Author Topic: [Resolved] paladium security has taken over. cant update windows... (Read 3045 times)

32skidoo · « **on:** February 09, 2011, 12:21:59 PM »

I just got a laptop from a friend and it has this palladium security thing that comes up at startup. If I stop the process and run explorer.exe i can use the laptop almost normally except i get some pop ups and redirections. there are questionable programs on here like a "babylon" search thing.Anyway I tried to download the windows malicious software removal tool and when i tried to run the program i got an error that said kb 890830-v3.16.exe is not a valid win32 application.I ran ATF and OTL and saved a log(AUMHA told me to do this but I figured I may get a faster response on this site). I did a windows update and updated java. here is the hijack this log;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:54 PM, on 09/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Alex & Debbie\Application Data\dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Alex & Debbie\Application Data\Microsoft\conhost.exe
C:\WINDOWS\system32\NMSAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ALEX&D~1\LOCALS~1\Temp\csrss.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\Eporab.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Documents and Settings\Alex & Debbie\Application Data\SystemProc\lsass.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Alex & Debbie\Application Data\Marvell Lan Driver2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Install Manager\in.stallmanager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/23
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:60283
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\DOCUME~1\ALEX&D~1\LOCALS~1\Temp\csrss.exe
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gruhuqos] rundll32.exe "C:\WINDOWS\efujasuqeboqut.dll",Startup
O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\Alex & Debbie\Application Data\Microsoft\conhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
O4 - HKCU\..\Run: [explorer update] C:\Documents and Settings\Alex & Debbie\Desktop\update.exe
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\ALEX&D~1\LOCALS~1\Temp\Enx.exe
O4 - HKCU\..\Run: [Qzacititefedah] rundll32.exe "C:\WINDOWS\xmslav.dll",Startup
O4 - HKCU\..\Run: [Marvell LAN Driver2] "C:\Documents and Settings\Alex & Debbie\Application Data\Marvell Lan Driver2.exe"
O4 - HKCU\..\Run: [dl6.exe] C:\Documents and Settings\Alex & Debbie\Desktop\dl6.exe
O4 - HKCU\..\Run: [fTdjB.exe] C:\Documents and Settings\Alex & Debbie\Local Settings\Temp\fTdjB.exe
O4 - HKCU\..\Run: [CTF Products Updater] rundll32.exe "C:\DOCUME~1\ALEX&D~1\LOCALS~1\Temp\winbdm.dll", DepCmd
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Alex & Debbie\Application Data\SystemProc\lsass.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: In'stall Manager.lnk = C:\Program Files\Install Manager\in.stallmanager.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1297212663703
O20 - AppInit_DLLs: C:\WINDOWS\system32\winphost.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\WINDOWS\system32\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10613 bytes

1972vet · « **Reply #1 on:** February 09, 2011, 01:03:16 PM »

Greetings 32skidoo and Welcome to our Forums,

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

32skidoo · « **Reply #2 on:** February 09, 2011, 02:03:30 PM »

There was nothing fo2011/02/09 14:00:28.0093 2500   TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/09 14:00:28.0359 2500   ================================================================================
2011/02/09 14:00:28.0359 2500   SystemInfo:
2011/02/09 14:00:28.0359 2500
2011/02/09 14:00:28.0359 2500   OS Version: 5.1.2600 ServicePack: 3.0
2011/02/09 14:00:28.0359 2500   Product type: Workstation
2011/02/09 14:00:28.0359 2500   ComputerName: D32K5JC1
2011/02/09 14:00:28.0359 2500   UserName: Alex & Debbie
2011/02/09 14:00:28.0359 2500   Windows directory: C:\WINDOWS
2011/02/09 14:00:28.0359 2500   System windows directory: C:\WINDOWS
2011/02/09 14:00:28.0359 2500   Processor architecture: Intel x86
2011/02/09 14:00:28.0359 2500   Number of processors: 2
2011/02/09 14:00:28.0359 2500   Page size: 0x1000
2011/02/09 14:00:28.0359 2500   Boot type: Normal boot
2011/02/09 14:00:28.0359 2500   ================================================================================
2011/02/09 14:00:28.0765 2500   Initialize success
2011/02/09 14:00:35.0984 4408   ================================================================================
2011/02/09 14:00:35.0984 4408   Scan started
2011/02/09 14:00:35.0984 4408   Mode: Manual;
2011/02/09 14:00:35.0984 4408   ================================================================================
2011/02/09 14:00:38.0234 4408   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/09 14:00:38.0296 4408   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/09 14:00:38.0328 4408   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/09 14:00:38.0390 4408   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/09 14:00:38.0468 4408   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/09 14:00:38.0546 4408   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/09 14:00:38.0687 4408   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/09 14:00:38.0750 4408   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/09 14:00:38.0796 4408   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/09 14:00:38.0828 4408   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/09 14:00:38.0875 4408   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/09 14:00:38.0953 4408   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/09 14:00:38.0968 4408   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/09 14:00:39.0015 4408   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/09 14:00:39.0046 4408   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/09 14:00:39.0109 4408   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/09 14:00:39.0140 4408   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/09 14:00:39.0171 4408   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/09 14:00:39.0250 4408   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/09 14:00:39.0312 4408   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/09 14:00:39.0468 4408   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/09 14:00:39.0546 4408   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/09 14:00:39.0703 4408   BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/02/09 14:00:39.0812 4408   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/09 14:00:40.0015 4408   btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
2011/02/09 14:00:40.0078 4408   BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/02/09 14:00:40.0218 4408   BTKRNL (b4355289cb2ebcc91ae995f916d271b7) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/02/09 14:00:40.0578 4408   BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/02/09 14:00:40.0921 4408   btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/02/09 14:00:41.0078 4408   BTWUSB (fac7e5965162c70d184dfe92b4bcbd1b) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/02/09 14:00:41.0140 4408   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/09 14:00:41.0187 4408   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/09 14:00:41.0250 4408   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/09 14:00:41.0281 4408   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/09 14:00:41.0375 4408   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/09 14:00:41.0546 4408   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/09 14:00:41.0578 4408   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/09 14:00:41.0718 4408   CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/09 14:00:41.0796 4408   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/09 14:00:41.0875 4408   Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/09 14:00:41.0921 4408   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/09 14:00:41.0968 4408   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/09 14:00:42.0031 4408   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/09 14:00:42.0109 4408   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/09 14:00:42.0281 4408   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/09 14:00:42.0359 4408   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/09 14:00:42.0406 4408   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/09 14:00:42.0593 4408   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/09 14:00:42.0703 4408   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/09 14:00:42.0796 4408   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/09 14:00:43.0062 4408   EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
2011/02/09 14:00:43.0265 4408   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/09 14:00:43.0578 4408   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/09 14:00:43.0625 4408   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/09 14:00:43.0640 4408   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/09 14:00:43.0687 4408   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/09 14:00:43.0781 4408   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/09 14:00:43.0875 4408   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/09 14:00:43.0968 4408   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/09 14:00:44.0171 4408   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/09 14:00:44.0218 4408   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/09 14:00:44.0296 4408   hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/09 14:00:44.0343 4408   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/09 14:00:44.0437 4408   HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/09 14:00:44.0500 4408   HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/09 14:00:44.0531 4408   HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/09 14:00:44.0687 4408   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/09 14:00:44.0796 4408   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/09 14:00:44.0843 4408   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/09 14:00:44.0906 4408   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/09 14:00:45.0281 4408   igd (07209716c18ee9fdffa114152917bb7b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/02/09 14:00:45.0765 4408   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/09 14:00:45.0906 4408   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/09 14:00:46.0250 4408   IntcAzAudAddService (3fd00a073361937b705822775255d4e0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/09 14:00:46.0703 4408   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/09 14:00:46.0781 4408   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/09 14:00:46.0843 4408   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/09 14:00:46.0875 4408   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/09 14:00:46.0937 4408   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/09 14:00:47.0015 4408   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/09 14:00:47.0062 4408   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/09 14:00:47.0093 4408   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/09 14:00:47.0140 4408   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/09 14:00:47.0312 4408   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/09 14:00:47.0390 4408   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/09 14:00:47.0562 4408   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/09 14:00:47.0687 4408   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/09 14:00:47.0812 4408   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/09 14:00:47.0859 4408   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/09 14:00:47.0937 4408   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/09 14:00:48.0000 4408   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/09 14:00:48.0062 4408   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/09 14:00:48.0140 4408   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/09 14:00:48.0234 4408   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/09 14:00:48.0312 4408   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/09 14:00:48.0375 4408   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/09 14:00:48.0468 4408   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/09 14:00:48.0531 4408   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/09 14:00:48.0656 4408   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/09 14:00:48.0968 4408   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/09 14:00:49.0203 4408   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/09 14:00:49.0343 4408   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/09 14:00:49.0453 4408   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/09 14:00:49.0531 4408   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/09 14:00:49.0640 4408   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/09 14:00:49.0718 4408   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/09 14:00:49.0781 4408   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/09 14:00:49.0875 4408   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/09 14:00:49.0984 4408   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/09 14:00:50.0109 4408   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/09 14:00:50.0156 4408   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/09 14:00:50.0281 4408   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/09 14:00:50.0421 4408   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/09 14:00:50.0578 4408   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/09 14:00:50.0640 4408   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/09 14:00:50.0703 4408   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/09 14:00:50.0796 4408   OA004Afx (ec528056b89d15755abb624e55949e44) C:\WINDOWS\system32\Drivers\OA004Afx.sys
2011/02/09 14:00:50.0859 4408   OA004Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\WINDOWS\system32\DRIVERS\OA004Ufd.sys
2011/02/09 14:00:50.0953 4408   OA004Vid (12a4366ff51befbdf018f654ff8b22b8) C:\WINDOWS\system32\DRIVERS\OA004Vid.sys
2011/02/09 14:00:51.0062 4408   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/09 14:00:51.0203 4408   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/09 14:00:51.0250 4408   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/09 14:00:51.0437 4408   PCD5SRVC{3F6A8B78-EC003E00-05040000} (75b81fdd2073157ebcc0ee38c4afc2b4) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
2011/02/09 14:00:51.0671 4408   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/09 14:00:51.0781 4408   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/09 14:00:51.0875 4408   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/09 14:00:52.0171 4408   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/09 14:00:52.0203 4408   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/09 14:00:52.0328 4408   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/09 14:00:52.0562 4408   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/09 14:00:52.0593 4408   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/09 14:00:52.0625 4408   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/09 14:00:52.0656 4408   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/09 14:00:52.0718 4408   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/09 14:00:52.0765 4408   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/09 14:00:52.0812 4408   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/09 14:00:52.0859 4408   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/09 14:00:52.0968 4408   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/09 14:00:53.0031 4408   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/09 14:00:53.0078 4408   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/09 14:00:53.0140 4408   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/09 14:00:53.0203 4408   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/09 14:00:53.0281 4408   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/09 14:00:53.0421 4408   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/09 14:00:53.0515 4408   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/09 14:00:53.0625 4408   RSUSBSTOR (a7557caa7253de02b40996ef9a478fab) C:\WINDOWS\system32\Drivers\RTS5121.sys
2011/02/09 14:00:53.0734 4408   RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/02/09 14:00:53.0828 4408   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/09 14:00:53.0968 4408   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/09 14:00:54.0062 4408   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/09 14:00:54.0156 4408   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/09 14:00:54.0218 4408   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/09 14:00:54.0281 4408   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/09 14:00:54.0359 4408   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/09 14:00:54.0468 4408   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/09 14:00:54.0671 4408   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/09 14:00:54.0812 4408   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/09 14:00:55.0031 4408   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/09 14:00:55.0218 4408   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/09 14:00:55.0328 4408   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/09 14:00:55.0484 4408   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/09 14:00:55.0515 4408   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/09 14:00:55.0593 4408   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/09 14:00:55.0671 4408   SynTP (14dfbfe8d27933cd3901e922b234c329) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/09 14:00:55.0734 4408   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/09 14:00:55.0843 4408   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/09 14:00:55.0921 4408   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/09 14:00:56.0031 4408   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/09 14:00:56.0109 4408   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/09 14:00:56.0187 4408   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/09 14:00:56.0265 4408   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/09 14:00:56.0343 4408   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/09 14:00:56.0421 4408   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/09 14:00:56.0546 4408   USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/09 14:00:56.0703 4408   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/09 14:00:56.0750 4408   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/09 14:00:56.0828 4408   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/09 14:00:56.0921 4408   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/09 14:00:56.0968 4408   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/09 14:00:57.0125 4408   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/09 14:00:57.0218 4408   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/09 14:00:57.0296 4408   usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/09 14:00:57.0390 4408   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/09 14:00:57.0484 4408   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/09 14:00:57.0625 4408   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/09 14:00:57.0671 4408   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/09 14:00:57.0734 4408   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/09 14:00:57.0843 4408   Wdf01000 (e8fa4dcfd33071aa703bec19c3bb625e) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/02/09 14:00:57.0968 4408   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/09 14:00:58.0250 4408   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/09 14:00:58.0343 4408   ================================================================================
2011/02/09 14:00:58.0343 4408   Scan finished
2011/02/09 14:00:58.0343 4408   ================================================================================
und on th scan. Here is the log

1972vet · « **Reply #3 on:** February 09, 2011, 02:17:45 PM »

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.

Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine

Double click dds.scr to run the tool...When it completes, DDS will open two (2) logs:

DDS.txt
Attach.txt

Save both reports to your desktop.

Next, please download Rootkit Unhooker and save it on your desktop.

Security programs must be disabled
Double click RKUnhookerLE.exe to run it For Windows Vista, right-click and select "Run as administrator"
Click the Report tab, then click Scan
Check Drivers and Stealth Code,
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning, it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please remember to include the following logs in your next reply.

DDS.txt
Attach.txt
RKU Report

32skidoo · « **Reply #4 on:** February 09, 2011, 02:54:58 PM »

I cant access the rootkit link you provided. I also tried from another uninfected computer and no go. Here are the other logs you requsted.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Alex & Debbie at 14:30:31.04 on 09/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.242 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Alex & Debbie\Application Data\dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Alex & Debbie\Application Data\Microsoft\conhost.exe
C:\WINDOWS\system32\NMSAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Alex & Debbie\Application Data\Marvell Lan Driver2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Install Manager\in.stallmanager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Eporab.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Alex & Debbie\Local Settings\Temporary Internet Files\Content.IE5\GIX7JO79\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home
uSearch Page = hxxp://www.live.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:60283
uWinlogon: Shell=explorer.exe,c:\documents and settings\alex & debbie\application data\dwm.exe
uWindows: Load=c:\docume~1\alex&d~1\locals~1\temp\csrss.exe
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode
uRun: [explorer update] c:\documents and settings\alex & debbie\desktop\update.exe
uRun: [JP595IR86O] c:\docume~1\alex&d~1\locals~1\temp\Enx.exe
uRun: [Qzacititefedah] rundll32.exe "c:\windows\xmslav.dll",Startup
uRun: [Marvell LAN Driver2] "c:\documents and settings\alex & debbie\application data\Marvell Lan Driver2.exe"
uRun: [dl6.exe] c:\documents and settings\alex & debbie\desktop\dl6.exe
uRun: [fTdjB.exe] c:\documents and settings\alex & debbie\local settings\temp\fTdjB.exe
uRun: [CTF Products Updater] rundll32.exe "c:\docume~1\alex&d~1\locals~1\temp\winbdm.dll", DepCmd
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Gruhuqos] rundll32.exe "c:\windows\efujasuqeboqut.dll",Startup
mRun: [conhost] c:\documents and settings\alex & debbie\application data\microsoft\conhost.exe
mExplorerRun: [RTHDBPL] c:\documents and settings\alex & debbie\application data\systemproc\lsass.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\in'sta~1.lnk - c:\program files\install manager\in.stallmanager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1297212663703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\windows\system32\winphost.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-3-6 14248]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-3-6 5088480]
R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [2009-3-6 148056]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2009-3-6 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2009-3-6 269760]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-3-6 158720]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-7-25 22240]

=============== Created Last 30 ================

2011-02-09 18:09:01   388096   ----a-r-   c:\docume~1\alex&d~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-09 18:08:59   --------   d-----w-   c:\program files\Trend Micro
2011-02-09 17:30:37   --------   d-----w-   c:\docume~1\alex&d~1\locals~1\applic~1\Temp
2011-02-09 02:44:10   227840   ----a-w-   c:\docume~1\alex&d~1\applic~1\PaX0FWHOq.exe
2011-02-09 02:44:10   185   ----a-w-   c:\docume~1\alex&d~1\applic~1\2073.bat
2011-02-09 00:37:18   --------   d-sh--w-   c:\documents and settings\alex & debbie\IECompatCache
2011-02-09 00:33:32   --------   d-sh--w-   c:\documents and settings\alex & debbie\PrivacIE
2011-02-09 00:29:26   --------   d-sh--w-   c:\documents and settings\alex & debbie\IETldCache
2011-02-09 00:24:23   7680   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2011-02-09 00:23:48   --------   d-----w-   c:\windows\ie8updates
2011-02-09 00:22:44   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2011-02-09 00:22:42   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2011-02-09 00:22:42   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2011-02-09 00:19:16   --------   dc-h--w-   c:\windows\ie8
2011-02-09 00:09:55   179   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_4212312.bat
2011-02-08 23:56:51   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-26 13:44:06   126   ----a-w-   c:\docume~1\alex&d~1\applic~1\asdfasfas.bat
2011-01-26 13:44:05   541696   ----a-w-   c:\docume~1\alex&d~1\applic~1\palladium.exe
2011-01-26 13:27:28   139   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_340625.bat
2011-01-26 13:22:51   179   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_63250.bat
2011-01-25 14:07:03   181   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_770857859.bat
2011-01-25 14:07:02   207   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_770856796.bat
2011-01-25 14:06:51   219   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_770846156.bat
2011-01-25 14:06:39   179200   ------w-   c:\docume~1\alex&d~1\applic~1\dwmu.exe
2011-01-25 14:06:26   139   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_770820906.bat
2011-01-25 14:06:03   207   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_770797734.bat
2011-01-21 14:44:37   439296   -c----w-   c:\windows\system32\dllcache\shimgvw.dll
2011-01-16 17:19:58   137   ----a-w-   c:\docume~1\alex&d~1\applic~1\microsoft\gb_4833578.bat
2011-01-16 17:19:15   195072   ----a-w-   c:\docume~1\alex&d~1\applic~1\dwm.exe
2011-01-16 17:19:12   179200   ------w-   c:\docume~1\alex&d~1\applic~1\microsoft\windows\shell.exe
2011-01-16 17:17:18   35840   ----a-w-   c:\windows\system32\winphost.dll
2011-01-16 16:29:16   0   ----a-w-   c:\windows\system32\ConduitEngine.tmp
2011-01-16 16:27:36   --------   d-----w-   c:\program files\AutocompletePro
2011-01-16 16:03:27   --------   d-----w-   c:\program files\Install Manager
2011-01-16 16:02:49   217088   ----a-w-   c:\windows\Eporab.exe
2011-01-16 14:35:55   --------   d-sh--w-   c:\docume~1\alex&d~1\applic~1\SystemProc

==================== Find3M ====================

2011-02-09 18:03:54   0   ----a-w-   c:\windows\Tnikuvogepuwidog.bin
2011-01-21 14:44:37   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-07 13:32:05   229888   ----a-w-   c:\windows\Eporaa.exe
2011-01-07 13:32:02   310784   ----a-w-   c:\windows\system32\sshnas21.dll
2011-01-07 13:31:26   24576   ---h--w-   c:\docume~1\alex&d~1\applic~1\Marvell Lan Driver2.exe
2010-12-31 13:14:45   1864064   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34:28   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 17:26:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-09 14:30:22   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-11-18 18:12:44   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-12 22:34:10   73728   ----a-w-   c:\windows\system32\javacpl.cpl

============= FINISH: 14:31:48.21 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 04/04/2009 7:16:53 AM
System Uptime: 09/02/2011 1:30:04 PM (1 hours ago)

Motherboard: Dell Inc. | | 0X605H
Processor: Intel(R) Atom(TM) CPU Z530 @ 1.60GHz | U3E1 | 1595/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 65 GiB total, 50.767 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP295: 09/07/2010 9:18:45 PM - Software Distribution Service 3.0
RP296: 10/07/2010 7:10:16 AM - Software Distribution Service 3.0
RP297: 13/07/2010 1:01:31 PM - Software Distribution Service 3.0
RP298: 13/07/2010 3:44:14 PM - Software Distribution Service 3.0
RP299: 16/07/2010 6:11:10 AM - Software Distribution Service 3.0
RP300: 17/07/2010 7:35:01 AM - Software Distribution Service 3.0
RP301: 20/07/2010 6:04:03 AM - Software Distribution Service 3.0
RP302: 21/07/2010 4:59:59 AM - Software Distribution Service 3.0
RP303: 22/07/2010 6:19:58 AM - Software Distribution Service 3.0
RP304: 23/07/2010 7:07:29 AM - Software Distribution Service 3.0
RP305: 23/07/2010 7:32:56 AM - Software Distribution Service 3.0
RP306: 23/07/2010 3:29:40 PM - Software Distribution Service 3.0
RP307: 29/07/2010 9:30:42 PM - Software Distribution Service 3.0
RP308: 30/07/2010 8:46:52 AM - Software Distribution Service 3.0
RP309: 31/07/2010 7:58:19 AM - Software Distribution Service 3.0
RP310: 01/08/2010 6:39:46 AM - Software Distribution Service 3.0
RP311: 11/08/2010 8:06:16 AM - Software Distribution Service 3.0
RP312: 13/08/2010 6:23:13 AM - Software Distribution Service 3.0
RP313: 14/08/2010 9:48:13 AM - Software Distribution Service 3.0
RP314: 15/08/2010 11:40:02 AM - Software Distribution Service 3.0
RP315: 16/08/2010 7:34:32 AM - Software Distribution Service 3.0
RP316: 17/08/2010 6:44:33 AM - Software Distribution Service 3.0
RP317: 18/08/2010 7:06:25 AM - Software Distribution Service 3.0
RP318: 19/08/2010 1:09:28 PM - Software Distribution Service 3.0
RP319: 20/08/2010 9:39:23 AM - Software Distribution Service 3.0
RP320: 22/08/2010 5:41:14 AM - Software Distribution Service 3.0
RP321: 23/08/2010 12:50:52 PM - Software Distribution Service 3.0
RP322: 25/08/2010 6:10:25 AM - Software Distribution Service 3.0
RP323: 26/08/2010 6:46:21 AM - Software Distribution Service 3.0
RP324: 27/08/2010 6:11:26 AM - Software Distribution Service 3.0
RP325: 28/08/2010 6:29:10 AM - Software Distribution Service 3.0
RP326: 29/08/2010 8:22:02 AM - Software Distribution Service 3.0
RP327: 02/09/2010 6:12:30 AM - Software Distribution Service 3.0
RP328: 04/09/2010 10:29:55 PM - Software Distribution Service 3.0
RP329: 05/09/2010 7:51:54 AM - Software Distribution Service 3.0
RP330: 06/09/2010 8:25:34 AM - Software Distribution Service 3.0
RP331: 07/09/2010 7:19:30 AM - Software Distribution Service 3.0
RP332: 08/09/2010 5:42:53 AM - Software Distribution Service 3.0
RP333: 09/09/2010 7:09:46 AM - Software Distribution Service 3.0
RP334: 10/09/2010 11:05:39 AM - Software Distribution Service 3.0
RP335: 11/09/2010 6:35:41 AM - Software Distribution Service 3.0
RP336: 12/09/2010 8:07:53 AM - Software Distribution Service 3.0
RP337: 13/09/2010 6:24:05 AM - Software Distribution Service 3.0
RP338: 14/09/2010 6:45:43 AM - Software Distribution Service 3.0
RP339: 15/09/2010 7:49:41 AM - Software Distribution Service 3.0
RP340: 18/09/2010 2:53:27 PM - Software Distribution Service 3.0
RP341: 20/09/2010 5:58:30 AM - Software Distribution Service 3.0
RP342: 22/09/2010 8:07:26 AM - Software Distribution Service 3.0
RP343: 23/09/2010 6:23:24 AM - Software Distribution Service 3.0
RP344: 24/09/2010 7:33:37 AM - Software Distribution Service 3.0
RP345: 25/09/2010 7:24:25 AM - Software Distribution Service 3.0
RP346: 26/09/2010 3:36:39 PM - Software Distribution Service 3.0
RP347: 27/09/2010 5:43:39 AM - Software Distribution Service 3.0
RP348: 28/09/2010 6:30:00 AM - Software Distribution Service 3.0
RP349: 29/09/2010 6:28:36 AM - Software Distribution Service 3.0
RP350: 30/09/2010 6:47:13 AM - Software Distribution Service 3.0
RP351: 01/10/2010 6:44:23 AM - Software Distribution Service 3.0
RP352: 02/10/2010 6:55:23 AM - Software Distribution Service 3.0
RP353: 03/10/2010 7:11:22 AM - Software Distribution Service 3.0
RP354: 04/10/2010 6:45:30 AM - Software Distribution Service 3.0
RP355: 05/10/2010 6:41:36 AM - Software Distribution Service 3.0
RP356: 06/10/2010 6:40:35 AM - Software Distribution Service 3.0
RP357: 07/10/2010 6:45:12 AM - Software Distribution Service 3.0
RP358: 08/10/2010 6:31:29 AM - Software Distribution Service 3.0
RP359: 09/10/2010 7:14:46 AM - Software Distribution Service 3.0
RP360: 10/10/2010 6:57:10 AM - Software Distribution Service 3.0
RP361: 11/10/2010 6:48:14 AM - Software Distribution Service 3.0
RP362: 12/10/2010 6:49:22 AM - Software Distribution Service 3.0
RP363: 13/10/2010 7:31:21 AM - Software Distribution Service 3.0
RP364: 16/10/2010 7:05:29 AM - Software Distribution Service 3.0
RP365: 19/10/2010 7:22:10 AM - Software Distribution Service 3.0
RP366: 20/10/2010 8:09:24 AM - Software Distribution Service 3.0
RP367: 21/10/2010 5:54:06 AM - Software Distribution Service 3.0
RP368: 22/10/2010 6:06:46 AM - Software Distribution Service 3.0
RP369: 23/10/2010 8:45:45 AM - Software Distribution Service 3.0
RP370: 26/10/2010 6:31:31 AM - Software Distribution Service 3.0
RP371: 27/10/2010 6:32:39 AM - Software Distribution Service 3.0
RP372: 28/10/2010 6:03:46 AM - Software Distribution Service 3.0
RP373: 29/10/2010 6:48:48 AM - Software Distribution Service 3.0
RP374: 02/11/2010 7:05:19 AM - Software Distribution Service 3.0
RP375: 03/11/2010 10:05:43 AM - Software Distribution Service 3.0
RP376: 04/11/2010 7:44:32 AM - Software Distribution Service 3.0
RP377: 06/11/2010 7:35:16 AM - Software Distribution Service 3.0
RP378: 08/11/2010 7:23:45 AM - Software Distribution Service 3.0
RP379: 10/11/2010 3:49:16 PM - Software Distribution Service 3.0
RP380: 11/11/2010 1:26:25 PM - Software Distribution Service 3.0
RP381: 12/11/2010 8:06:51 AM - Software Distribution Service 3.0
RP382: 13/11/2010 7:06:34 AM - Software Distribution Service 3.0
RP383: 18/11/2010 7:23:46 AM - Software Distribution Service 3.0
RP384: 22/11/2010 7:23:38 AM - Software Distribution Service 3.0
RP385: 25/11/2010 5:14:11 PM - Software Distribution Service 3.0
RP386: 29/11/2010 6:51:58 AM - Software Distribution Service 3.0
RP387: 01/12/2010 1:17:50 PM - Software Distribution Service 3.0
RP388: 08/12/2010 1:52:37 PM - Software Distribution Service 3.0
RP389: 09/12/2010 6:45:54 AM - Software Distribution Service 3.0
RP390: 10/12/2010 12:54:38 PM - Software Distribution Service 3.0
RP391: 15/12/2010 10:26:05 PM - Software Distribution Service 3.0
RP392: 16/12/2010 9:17:59 PM - Software Distribution Service 3.0
RP393: 17/12/2010 8:52:56 PM - Software Distribution Service 3.0
RP394: 19/12/2010 8:20:28 PM - Software Distribution Service 3.0
RP395: 22/12/2010 3:37:31 PM - Software Distribution Service 3.0
RP396: 23/12/2010 1:51:28 PM - Software Distribution Service 3.0
RP397: 25/12/2010 2:02:20 PM - Software Distribution Service 3.0
RP398: 26/12/2010 11:32:32 AM - Software Distribution Service 3.0
RP399: 27/12/2010 11:31:46 AM - Software Distribution Service 3.0
RP400: 28/12/2010 1:19:44 PM - Software Distribution Service 3.0
RP401: 29/12/2010 10:56:23 AM - Software Distribution Service 3.0
RP402: 31/12/2010 12:41:30 PM - Software Distribution Service 3.0
RP403: 01/01/2011 1:37:10 PM - Software Distribution Service 3.0
RP404: 02/01/2011 7:48:02 AM - Software Distribution Service 3.0
RP405: 03/01/2011 10:50:13 AM - Software Distribution Service 3.0
RP406: 06/01/2011 8:11:56 PM - Software Distribution Service 3.0
RP407: 07/01/2011 7:21:33 AM - Software Distribution Service 3.0
RP408: 16/01/2011 8:29:05 AM - Software Distribution Service 3.0
RP409: 18/01/2011 8:26:59 AM - Software Distribution Service 3.0
RP410: 25/01/2011 7:39:56 AM - Software Distribution Service 3.0
RP411: 26/01/2011 7:25:04 AM - Software Distribution Service 3.0
RP412: 29/01/2011 7:52:23 AM - Software Distribution Service 3.0
RP413: 08/02/2011 4:43:35 PM - Software Distribution Service 3.0
RP414: 08/02/2011 5:54:45 PM - Installed Java(TM) 6 Update 23
RP415: 08/02/2011 6:00:46 PM - Software Distribution Service 3.0
RP416: 08/02/2011 6:09:42 PM - Software Distribution Service 3.0
RP417: 08/02/2011 8:15:46 PM - Software Distribution Service 3.0
RP418: 09/02/2011 12:08:56 PM - Installed HiJackThis

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auction Client
AutocompletePro
Battery Meter
Bluetooth Software Update Tool
Bonjour
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 8.0 SE
Dell Box.net Launcher
Dell Support Center (Support Software)
Dell System Restore
Dell Touchpad
Dell Video Chat (remove only)
Dell Webcam Central
EMSC
Field Manager PRO Desktop 2009
GoToAssist 8.0.0.514
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
Install Manager
Integrated Webcam Driver (1.00.03.0720)
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Live! Cam Avatar Creator
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSVCRT
MSXML 6.0 Parser (KB927977)
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Presentation Foundation
Windows Search 4.0
Wireless Select Switch
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

08/02/2011 5:01:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IDSxpx86
08/02/2011 4:43:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows XP Service Pack 3 (KB952069).

==== End Of File ===========================

1972vet · « **Reply #5 on:** February 09, 2011, 02:57:51 PM »

While I look at this, try this link for the Rootkit Unhooker:
http://www.antirootkit.com/software/RootKit-Unhooker.htm

32skidoo · « **Reply #6 on:** February 09, 2011, 03:05:03 PM »

ok.. that link works but it tells me i need to find a program to open the .rar file. what should i do to solve this prob.

1972vet · « **Reply #7 on:** February 09, 2011, 03:07:37 PM »

Sorry, I was thinking you had 7zip installed.

1972vet · « **Reply #8 on:** February 09, 2011, 03:11:21 PM »

At this point, as I have perused the dds log and found some serious issues, we can forego the Rootkit Unhooker scan for the time being.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

32skidoo · « **Reply #9 on:** February 09, 2011, 05:10:12 PM »

so i ran combofix and it was doing its scan until an rundll window showed up. then the message disappeared and then the screen went blank. the computer is still on just with this blank screen. i have left it alone for about an hour and still no change. Is this normal? Do I have to just wait it out?

1972vet · « **Reply #10 on:** February 09, 2011, 06:43:38 PM »

Close it...boot to safe mode and run it there.

32skidoo · « **Reply #11 on:** February 09, 2011, 07:53:50 PM »

UGH!! I booted to safe mode and tried to run combofix and up comes "32788R22FWJFW\n.pif" "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". I tried safe mode in both the regular profile listed as well as the administrator profile. in the admin profile there was no combofix to run. only in the regular profile.

1972vet · « **Reply #12 on:** February 09, 2011, 09:00:23 PM »

Please uninstall the following software:
Install Manager
Auction Client
AutocompletePro
GoToAssist 8.0.0.514

Next, let's see if we can hack away at this using HijackThis. Run HijackThis again and click "Do a system scan". Check the box next to the following entries:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:60283
F3 - REG:win.ini: load=C:\DOCUME~1\ALEX&D~1\LOCALS~1\Temp\csrss.exe
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O4 - HKLM\..\Run: [Gruhuqos] rundll32.exe "C:\WINDOWS\efujasuqeboqut.dll",Startup
O4 - HKCU\..\Run: [explorer update] C:\Documents and Settings\Alex & Debbie\Desktop\update.exe
O4 - HKCU\..\Run: [Qzacititefedah] rundll32.exe "C:\WINDOWS\xmslav.dll",Startup
O4 - HKCU\..\Run: [dl6.exe] C:\Documents and Settings\Alex & Debbie\Desktop\dl6.exe
O4 - HKCU\..\Run: [fTdjB.exe] C:\Documents and Settings\Alex & Debbie\Local Settings\Temp\fTdjB.exe
O4 - HKCU\..\Run: [CTF Products Updater] rundll32.exe "C:\DOCUME~1\ALEX&D~1\LOCALS~1\Temp\winbdm.dll", DepCmd
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Alex & Debbie\Application Data\SystemProc\lsass.exe
O4 - Global Startup: In'stall Manager.lnk = C:\Program Files\Install Manager\in.stallmanager.exe
O4 - Global Startup: officejet 6100.lnk = ?
O20 - AppInit_DLLs: C:\WINDOWS\system32\winphost.dll

Close all windows (including this browser window) then click the Fix Checked button.

Boot to safe mode and navigate to, then delete the following files indicated in Bold text:
C:\Documents and Settings\Alex & Debbie\Application Data\dwm.exe
C:\WINDOWS\Eporab.exe
C:\WINDOWS\efujasuqeboqut.dll
C:\Documents and Settings\Alex & Debbie\Desktop\update.exe
C:\WINDOWS\xmslav.dll
C:\Documents and Settings\Alex & Debbie\Desktop\dl6.exe
C:\Documents and Settings\Alex & Debbie\Local Settings\Temp\fTdjB.exe
C:\DOCUME~1\ALEX&D~1\LOCALS~1\Temp\winbdm.dll
C:\Documents and Settings\Alex & Debbie\Application Data\SystemProc\lsass.exe
C:\Program Files\Install Manager<--Folder...if it still exists

Boot back to your normal Windows user mode. Please download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or Here

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here
and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected then click on the Scan button.

The scan will begin and "Scan in progress" will show at the top. Wait for the scan to complete and do nothing else with the computer during the scan.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Exit MBAM. Please remember to copy and paste the contents of that report in your next reply and please run a fresh HijackThis scan to include that log as well. Thanks!

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

32skidoo · « **Reply #13 on:** February 09, 2011, 10:45:14 PM »

ok a couple of possible hitches. one of the files you asked me to fix on HJT was not on the list. also some files that were to be deleted in safe mode werent there. I also found a file at c:\documents and settings\alex&debbie\local settings\temp\inmuninstall.exe that appears to be part of the install manager that you got me to delete before. should I delete that file as well? here are the logs for MBAM and HJT

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5726

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/02/2011 10:30:58 PM
mbam-log-2011-02-09 (22-30-57).txt

Scan type: Quick scan
Objects scanned: 153377
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\D9L83679SM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MFJJEC0A1L (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Marvell LAN Driver2 (Trojan.Agent) -> Value: Marvell LAN Driver2 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\alex & debbie\application data\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\alex & debbie\application data\dwmu.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\alex & debbie\application data\microsoft\Windows\shell.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\alex & debbie\Desktop\dl1.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\alex & debbie\Desktop\dl2.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\alex & debbie\Desktop\dl3.exe (PWS.Fignotok) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1501988114-457166028-1270161278-1006\Dc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1501988114-457166028-1270161278-1006\Dc4.exe (Trojan.Prolaco) -> Quarantined and deleted successfully.
c:\WINDOWS\Eporaa.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\alex & debbie\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\alex & debbie\application data\asdfasfas.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\alex & debbie\start menu\Programs\palladium for windows.lnk (Rogue.Palladium) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:25 PM, on 09/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NMSAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/23
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1297212663703
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\WINDOWS\system32\NMSAccess.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 8152 bytes

1972vet · « **Reply #14 on:** February 10, 2011, 10:54:43 AM »

Doesn't look like any hitches remain. It seems that mbam took them all out. See now if you can run the combofix scan for me. Thanks!

News:

Author Topic: [Resolved] paladium security has taken over. cant update windows... (Read 3045 times)

32skidoo

[Resolved] paladium security has taken over. cant update windows...

1972vet

Re: [Resolved] paladium security has taken over. cant update windows...

32skidoo

Re: [Resolved] paladium security has taken over. cant update windows...

1972vet

Re: [Resolved] paladium security has taken over. cant update windows...

32skidoo

Re: [Resolved] paladium security has taken over. cant update windows...

1972vet

Re: [Resolved] paladium security has taken over. cant update windows...

32skidoo

Re: [Resolved] paladium security has taken over. cant update windows...

1972vet

Re: [Resolved] paladium security has taken over. cant update windows...

1972vet

Re: [Resolved] paladium security has taken over. cant update windows...

32skidoo

Re: [Resolved] paladium security has taken over. cant update windows...

1972vet

Re: [Resolved] paladium security has taken over. cant update windows...

32skidoo

Re: [Resolved] paladium security has taken over. cant update windows...

1972vet

Re: [Resolved] paladium security has taken over. cant update windows...

32skidoo

Re: [Resolved] paladium security has taken over. cant update windows...

1972vet

Re: [Resolved] paladium security has taken over. cant update windows...