jvd2010

4 Posts

August 15th, 2010 07:00

No desk top icons or taskbar unless in Safe mode, can't access anti-spyware, began with redirected google searches.

Dell Dimension XP home sp1 (have unsuccessfully tried to dl sp2 but it crashed the system and Dell online had remove it), using McAfee. Have had problem with redirected google searches and unable to open, use, or update any spyware removal programs, or access their sites. Also to mention, have repeatedly deleted 'DNS' from regedit as suggested on some forum, but it keeps coming back. Also, much of the time System Restore won't work - but that's been a longstanding problem.

Installed and ran MalwareBytes a couple months ago which cured the google redirection problem (temporarily), but still couldn't use any spyware removal or access their sites for help. But the redirecting google searches returned, followed now by a more serious problem: no Desktop icons (no Apps in Task Manager) and no taskbar (except in safe mode). Some things wont work in Safe mode (e.g. can't print, as printer is not recognized). Still can't open MalwareBytes or any others even in Safe. I ran Trend HijackThis, which I will paste below. Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:40 AM, on 8/15/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R3 - URLSearchHook: (no name) - _{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\SYSTEM32\TwcToolbarIe7.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FreeRIP.com Toolbar - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fccbbysys] rundll32.exe "tuvtqq.dll",s
O4 - HKLM\..\Run: [hcvknsjv] C:\Documents and Settings\Adam\Local Settings\Application Data\yrgfougvp\ecarlcstssd.exe
O4 - HKLM\..\Run: [vxnyywdg] C:\Documents and Settings\Adam\Local Settings\Application Data\hupbpckem\exjrwrptssd.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [hcvknsjv] C:\Documents and Settings\Adam\Local Settings\Application Data\yrgfougvp\ecarlcstssd.exe
O4 - HKCU\..\Run: [vxnyywdg] C:\Documents and Settings\Adam\Local Settings\Application Data\hupbpckem\exjrwrptssd.exe
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Adam\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ljifdcsys] rundll32.exe "tuvtqq.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &FreeRIP Search - res://C:\Program Files\FreeRIP3\toolband.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com/plugins/Plugin0501.0124/streetnoagent7.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{984FAF96-AE5A-4ED0-8FE0-4FFA1A950B34}: NameServer = 93.188.162.239,93.188.161.239
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.239,93.188.161.239
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: GoToAssist - C:\WINDOWS\
O20 - Winlogon Notify: pfpenvzv - nqsdlax.dll (file missing)
O21 - SSODL: IEFilter - {2D152712-0B99-4F6C-AC70-2667986CEABB} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Monitoring LAN Service (MonLANS) - Unknown owner - C:\WINDOWS\netcomms.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: System Monitor (SysMon0.0.1.342) - Unknown owner - C:\WINDOWS\iosysc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://pics.ebaystatic.com/aw/pics/syi/syi_icons/imgPicture_100x100.gif
O24 - Desktop Component 1: (no name) - https://tickets.livenation.com/us/EC2/1919/images/print_at_home.jpg

--
End of file - 10701 bytes

Responses(11)

kevin27_b3d29f

1.5K Posts

September 1st, 2010 15:00

Hi jvd2010,

Welcome to Dell Community Malware Removal Forums,

Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.

Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.

Please post a fresh HJT for me if you still require assistance.

Thanks.

jvd2010

4 Posts

September 2nd, 2010 19:00

Thanks for the reply - sure glad my livelihood didnt depend on it. since most everyone else got a quick reply. Actually the problem has changed a big as a friend suggested I stop several of the start-up processes via msconfig- this has worked to an extent. I have my desktop and browsing (without needing safe mode) back.

However, I still get google redirects, and anti-malware programs won't open or run or update from their sites (MalwareBytes, Adaware, Spybot search & destroy). Trying their sites says "page cant be displayed". System restore also does not work, but that has been a problem for some time. A Dell rep suggested I have too many programs, including too many antispyware - even though none of them will open and run.

kevin27_b3d29f

1.5K Posts

September 3rd, 2010 12:00

Hi,

Sorry for the delay but as I am sure you will understand, every trained analyst that works these boards are all volunteers who not only donate there free time to help others rid there systems of infection but also spend a lot of time behind the screens researching and leaning new skills to keep abreast of the ever growing variety of malware that is released in to the wild every day, what with that and working full time real life jobs and having families, time can be sparse at the best of times. Also, No one is in any way what so ever compensated for the time they donate to this site or any other that we work, as we all volunteer and numerous other malware removal sites.

Lets run a few diagnostic scans to see what is happen with the system.

I need to see some additional information about what is happening in your machine.
Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

Then Please download Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
This log may be very large so please use multiple posts if need be.

Note** you may get the following warning. It is ok, just ignore it.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please copy/paste both DDS logs and the RKU log back to this thread.

Thanks.

kevin27_b3d29f

1.5K Posts

September 5th, 2010 03:00

HI jvd2010,

Do you still require assistance?

Thanks.

jvd2010

4 Posts

September 5th, 2010 16:00

Thanks K27.. I will paste them below, but you should know the "files" scan on RKUnhooker did not work - it scanned the others but got hung up trying to scan files - the first time I tried it resulted in the blue screen of death, but rebooting was ok. The 2nd time I cancelled it after it hung up for several minutes. Let me know what you think, or if I need to try something else to get you that scan.
The main problem now is Google redirects (sometimes other redirects), and inability to open or run anti-spyware programs or access their sites to update. Also unable to System Restore ("no changes made to computer"). By the way I still run SP1, as I had a major crash when trying to install SP2 and had to have Dell support guide to remove it.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Adam at 18:16:15.62 on Sun 09/05/2010
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1023.693 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\netcomms.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Adam\Desktop\dds.pif
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dellnet.com/
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: FreeRIP.com Toolbar: {081230f8-ea50-42a9-983c-d22abc2eed3b} - c:\program files\freerip3\toolband.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: Netscape: {4e7bd74f-2b8d-469e-d7ee-fe6fa781bf33} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GhostStartTrayApp] c:\program files\norton systemworks\norton ghost\GhostStartTrayApp.exe
mRun: [fccbbysys] rundll32.exe "tuvtqq.dll",s
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [ljifdcsys] rundll32.exe "tuvtqq.dll",s
IE: &FreeRIP Search - c:\program files\freerip3\toolband.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: amazon.xom\www
Trusted Zone: excite.com\www
Trusted Zone: myspace.com\www
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0124/streetnoagent7.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.239,93.188.161.239
TCP: {984FAF96-AE5A-4ED0-8FE0-4FFA1A950B34} = 93.188.162.239,93.188.161.239
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: pfpenvzv - nqsdlax.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: IEFilter - {2D152712-0B99-4F6C-AC70-2667986CEABB} - No File
LSA: Authentication Packages = msv1_0 tuvtqq.dll
LSA: Notification Packages = :\windows\Syste
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adam\applic~1\mozilla\firefox\profiles\qt0d038v.default\
FF - prefs.js: browser.startup.homepage - hxxp://neuskool.com
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-1-24 144704]
R1 GhPciScan;GhostPciScanner;c:\program files\norton systemworks\norton ghost\GhPciScan.sys [2002-8-14 5632]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-9-22 392824]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-7-5 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-1-24 54608]
R2 MonLANS;Monitoring LAN Service;c:\windows\netcomms.exe service --> c:\windows\netcomms.exe service [?]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2003-8-12 135168]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-7-5 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-7-5 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-7-5 171400]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S2 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?]
S2 dzjmjvax;IEEE-1284.4 HPZid412Controller;c:\windows\system32\svchost.exe -k netsvcs [2007-10-18 12800]
S2 SysMon0.0.1.342;System Monitor;c:\windows\iosysc.exe service --> c:\windows\iosysc.exe service [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 5727855B;5727855B;c:\windows\system32\5727855B.exe [2010-9-5 6656]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\system32\svchost.exe -k netsvcs [2007-10-18 12800]
S3 Normandy;Normandy SR2;
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]

============== File Associations ===============

inffile=c:\i386\NOTEPAD.EXE %1
inifile=c:\i386\NOTEPAD.EXE %1
txtfile=c:\i386\NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-09-05 19:46:45 6656 ----a-w- c:\windows\system32\5727855B.exe
2010-08-15 12:35:14 0 d-----w- c:\program files\Trend Micro
2010-08-13 01:26:06 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-08-08 03:18:05 73728 ---ha-w- c:\windows\system32\tuvtqq.dll

==================== Find3M ====================

2010-08-17 00:01:39 103784 ----a-w- c:\documents and settings\adam\GoToAssistDownloadHelper.exe
2010-07-11 01:43:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-11 01:43:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2005-11-29 01:25:36 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-03-10 14:51:09 74720 ----a-w- c:\program files\Folders.dbx
2003-08-12 23:40:04 32 --sha-w- c:\windows\{29E01A80-421C-49E3-9B20-D39CBA3158E6}.dat
2003-08-12 23:34:57 32 --sha-w- c:\windows\{58E04B8C-94F0-4269-A0B4-6D1545246716}.dat
2003-08-12 23:40:37 32 --sha-w- c:\windows\{6BADE43B-F390-4971-9066-15AE53451BFE}.dat
2003-08-12 23:37:19 32 --sha-w- c:\windows\{BF5ADEE9-396E-44AD-996C-6A4429C87E4B}.dat
2003-08-12 23:34:57 32 --sha-w- c:\windows\{BFD24E14-AA0F-4632-A877-8FE0BFF8303B}.dat
2003-08-12 23:34:57 32 --sha-w- c:\windows\{C6D380D4-9B1A-4C38-9F40-8AF4C9A404AF}.dat
2003-08-12 23:34:57 32 --sha-w- c:\windows\system32\{6D7F1FAD-B100-4D00-9EDF-ABC474BE9DEB}.dat
2003-08-12 23:37:19 32 --sha-w- c:\windows\system32\{728D1AD2-174C-49E8-B79F-663C79E705F9}.dat
2003-08-12 23:34:57 32 --sha-w- c:\windows\system32\{8D40A454-4A45-46B6-9A1E-D6EB4BB97C29}.dat
2003-08-12 23:34:57 32 --sha-w- c:\windows\system32\{AF2DC475-A1EA-41FB-BE56-5F51C7CBC3F4}.dat
2003-08-12 23:40:37 32 --sha-w- c:\windows\system32\{AFF56F2D-3528-4F88-8EEA-1878D543DBC1}.dat
2003-08-12 23:40:04 32 --sha-w- c:\windows\system32\{BDBE086D-24A5-4BFF-94D4-6100EAF914B4}.dat

============= FINISH: 18:18:24.14 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/24/2002 4:29:40 PM
System Uptime: 9/5/2010 3:57:36 PM (3 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1999/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 32.545 GiB free.
D: is CDROM (UDF)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/5/2010 9:08:25 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
3ivx D4 4.5.1 Decoder (remove only)
Acoustica Effects Pack
Acoustica Mixcraft 5
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Advanced Networking Pack for Windows XP
Age of Mythology Gold
AIM 6.0
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Software Suite
AudibleManager
BCM V.92 56K Modem
Bored.com- Beach Scenes
Bored.com- Dream Of Heights Wallpaper
Bored.com- Interactive Clock Wallpaper
Bored.com- Quotes From Bible Wallpaper
Bored.com- The Sunset Reel
Bored.com- Waterfalls Clock Wallpaper
Bored.com- Watermelon Clock
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative MediaSource 5
Creative System Information
Creative ZEN V Series (R2)
Dell Digital Jukebox Driver
Dell File Manager
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Digital Line Detect
DNA
DVD Decrypter (Remove Only)
Easy CD Creator 5 Basic
EasyWorship 2007
ebgcInfra
ebgcRes
ebgcSDK
EPSON Printer Software
Family Feud
Family Feud (remove only)
Finale NotePad 2008
Finale NotePad 2009
FreeRIP v3.30
getPlus(R) for Adobe
GoToAssist Corporate
GPBaseService2
Hidden Pictures Workshop
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Photosmart Essential 3.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
iCarly - iDream in Toons
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Learn.com Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Love Hearts Demo Screen Saver
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Age of Empires II
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Excel 97
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Express 7.0
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.11)
MSVCSetup
Musicnotes Software Suite 1.4.2
muvee Plugin 1.0
MySpaceIM
Network Play System (Patching)
Norton SystemWorks 2003
Norton WMI Update
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OpenAL
Paint Shop Pro 7
Picasa 3
Pool Buddy {Y} 3.2
PowerDVD
Print Lab Series
QuickCam
QuickTime
RealArcade
RealPlayer
Registry Medic 5.0
Replay AV 8
Revo Uninstaller 1.88
Rhapsody Player Engine
Roll
RollerCoaster Tycoon 2
RollerCoaster Tycoon 3
Rugrats Go Wild
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Shockwave
Sibelius Scorch (ActiveX Only)
SmartWebPrinting
SolutionCenter
SpongeBob SquarePants Employee of the Month
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
Switch Sound File Converter
Tennis Titans
The Silent Mountains Screensaver
The Sims 2
The Sims Makin' Magic
The Weather Channel Desktop 6
The Weather Channel Toolbar
Total 3D Home Deluxe
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) q329623
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
WinZip 14.0
Yahoo! Messenger
Yahoo! Toolbar
ZENcast Organizer
ZoneAlarm

==== Event Viewer Messages From Past Week ========

9/3/2010 11:44:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pxscan
9/3/2010 11:44:32 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
9/3/2010 11:43:15 AM, error: Service Control Manager [7023] - The IEEE-1284.4 HPZid412Controller service terminated with the following error: The specified module could not be found.
9/3/2010 11:43:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
9/3/2010 11:43:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
9/3/2010 11:43:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Speed Disk service service to connect.
9/3/2010 11:43:15 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2010 11:43:15 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2010 11:43:15 AM, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.
9/3/2010 11:37:58 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
9/3/2010 11:37:58 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
9/3/2010 11:34:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
9/3/2010 11:34:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton Unerase Protection service to connect.
9/3/2010 11:34:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.
9/3/2010 11:34:12 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2010 11:34:12 AM, error: Service Control Manager [7000] - The Norton Unerase Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2010 11:34:12 AM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 1)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF9B8000 C:\WINDOWS\System32\nv4_disp.dll 4247552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 52.16 )
0x804D4000 C:\WINDOWS\system32\ntoskrnl.exe 2040832 bytes (Microsoft Corporation, NT Kernel & System)
0x804D4000 PnpManager 2040832 bytes
0x804D4000 RAW 2040832 bytes
0x804D4000 WMIxWDM 2040832 bytes
0xBF800000 Win32k 1802240 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1802240 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6025000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1466368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 )
0xF5EE4000 C:\WINDOWS\System32\DRIVERS\BCMSM.sys 1101824 bytes (Broadcom Corporation, Modem Device Driver)
0xF73BE000 Ntfs.sys 565248 bytes (Microsoft Corporation, NT File System Driver)
0xF5DF3000 C:\WINDOWS\system32\drivers\smwdm.sys 528384 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEF33F000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 434176 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEF3FA000 C:\WINDOWS\System32\vsdatant.sys 389120 bytes (Zone Labs, LLC, TrueVector Device Driver)
0xEF47E000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 344064 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEB33D000 C:\WINDOWS\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0xEF53C000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 237568 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xEF4F7000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF74A2000 ACPI.sys 180224 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEB404000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 176128 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xEB1D4000 C:\WINDOWS\system32\drivers\mfehidk.sys 167936 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF7395000 NDIS.sys 167936 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEF3A9000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 167936 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF459000 C:\WINDOWS\System32\DRIVERS\netbt.sys 151552 bytes (Microsoft Corporation, MBT Transport driver)
0xEB584000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF5EA0000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF5D89000 C:\WINDOWS\System32\DRIVERS\update.sys 139264 bytes (Microsoft Corporation, Update Driver)
0xF5FF1000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 139264 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEBE70000 C:\WINDOWS\System32\drivers\afd.sys 135168 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF5EC3000 C:\WINDOWS\System32\DRIVERS\ks.sys 135168 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5DD2000 C:\WINDOWS\system32\drivers\portcls.sys 135168 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x806C7000 ACPI_HAL 127872 bytes
0x806C7000 C:\WINDOWS\system32\hal.dll 127872 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7483000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEDD31000 C:\Program Files\Symantec\SYMEVENT.SYS 118784 bytes (Symantec Corporation, Symantec Event Library)
0xF737B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF5E74000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 102400 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF746D000 atapi.sys 90112 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF5DBC000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 90112 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7448000 KSecDD.sys 81920 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xEF4D2000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF5E8D000 C:\WINDOWS\System32\DRIVERS\parport.sys 77824 bytes (Microsoft Corporation, Parallel Port Driver)
0xEB549000 C:\WINDOWS\system32\drivers\wdmaud.sys 77824 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6013000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 73728 bytes (Microsoft Corporation, Video Port Driver)
0xBFF80000 C:\WINDOWS\System32\drivers\dxg.sys 69632 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xEB0D3000 C:\WINDOWS\system32\drivers\mfeavfk.sys 69632 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF5DAB000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF745C000 sr.sys 69632 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74EF000 pci.sys 65536 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF771F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF449E000 C:\WINDOWS\System32\Drivers\Udfs.SYS 65536 bytes (Microsoft Corporation, UDF File System Driver)
0xF448E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 61440 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF775F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xEB295000 C:\WINDOWS\system32\drivers\mfeapfk.sys 61440 bytes (McAfee, Inc., Access Protection Filter Driver)
0xF773F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 57344 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF074E000 C:\WINDOWS\system32\drivers\sysaudio.sys 57344 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76EF000 C:\WINDOWS\System32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF770F000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF75FF000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 53248 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF772F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 49152 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF753F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 49152 bytes (Microsoft Corporation, SCSI Class System Dll)
0xEFE3D000 C:\WINDOWS\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xF757F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 49152 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75EF000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF751F000 VolSnap.sys 49152 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF755F000 srescan.sys 45056 bytes
0xF774F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 40960 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF750F000 MountMgr.sys 40960 bytes (Microsoft Corporation, Mount Manager)
0xF6C04000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF758F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 40960 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6C14000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF752F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEFAAB000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76FF000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF74FF000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF761F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEFE2D000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEDF26000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xEB14C000 C:\WINDOWS\System32\Drivers\NPDRIVER.SYS 36864 bytes (Symantec Corporation, Norton Protection Driver)
0xF754F000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xEFE0D000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77F7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEF9C9000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\processr.sys 32768 bytes (Microsoft Corporation, Processor Device Driver)
0xF777F000 agp440.sys 28672 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xEF9E9000 C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys 28672 bytes (Symantec Corporation, Symantec Ghost PCI Scanner Kernal Mode Driver)
0xF78AF000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xEF9C1000 C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver)
0xEFC2E000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 28672 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78E7000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xEF9E1000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 24576 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78EF000 C:\WINDOWS\System32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF7827000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF782F000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))
0xF7807000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF776F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 24576 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEFC36000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xEF9D1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7777000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF780F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7817000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77E7000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEF9D9000 C:\WINDOWS\System32\drivers\vga.sys 20480 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF781F000 C:\WINDOWS\System32\DRIVERS\wanatw4.sys 20480 bytes (America Online, Inc., Wan Miniport (ATW))
0xEB608000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF6A99000 C:\WINDOWS\System32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF6A9D000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF0DD7000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF6A89000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF6A79000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 16384 bytes (Microsoft Corporation, TDI Wrapper)
0xF797B000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF44FA000 C:\WINDOWS\System32\watchdog.sys 16384 bytes (Microsoft Corporation, Watchdog Driver)
0xF78FF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF44FE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7977000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6A7D000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF79DF000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 12288 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF0253000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xEB1FD000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 12288 bytes (Macrovision Europe Ltd, Macrovision SECURITY Driver)
0xF7A41000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7A05000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A03000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A01000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF79EF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A07000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A21000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7A09000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A51000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79F1000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B78000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xEFA08000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xEFA07000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7AF2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEF9A0000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7AB7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7B80000 C:\WINDOWS\System32\DRIVERS\swenum.sys 4096 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
!!!!!!!!!!!Hidden driver: 0x872F4AF1 ?_empty_? 1295 bytes
!!!!!!!!!!!Hidden driver: 0x87377998 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF746D000 WARNING: suspicious driver modification [atapi.sys::0x872F4AF1]
0xF74EF000 WARNING: Virus alike driver modification [pci.sys], 65536 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00003E2A, Type: Inline - RelativeJump 0x804D7E2A-->804D7E31 [ntoskrnl.exe]
ntoskrnl.exe-->KeSetProfileIrql, Type: Inline - RelativeCall 0x806911B8-->805D92D1 [ntoskrnl.exe]
ntoskrnl.exe-->NtOpenKey, Type: Inline - RelativeJump 0x8055DCAC-->EB1E782B [mfehidk.sys]
ntoskrnl.exe-->NtRenameKey, Type: Inline - RelativeJump 0x8062DDBF-->EB1E7867 [mfehidk.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x8057556E-->EB1E78A5 [mfehidk.sys]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xEF4B9034-->EF431A60 [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xEF4B9058-->EF431900 [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xEF4B9080-->EF4313E0 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xEFE127CC-->EF431A60 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xEFE1279C-->EF431550 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xEFE127BC-->EF431900 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xEFE127A8-->EF4313E0 [vsdatant.sys]

kevin27_b3d29f

1.5K Posts

September 5th, 2010 23:00

Hi jvd2010,

The output supplied is enough to tell me that you have a pretty nasty Rootkit on boards.

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

ComboFix MUST be saved to your desktop before running the tool

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When prompted to install the recovery console please make sure to do so as this is a VERY IMPORTANT backup of ComboFix XP only

You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run ComboFix,
Post back and we will install it manually.

DO NOT mouse click when ComboFix is running as this will cause ComboFix to Stall and it will not work as it should

EXTRA NOTES:

If Combofix detects a Rootkit on the system it will give a warning and prompt for a reboot, please allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for a few minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain item's, please reboot the system and this will fix the issue (These certain item will not be deleted)

Please include the C:\ComboFix.txt in your next reply for further review.

Thanks,
K27.

kevin27_b3d29f

1.5K Posts

September 9th, 2010 08:00

Hi jvd2010,

Do you still require assistance?

Thanks

jvd2010

4 Posts

September 9th, 2010 20:00

yes. busy work schedule - will do what you recommended over the weekend .thanks again for your help .

kevin27_b3d29f

1.5K Posts

September 10th, 2010 14:00

Thanks for letting me know.

kevin27_b3d29f

1.5K Posts

September 15th, 2010 11:00

This topic is Inactive.....

The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)

If you are the original poster and would like further assistance please post a fresh HJT log and details of the problems you are having.

All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the button.

Regards
K27

Brian.Eastwood

1 Message

December 25th, 2010 17:00

This topic is Inactive.....

The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)

If you are the original poster and would like further assistance please post a fresh HJT log and details of the problems you are having.

All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the button.

Regards
K27

I got more deep understanding about this part, Thanks for your sharing!

View All

No Events found!

Virus & Spyware

No desk top icons or taskbar unless in Safe mode, can't access anti-spyware, began with redirected google searches.