014008d01020001010000000000050b000000000018009d0102000102000000000005200000002302000000001800ff010f000102000000000005200000002002000000001800ff010f000102000000000005200000002502000000001400fd01020001010000000000051200000000001400400000000101000000000005130000000000140040000000010100000000000514000000000018009d0102000102000000000005200000002c020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum
0 REG_SZ Root\LEGACY_NETBT\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)
INITSTARTFAILED REG_DWORD 1 (0x1)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp
Type REG_DWORD 32 (0x20)
Start REG_DWORD 2 (0x2)
ErrorControl REG_DWORD 1 (0x1)
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ DHCP Client
Group REG_SZ TDI
DependOnService REG_MULTI_SZ Tcpip\0Afd\0NetBT\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Manages network configuration by registering and updating IP addresses and DNS names.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Configurations
Options REG_BINARY 32000000000000000400000000000000ffffff7f0000000001000000000000000400000000000000ffffff7f00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Linkage

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Linkage\Disabled

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dhcpcsvc.dll
{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37} REG_BINARY 0f000000000000000f00000000000000bd37c6427367742e637071636f72702e6e65740001000000000000000400000000000000bd37c642fffffc0033000000000000000400000000000000bd37c6420000025836000000000000000400000000000000bd37c6420a01010135000000000000000100000000000000bd37c64205000000
{201B7D01-482D-4862-846E-44904AD96B73} REG_BINARY 06000000000000000400000000000000711720420a0a050a03000000000000000400000000000000711720420a0a050a0100000000000000040000000000000071172042ffffff00330000000000000004000000000000007117204200000e1036000000000000000400000000000000711720420a0a0508350000000000000001000000000000007117204205000000
{B3C73173-0762-4B81-9895-C2EDEC4748B4} REG_BINARY 0600000000000000000000000000000007cf7a4b0300000000000000000000000000000007cf7a4b3300000000000000000000000000000007cf7a4b3b00000000000000000000000000000007cf7a4b3a00000000000000000000000000000007cf7a4b0100000000000000000000000000000007cf7a4b3600000000000000000000000000000007cf7a4b3500000000000000000000000000000007cf7a4b
{C72A36E4-3E1C-4AFE-896F-6225AD450C02} REG_BINARY 060000000000000004000000000000007263a44ec0a80101030000000000000004000000000000007263a44ec0a80101010000000000000004000000000000007263a44effffff00330000000000000004000000000000007263a44e00015180360000000000000004000000000000007263a44ec0a80101350000000000000001000000000000007263a44e05000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\1
KeyType REG_DWORD 7 (0x7)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpSubnetMaskOpt\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpSubnetMaskOpt\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\15
KeyType REG_DWORD 1 (0x1)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpDomain\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\220
KeyType REG_DWORD 3 (0x3)
VendorType REG_DWORD 1 (0x1)
RegSendLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\3
KeyType REG_DWORD 7 (0x7)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDefaultGateway\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpDefaultGateway\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\44
KeyType REG_DWORD 1 (0x1)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList\0SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\46
KeyType REG_DWORD 4 (0x4)
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\47
KeyType REG_DWORD 1 (0x1)
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\6
KeyType REG_DWORD 1 (0x1)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\DhcpNetbiosOptions
KeyType REG_DWORD 4 (0x4)
OptionId REG_DWORD 1 (0x1)
VendorType REG_DWORD 1 (0x1)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNetbiosOptions\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Security
Security REG_BINARY 01001480900000009c000000140000003000000002001c000100000002801400ff010f000101000000000001000000000200600004000000000014008d01020001010000000000050b00000000001800fd0102000102000000000005200000002c02000000001800ff010f000102000000000005200000002002000000001400fd010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Enum
0 REG_SZ Root\LEGACY_DHCP\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

I'll check back for next instructions.

Thanks,

Patricia

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 9:46 pm

Okay sweet.

Click Start > Run. Type in services.msc.

Look in the list for DHCP Client, when you find it, double click it, what does it say next to Service Status? Started or stopped?

TR/Kazy infection-OTL.txt/ addl logs in addl posts

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts22nd October 2011, 1:55 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts22nd October 2011, 6:02 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts24th October 2011, 9:15 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts24th October 2011, 10:13 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 2:02 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 6:56 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 7:07 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 7:56 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 7:58 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 10:45 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts25th October 2011, 11:50 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts26th October 2011, 1:07 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts26th October 2011, 11:36 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts27th October 2011, 1:09 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts27th October 2011, 2:37 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts27th October 2011, 7:21 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts27th October 2011, 9:05 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts28th October 2011, 3:00 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts28th October 2011, 4:50 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts28th October 2011, 11:15 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts29th October 2011, 12:32 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts31st October 2011, 1:21 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts31st October 2011, 7:43 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts2nd November 2011, 4:54 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts2nd November 2011, 5:45 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts2nd November 2011, 6:20 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts3rd November 2011, 1:58 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts3rd November 2011, 2:17 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts3rd November 2011, 2:22 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts3rd November 2011, 3:14 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts8th November 2011, 2:17 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts9th November 2011, 12:57 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts9th November 2011, 1:11 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts12th November 2011, 6:14 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 12:16 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 12:37 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 2:19 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 3:08 am

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 4:06 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 4:58 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 5:02 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 5:11 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 5:12 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 5:16 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 6:13 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 6:27 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 7:19 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 8:49 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 9:02 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts14th November 2011, 9:46 pm

descriptionRe: TR/Kazy infection-OTL.txt/ addl logs in addl posts