how-to block ads
|
rjorden
join:2007-10-19
Newnan, GA
| [Trojan] HJT and Combofix log
My machine is VERY slow now, and I keep getting popups for "antivirusmaster" or such sites. I've run the latest vudofix (nothing found) and combofix (log below) followed by HJT as requested. Please see both logs. I really appreciate the help. This machine had Vundo about 18 months ago (and virus scans have been kept up to date) and you also helped me clean off a co-workers machine of vundo. (our home machines) Anyway, logs follow:
ComboFix 08-05-09.1 - RobJ 2008-05-10 9:58:48.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.412 [GMT -4:00]
Running from: C:\Documents and Settings\RobJ\Desktop\Albion Utilities\ComboFix.exe
* Resident AV is active
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\DcKkRXyb.ini
C:\WINDOWS\system32\DcKkRXyb.ini2
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-10 10:08 . 2008-05-10 10:08 22 --a------ C:\WINDOWS\pskt.ini
2008-05-10 09:32 . 2008-05-10 10:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 09:32 . 2008-05-10 10:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-10 09:32 . 2008-05-10 10:08 414 ---hs---- C:\WINDOWS\system32\iudvecrj.ini
2008-05-10 06:49 . 2008-05-10 06:49 2,048 --a------ C:\WINDOWS\system32\dknmbwyt.exe
2008-05-10 06:45 . 2008-05-10 06:45 134,656 --a------ C:\WINDOWS\system32\bojqymog.dll
2008-05-10 06:43 . 2008-05-10 06:43 114,688 --a------ C:\WINDOWS\system32\jrcevdui.dll
2008-05-10 06:42 . 2008-05-10 06:42 125,440 --a------ C:\WINDOWS\system32\jsqncbxc.dll
2008-05-09 09:05 . 2008-05-09 09:07 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 09:04 . 2008-05-09 09:04 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 22:55 . 2008-05-08 22:55 2,048 --a------ C:\WINDOWS\system32\fbetsvuh.exe
2008-05-08 22:53 . 2008-05-08 22:53 133,632 --a------ C:\WINDOWS\system32\yakdepor.dll
2008-05-08 22:52 . 2008-05-08 22:52 125,440 --a------ C:\WINDOWS\system32\nkjosyuv.dll
2008-05-08 22:51 . 2008-05-08 22:51 2,048 --a------ C:\WINDOWS\system32\everdyjl.exe
2008-05-08 22:46 . 2008-05-08 22:46 133,632 --a------ C:\WINDOWS\system32\ahnydity.dll
2008-05-08 22:45 . 2008-05-08 22:45 125,440 --a------ C:\WINDOWS\system32\rlcxxgdv.dll
2008-05-08 22:38 . 2008-05-08 22:48 354 ---hs---- C:\WINDOWS\system32\spixquup.ini
2008-05-08 18:24 . 2008-05-08 18:24 133,632 --a------ C:\WINDOWS\system32\sdqraxon.dll
2008-05-08 18:18 . 2008-05-08 18:18 2,048 --a------ C:\WINDOWS\system32\lhgxpnus.exe
2008-05-08 18:08 . 2008-05-08 18:08 125,440 --a------ C:\WINDOWS\system32\stcsnlkc.dll
2008-05-07 18:11 . 2008-05-07 18:11 2,048 --a------ C:\WINDOWS\system32\burhtchl.exe
2008-05-07 18:09 . 2008-05-07 18:09 134,144 --a------ C:\WINDOWS\system32\ncidyueo.dll
2008-05-07 18:08 . 2008-05-10 10:08 109,803 --a------ C:\WINDOWS\BM0bcd4a01.xml
2008-05-07 18:08 . 2008-05-07 18:08 52,736 --a------ C:\WINDOWS\system32\jkkkIxUO.dll
2008-05-07 18:07 . 2008-05-07 18:08 126,464 --a------ C:\WINDOWS\system32\jhkdcegl.dll
2008-05-07 18:01 . 2008-05-07 18:01 371,712 --a------ C:\WINDOWS\system32\byXRkKcD.dll
2008-05-07 17:57 . 2008-05-07 17:57 52,736 --a------ C:\WINDOWS\system32\yayxuvUl.dll
2008-05-07 17:57 . 2008-05-07 17:57 52,736 --a------ C:\WINDOWS\system32\geBqOiIC.dll
2008-05-07 17:56 . 2008-05-07 17:56 52,736 --a------ C:\WINDOWS\system32\tuvWnmmM.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 13:07 --------- d-----w C:\Program Files\Lavasoft
2008-05-09 13:07 --------- d-----w C:\Documents and Settings\RobJ\Application Data\Lavasoft
2008-05-08 20:52 --------- d-----w C:\Program Files\Java
2008-03-15 01:00 --------- d-----w C:\Program Files\PopCap Games
2007-08-15 10:59 49,768 ----a-w C:\Documents and Settings\RobJ\Application Data\GDIPFONTCACHEV1.DAT
2007-01-14 00:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-09-15 00:22 1,896 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
.
((((((((((((((((((((((((((((( snapshot_2008-05-08_22.45.38.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 02:35:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 14:05:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 13:06:25 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-09 13:06:25 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-09 13:06:25 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-09 13:06:25 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 18:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 17:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 17:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-12-14 16:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5afe2c87-6f48-4227-ae48-0d17dd7247ce}]
2008-05-10 06:45 134656 --a------ C:\WINDOWS\system32\bojqymog.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ABCB425-8C8E-493F-BE5D-AB3D071426E9}]
2008-05-07 18:01 371712 --a------ C:\WINDOWS\system32\byXRkKcD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}]
2008-05-07 17:56 52736 --a------ C:\WINDOWS\system32\tuvWnmmM.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 06:24 65536]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 00:10 335872]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 18:43 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 18:00 88363 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 19:46 192512]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 14:17 53248]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 17:47 1089589]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 16:12 638976]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 13:21 135168]
"Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2005-03-17 16:37 151552]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2001-05-08 06:10 20530]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2001-05-08 06:10 24626]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2001-05-08 06:10 49152]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2001-05-08 06:10 20530]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 03:55 131072]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-20 14:30 77824]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 01:05 122939]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 05:46 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"08fe799d"="C:\WINDOWS\system32\jrcevdui.dll" [2008-05-10 06:43 114688]
"BM0bcd4a01"="C:\WINDOWS\system32\jsqncbxc.dll" [2008-05-10 06:42 125440]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-05-20 14:15:45 155648]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 257752]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}"= C:\WINDOWS\system32\tuvWnmmM.dll [2008-05-07 17:56 52736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWnmmM]
tuvWnmmM.dll 2008-05-07 17:56 52736 C:\WINDOWS\system32\tuvWnmmM.dll
R1 ECioctl;ECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys [2004-05-06 16:40]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;C:\WINDOWS\system32\DRIVERS\apusbsnt.sys []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-05-10 10:08:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tuvWnmmM.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\jrcevdui.dll
-> C:\WINDOWS\system32\jsqncbxc.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-10 10:15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 14:14:50
ComboFix2.txt 2008-05-10 13:39:32
ComboFix3.txt 2008-05-09 02:47:50
ComboFix4.txt 2007-10-21 17:36:40
Pre-Run: 43,621,232,640 bytes free
Post-Run: 43,609,772,032 bytes free
168 --- E O F --- 2008-04-12 19:42:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18, on 2008-05-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Documents and Settings\RobJ\Desktop\Albion Utilities\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [08fe799d] rundll32.exe "C:\WINDOWS\system32\jrcevdui.dll",b
O4 - HKLM\..\Run: [BM0bcd4a01] Rundll32.exe "C:\WINDOWS\system32\jsqncbxc.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - »favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: *.neveron.com
O15 - Trusted IP range: »216.19.47.72
O16 - DPF: {28E2EDF1-2383-4BA9-9A8C-980D1414B3B0} (ctrlNev1.ctrlNev) - »www2.neveron.com/ctrlNev1.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = albioninc.local
O17 - HKLM\Software\..\Telephony: DomainName = albioninc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = albioninc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = albioninc.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
--
End of file - 7989 bytes | |
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
edit:
May 11th, @12:24PM
| You have a lot of problems besides your SmitFraud infection. Vundo and several other critters.
First Steps
:!: The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult.
1. Open HijackThis again, System scan only. Checkmark these items:
O4 - HKLM\..\Run: [08fe799d] rundll32.exe "C:\WINDOWS\system32\jrcevdui.dll",b
O4 - HKLM\..\Run: [BM0bcd4a01] Rundll32.exe "C:\WINDOWS\system32\jsqncbxc.dll",s
Click "Fix checked" and when the log panel clears exit HijackThis.
2. Right-click on the header of the Code box below, where on the right side it says: "Copy to clipboard":
Open a new Notepad session - (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .
• Disconnect from the Internet.
• Disable your Antivirus. If the Antivirus software you use has any Script Blocking features, be certain to disable these as well.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any Disclaimers to start the fix.
Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown in this little picture:
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
•!• A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
3. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
Once downloaded, close all programs and Windows on your computer (including this one.)
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.
4. Run HijackThis again, and save the log file.
Submit to the Forum:
• The contents of C:\Combofix.txt;
• The contents of the MBAM log file;
• The new HijackThis log.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
rjorden
join:2007-10-19
Newnan, GA
| OK, steps completed: Logs follow (by the way, I didn't edit before, may have missed something on copy and paste, but I didn't think so. . . ) Thanks again for your help, I look forward to the next step.
Combofix Log:
ComboFix 08-05-09.1 - RobJ 2008-05-10 12:28:44.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.414 [GMT -4:00]
Running from: C:\Documents and Settings\RobJ\Desktop\Albion Utilities\ComboFix.exe
Command switches used :: C:\Documents and Settings\RobJ\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\DcKkRXyb.ini
C:\WINDOWS\system32\DcKkRXyb.ini2
C:\WINDOWS\system32\juiypjvv.ini
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-10 11:27 . 2008-05-10 11:27 134,656 --a------ C:\WINDOWS\system32\mulihnbt.dll
2008-05-10 11:24 . 2008-05-10 11:24 2,048 --a------ C:\WINDOWS\system32\eyttyshj.exe
2008-05-10 11:21 . 2008-05-10 11:21 114,688 --a------ C:\WINDOWS\system32\vvjpyiuj.dll
2008-05-10 11:20 . 2008-05-10 11:20 125,440 --a------ C:\WINDOWS\system32\wtfrylgn.dll
2008-05-10 09:32 . 2008-05-10 16:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 09:32 . 2008-05-10 16:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-10 09:32 . 2008-05-10 11:19 886 ---hs---- C:\WINDOWS\system32\iudvecrj.ini
2008-05-10 06:49 . 2008-05-10 06:49 2,048 --a------ C:\WINDOWS\system32\dknmbwyt.exe
2008-05-10 06:45 . 2008-05-10 06:45 134,656 --a------ C:\WINDOWS\system32\bojqymog.dll
2008-05-10 06:42 . 2008-05-10 06:42 125,440 --a------ C:\WINDOWS\system32\jsqncbxc.dll
2008-05-09 09:05 . 2008-05-09 09:07 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 09:04 . 2008-05-09 09:04 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 22:55 . 2008-05-08 22:55 2,048 --a------ C:\WINDOWS\system32\fbetsvuh.exe
2008-05-08 22:53 . 2008-05-08 22:53 133,632 --a------ C:\WINDOWS\system32\yakdepor.dll
2008-05-08 22:52 . 2008-05-08 22:52 125,440 --a------ C:\WINDOWS\system32\nkjosyuv.dll
2008-05-08 22:51 . 2008-05-08 22:51 2,048 --a------ C:\WINDOWS\system32\everdyjl.exe
2008-05-08 22:46 . 2008-05-08 22:46 133,632 --a------ C:\WINDOWS\system32\ahnydity.dll
2008-05-08 22:45 . 2008-05-08 22:45 125,440 --a------ C:\WINDOWS\system32\rlcxxgdv.dll
2008-05-08 22:38 . 2008-05-08 22:48 354 ---hs---- C:\WINDOWS\system32\spixquup.ini
2008-05-08 18:24 . 2008-05-08 18:24 133,632 --a------ C:\WINDOWS\system32\sdqraxon.dll
2008-05-08 18:18 . 2008-05-08 18:18 2,048 --a------ C:\WINDOWS\system32\lhgxpnus.exe
2008-05-08 18:08 . 2008-05-08 18:08 125,440 --a------ C:\WINDOWS\system32\stcsnlkc.dll
2008-05-07 18:11 . 2008-05-07 18:11 2,048 --a------ C:\WINDOWS\system32\burhtchl.exe
2008-05-07 18:09 . 2008-05-07 18:09 134,144 --a------ C:\WINDOWS\system32\ncidyueo.dll
2008-05-07 18:08 . 2008-05-10 10:16 109,803 --a------ C:\WINDOWS\BM0bcd4a01.xml
2008-05-07 18:08 . 2008-05-07 18:08 52,736 --a------ C:\WINDOWS\system32\jkkkIxUO.dll
2008-05-07 18:07 . 2008-05-07 18:08 126,464 --a------ C:\WINDOWS\system32\jhkdcegl.dll
2008-05-07 18:01 . 2008-05-07 18:01 371,712 --a------ C:\WINDOWS\system32\byXRkKcD.dll
2008-05-07 17:57 . 2008-05-07 17:57 52,736 --a------ C:\WINDOWS\system32\yayxuvUl.dll
2008-05-07 17:57 . 2008-05-07 17:57 52,736 --a------ C:\WINDOWS\system32\geBqOiIC.dll
2008-05-07 17:56 . 2008-05-07 17:56 52,736 --a------ C:\WINDOWS\system32\tuvWnmmM.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 13:07 --------- d-----w C:\Program Files\Lavasoft
2008-05-09 13:07 --------- d-----w C:\Documents and Settings\RobJ\Application Data\Lavasoft
2008-05-08 20:52 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 01:00 --------- d-----w C:\Program Files\PopCap Games
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-15 10:59 49,768 ----a-w C:\Documents and Settings\RobJ\Application Data\GDIPFONTCACHEV1.DAT
2007-01-14 00:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-09-15 00:22 1,896 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
.
((((((((((((((((((((((((((((( snapshot_2008-05-08_22.45.38.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 02:35:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 16:37:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 13:06:25 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-09 13:06:25 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-09 13:06:25 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-09 13:06:25 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 18:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 17:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 17:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-12-14 16:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A13C1BC-52E5-461C-97AB-E07E1002C6D7}]
2008-05-07 18:01 371712 --a------ C:\WINDOWS\system32\byXRkKcD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66c7e434-666b-46c8-91ca-1c84711460c0}]
2008-05-10 11:27 134656 --a------ C:\WINDOWS\system32\mulihnbt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}]
2008-05-07 17:56 52736 --a------ C:\WINDOWS\system32\tuvWnmmM.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 06:24 65536]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 00:10 335872]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 18:43 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 18:00 88363 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 19:46 192512]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 14:17 53248]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 17:47 1089589]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 16:12 638976]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 13:21 135168]
"Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2005-03-17 16:37 151552]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2001-05-08 06:10 20530]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2001-05-08 06:10 24626]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2001-05-08 06:10 49152]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2001-05-08 06:10 20530]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 03:55 131072]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-20 14:30 77824]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 01:05 122939]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 05:46 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BM0bcd4a01"="C:\WINDOWS\system32\wtfrylgn.dll" [2008-05-10 11:20 125440]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-05-20 14:15:45 155648]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 257752]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}"= C:\WINDOWS\system32\tuvWnmmM.dll [2008-05-07 17:56 52736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWnmmM]
tuvWnmmM.dll 2008-05-07 17:56 52736 C:\WINDOWS\system32\tuvWnmmM.dll
R1 ECioctl;ECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys [2004-05-06 16:40]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;C:\WINDOWS\system32\DRIVERS\apusbsnt.sys []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-05-10 16:39:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tuvWnmmM.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-05-10 16:47:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 20:46:41
ComboFix2.txt 2008-05-10 14:15:07
ComboFix3.txt 2008-05-10 13:39:32
ComboFix4.txt 2008-05-09 02:47:50
ComboFix5.txt 2007-10-21 17:36:40
Pre-Run: 43,574,247,424 bytes free
Post-Run: 43,577,499,648 bytes free
170 --- E O F --- 2008-04-12 19:42:06
MBAM Log:
Malwarebytes' Anti-Malware 1.12
Database version: 740
Scan type: Quick Scan
Objects scanned: 44130
Time elapsed: 10 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 25
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\cbXQhIXq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\edklfavl.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\tuvWnmmM.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d494779-8dd5-42ab-9582-7665b16f94c5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d494779-8dd5-42ab-9582-7665b16f94c5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvwnmmm (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4a13c1bc-52e5-461c-97ab-e07e1002c6d7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a13c1bc-52e5-461c-97ab-e07e1002c6d7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\08fe799d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0bcd4a01 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxqhixq -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxqhixq -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\cbXQhIXq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qXIhQXbc.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qXIhQXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edklfavl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lvaflkde.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emdwxpow.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvWnmmM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBqOiIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkkIxUO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRkKcD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxuvUl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
And HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37, on 2008-05-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\wds_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Documents and Settings\RobJ\Desktop\Albion Utilities\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {ce2baa85-d3a1-225a-9984-e8596ccc9a69} - {96a9ccc6-958e-4899-a522-1a3d58aab2ec} - C:\WINDOWS\system32\tdplqyaa.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - »favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: *.neveron.com
O15 - Trusted IP range: »216.19.47.72
O16 - DPF: {28E2EDF1-2383-4BA9-9A8C-980D1414B3B0} (ctrlNev1.ctrlNev) - »www2.neveron.com/ctrlNev1.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = albioninc.local
O17 - HKLM\Software\..\Telephony: DomainName = albioninc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = albioninc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = albioninc.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
--
End of file - 8311 bytes
All logs copied completely this time (double checked.) I hope that this helps.
- Rob | |
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
| reply to rjorden
We need to do the Combofix step again, as your CFScript.txt file was empty.
Using your mouse, left click once in the Code Box below, then do a Ctrl+A to highlight the entire Code Box contents. Thne do a Ctrl+C to copy those contents to your Clipboard:
Open a new Notepad session - (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .
• Disconnect from the Internet.
• Disable your Antivirus. If the Antivirus software you use has any Script Blocking features, be certain to disable these as well.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any Disclaimers to start the fix.
Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown in this little picture:
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
•!• A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
Post the new log, C:\Combofix.txt, back to the Forum. We should be nearly done.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
rjorden
join:2007-10-19
Newnan, GA | I'm getting nervous now (writing this from a different computer) the Combofix scan has been running for 45 minutes now without going into the stages complete or anything. . . I'll let it keep running, but should it do this? | |
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
edit:
May 12th, @08:11AM
| reply to rjorden
Just let it run.
It is impossible to estimate how much time it will take. If the drive light is flashing, it is at work.
If there is not drive light flashing, and it appears to be still on the same Progress Stage after one hour, reboot the computer.
In that case do the following, as will not have a Combofix.txt log to gauge our progress:
Download Deckard's System Scanner: »www.techsupportforum.com/sectool···/dss.exe
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, a text file will open - Main.txt.
• Please save this file and close Notepad.
• A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt. Please save this file too, and exit Notepad. | |
rjorden
join:2007-10-19
Newnan, GA
| from DSS:
Deckard's System Scanner v20071014.68
Run by RobJ on 2008-05-11 10:09:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
57: 2008-05-11 14:09:31 UTC - RP119 - Deckard's System Scanner Restore Point
56: 2008-05-11 13:20:50 UTC - RP118 - ComboFix created restore point
55: 2008-05-11 11:01:39 UTC - RP117 - ComboFix created restore point
54: 2008-05-10 21:03:47 UTC - RP116 - Last known good configuration
53: 2008-05-10 21:03:38 UTC - RP115 - ComboFix created restore point
-- First Restore Point --
1: 2008-05-10 21:03:33 UTC - RP63 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as RobJ.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Documents and Settings\RobJ\Desktop\dss.exe
C:\DOCUME~1\RobJ\Desktop\ALBION~1\RobJ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {ce2baa85-d3a1-225a-9984-e8596ccc9a69} - {96a9ccc6-958e-4899-a522-1a3d58aab2ec} - C:\WINDOWS\system32\tdplqyaa.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - »favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: *.neveron.com
O15 - Trusted IP range: »216.19.47.72
O16 - DPF: {28E2EDF1-2383-4BA9-9A8C-980D1414B3B0} (ctrlNev1.ctrlNev) - »www2.neveron.com/ctrlNev1.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = albioninc.local
O17 - HKLM\Software\..\Telephony: DomainName = albioninc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = albioninc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = albioninc.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
--
End of file - 8182 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\RobJ\Desktop\ALBION~1\backups\) -------
backup-20071019-202323-233 O20 - Winlogon Notify: ljjkiii - C:\WINDOWS\SYSTEM32\ljjkiii.dll
backup-20071019-202323-847 O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\ljjkiii.dll
backup-20071019-202427-510 O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\ljjkiii.dll
backup-20071019-202427-843 O20 - Winlogon Notify: ljjkiii - C:\WINDOWS\SYSTEM32\ljjkiii.dll
backup-20071019-202946-328 O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\system32\ljjkiii.dll
backup-20071021-111347-388 O20 - Winlogon Notify: ljjkiii - ljjkiii.dll (file missing)
backup-20080508-171915-382 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080508-171916-399 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - »ak.exe.imgfarm.com/images/nocach···15-3.cab
backup-20080508-171916-688 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080508-171917-557 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - »lads.myspace.com/upload/MySpaceU···1006.cab
backup-20080508-171918-947 O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - »zone.msn.com/bingame/rock/defaul···der1.cab
backup-20080508-171919-410 O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - »upload.facebook.com/controls/Fac···der3.cab
backup-20080508-171920-122 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - »cdn2.zone.msn.com/binFramework/v···6649.cab
backup-20080508-171921-777 O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - »a532.g.akamai.net/f/532/6712/5m/···ller.exe
backup-20080508-171922-265 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - »zone.msn.com/bingame/popcaploader_v10.cab
backup-20080508-171923-840 O24 - Desktop Component 0: (no name) - K:\Backgrounds\F35-1.jpg
backup-20080510-122538-206 O4 - HKLM\..\Run: [08fe799d] rundll32.exe "C:\WINDOWS\system32\vvjpyiuj.dll",b
backup-20080510-122538-413 O4 - HKLM\..\Run: [BM0bcd4a01] Rundll32.exe "C:\WINDOWS\system32\wtfrylgn.dll",s
-- File Associations -----------------------------------------------------------
[COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR]
[COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ECioctl - c:\windows\system32\drivers\ecioctl.sys
R1 meiudf - c:\windows\system32\drivers\meiudf.sys
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys
R1 SrvcEKIOMngr - c:\windows\system32\drivers\ekiomngr.sys
R1 SrvcEPIOMngr - c:\windows\system32\drivers\epiomngr.sys
R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys
R1 SrvcTPIOMngr - c:\windows\system32\drivers\tpiomngr.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys
R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys
R3 EPOWER (Compal E-POWER Driver) - c:\windows\system32\drivers\hkdrv.sys
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys
S3 apusbsnt (Sierra Wireless USB Modem Device Driver) - c:\windows\system32\drivers\apusbsnt.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 C-Dilla - c:\windows\system32\drivers\cdant.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 C-DillaSrv - c:\windows\system32\drivers\cdantsrv.exe
R2 CeEPwrSvc - c:\program files\toshiba\power management\ceepwrsvc.exe
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe
R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe"
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
S3 SolidWorks Licensing Service - "c:\program files\common files\solidworks shared\service\solidworkslicensing.exe"
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5004G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_7064144F&REV_01\4&253A0906&0&10A4
Manufacturer: Atheros
Name: Atheros AR5004G Wireless Network Adapter #2
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_7064144F&REV_01\4&253A0906&0&10A4
Service: AR5211
-- Files created between 2008-04-11 and 2008-05-11 -----------------------------
2008-05-10 17:10:03 0 d-------- C:\Documents and Settings\RobJ\Application Data\Malwarebytes
2008-05-10 17:09:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 17:09:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-10 17:09:20 2048 --a------ C:\WINDOWS\system32\suoaiqxe.exe
2008-05-10 17:06:32 114688 -----n--- C:\WINDOWS\system32\edklfavl.dll
2008-05-10 17:04:52 134656 --a------ C:\WINDOWS\system32\tdplqyaa.dll
2008-05-10 17:04:26 125440 -----n--- C:\WINDOWS\system32\emdwxpow.dll
2008-05-10 17:03:08 372224 -----n--- C:\WINDOWS\system32\cbXQhIXq.dll
2008-05-10 11:27:33 134656 --a------ C:\WINDOWS\system32\mulihnbt.dll
2008-05-10 11:24:33 2048 --a------ C:\WINDOWS\system32\eyttyshj.exe
2008-05-10 11:21:31 114688 --a------ C:\WINDOWS\system32\vvjpyiuj.dll
2008-05-10 11:20:05 125440 --a------ C:\WINDOWS\system32\wtfrylgn.dll
2008-05-10 06:49:10 2048 --a------ C:\WINDOWS\system32\dknmbwyt.exe
2008-05-10 06:45:43 134656 --a------ C:\WINDOWS\system32\bojqymog.dll
2008-05-10 06:42:38 125440 --a------ C:\WINDOWS\system32\jsqncbxc.dll
2008-05-09 09:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 09:04:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 22:55:03 2048 --a------ C:\WINDOWS\system32\fbetsvuh.exe
2008-05-08 22:53:29 133632 --a------ C:\WINDOWS\system32\yakdepor.dll
2008-05-08 22:52:52 125440 --a------ C:\WINDOWS\system32\nkjosyuv.dll
2008-05-08 22:51:16 2048 --a------ C:\WINDOWS\system32\everdyjl.exe
2008-05-08 22:46:38 133632 --a------ C:\WINDOWS\system32\ahnydity.dll
2008-05-08 22:45:36 125440 --a------ C:\WINDOWS\system32\rlcxxgdv.dll
2008-05-08 22:23:15 68096 --a------ C:\WINDOWS\zip.exe
2008-05-08 22:23:15 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-08 22:23:15 212480 --a------ C:\WINDOWS\swxcacls.exe
2008-05-08 22:23:15 136704 --a------ C:\WINDOWS\swsc.exe
2008-05-08 22:23:15 161792 --a------ C:\WINDOWS\swreg.exe
2008-05-08 22:23:15 98816 --a------ C:\WINDOWS\sed.exe
2008-05-08 22:23:15 80412 --a------ C:\WINDOWS\grep.exe
2008-05-08 22:23:15 73728 --a------ C:\WINDOWS\fdsv.exe
2008-05-08 18:24:29 133632 --a------ C:\WINDOWS\system32\sdqraxon.dll
2008-05-08 18:18:58 2048 --a------ C:\WINDOWS\system32\lhgxpnus.exe
2008-05-08 18:08:34 125440 --a------ C:\WINDOWS\system32\stcsnlkc.dll
2008-05-07 18:11:59 2048 --a------ C:\WINDOWS\system32\burhtchl.exe
2008-05-07 18:09:13 134144 --a------ C:\WINDOWS\system32\ncidyueo.dll
2008-05-07 18:07:59 126464 --a------ C:\WINDOWS\system32\jhkdcegl.dll
2008-05-07 17:56:24 52736 -----n--- C:\WINDOWS\system32\tuvWnmmM.dll
-- Find3M Report ---------------------------------------------------------------
2008-05-09 09:07:06 0 d-------- C:\Program Files\Lavasoft
2008-05-09 09:07:04 0 d-------- C:\Documents and Settings\RobJ\Application Data\Lavasoft
2008-05-09 09:04:44 0 d-------- C:\Program Files\Common Files
2008-05-08 16:52:20 0 d-------- C:\Program Files\Java
2008-05-07 06:16:14 0 d-------- C:\Documents and Settings\RobJ\Application Data\Adobe
2008-03-14 21:00:36 0 d-------- C:\Program Files\PopCap Games
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96a9ccc6-958e-4899-a522-1a3d58aab2ec}]
2008-05-10 17:04 134656 --a------ C:\WINDOWS\system32\tdplqyaa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 00:10]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 18:43]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 18:00 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 19:46]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 14:17]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 17:47]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 16:12]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 13:21]
"Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2005-03-17 16:37]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2001-05-08 06:10]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2001-05-08 06:10]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2001-05-08 06:10]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2001-05-08 06:10]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 03:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-20 14:30]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 01:05]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 05:46]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 06:24]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-05-20 14:15:45]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-05-11 10:11:26 ------------
and:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz
CPU 1: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 894.98 MiB / 443.63 MiB
Pagefile Memory (total/avail): 1499.57 MiB / 1080.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.18 MiB
C: is Fixed (NTFS) - 55.89 GiB total, 40.49 GiB free.
D: is CDROM (No Media)
J: is Network (Unformatted)
P: is Network (Unformatted)
T: is Network (Unformatted)
W: is Network (Unformatted)
X: is Network (Unformatted)
\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.89 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\RobJ\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GAPDMGR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite A70
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\RobJ
HOMESHARE=\\svr21\robj
LOGONSERVER=\\SVR21
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RobJ\LOCALS~1\Temp
TMP=C:\DOCUME~1\RobJ\LOCALS~1\Temp
USERDNSDOMAIN=ALBIONINC.LOCAL
USERDOMAIN=ALBION
USERNAME=RobJ
USERPROFILE=C:\Documents and Settings\RobJ
VERNUM=PSA70U-00D006
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Rjorden (new local, admin)
robj.GAPDMGR (new local)
Administrator (admin)
ernieh (admin)
RobJ (admin)
agrear (admin)
mconrad (admin)
Administrator.ALBION (new local, admin, net ready)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AT&T Connection Services Manager --> C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager"
Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\Setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Cdex version 1.30 --> "C:\Program Files\CDex130\unins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
COSMOSWorks 2006 sp0 --> MsiExec.exe /I{9E48868B-26E6-4240-B16B-CAE0BCB626D7}
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
DWGeditor --> MsiExec.exe /X{F5125699-C01A-4ED8-BD3A-265DF29859FE}
eDrawings 2005 --> MsiExec.exe /I{97917FA0-00C5-4351-AD6B-87AB99C52792}
eDrawings 2006 --> MsiExec.exe /I{8C47092F-B249-43CB-A780-40274329043D}
eDrawings 2007 --> MsiExec.exe /I{75FEB085-179F-4C85-B0E4-B517D2160750}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Documents and Settings\RobJ\Desktop\Albion Utilities\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM AS/400 Client Access Express for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
IBM AS/400 Client Access Express for Windows SI11806 --> "C:\Program Files\IBM\Client Access\cwbunsp.exe"
InterVideo WinDVD for Toshiba --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Magellan RoadMate Manager North America --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E066C73-EECD-46EC-93B6-D31F2ABD9007}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Notebook Maximizer --> C:\WINDOWS\iun506.exe C:\Program Files\Notebook Maximizer\irunin.ini
pdfFactory --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst3.exe /uninstall
PDMWorks Clients 2005 --> MsiExec.exe /I{9FB978C4-FB73-42E3-9DCA-0748984D7FBF}
PDMWorks Clients 2006 sp0 --> MsiExec.exe /I{A0E5B0BB-123A-40FC-868C-8C958AC9BDDD}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek Fast Ethernet Adapter Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Roxio Burn Engine --> MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SEQUEL ViewPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5C6E763-C360-11D3-9426-0060089CDD83}\setup.exe" -L0x9
SMSC IrCC V5.1.3600.3 SP1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80D95911-28E9-40AC-A6B5-1DA6D9F14B29}\SETUP.EXE" -l0x9
SolidWorks 2007 SP0 --> MsiExec.exe /I{95FCA50A-CF7D-457E-AF69-F058F8BC2844}
SolidWorks Explorer 2007 sp0 --> MsiExec.exe /I{559FAB96-A0CD-4105-A02F-1C21DEBCEF89}
SolidWorks Installation Manager --> MsiExec.exe /X{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TOSHIBA Access --> C:\WINDOWS\TOSHIB~2\UNWISE.EXE C:\WINDOWS\TOSHIB~2\INSTALL.LOG
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
TOSHIBA Fax Extension --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC200C3-A4C8-401C-A5A8-202BE888B165}\setup.exe"
TOSHIBA Hotkey Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F821C9EC-BC2E-4FC4-993D-88B8B30C3AD6} /l1033
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Management Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F6FF691-A9FA-46D3-B1B0-3F971E1B65DD} /l1033
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
TouchPad On/Off Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F48D45F4-8728-41D5-8F60-C22B48009736} /l1033
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Desktop Search --> "C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Winferno Registry Power Cleaner --> "C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type13170 / Warning
Event Submitted/Written: 05/11/2008 10:11:18 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from GAPDMGR IP 127.0.0.1 user SYSTEM running VirusScan Enter 8.0 OAS)
Event Record #/Type13169 / Warning
Event Submitted/Written: 05/11/2008 10:11:18 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from GAPDMGR IP 127.0.0.1 user SYSTEM running VirusScan Enter 8.0 OAS)
Event Record #/Type13168 / Error
Event Submitted/Written: 05/11/2008 10:07:45 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The update failed; see event log.(from GAPDMGR IP 127.0.0.1 user SYSTEM running VirusScan Ent. 8.0.0 UPD)
Event Record #/Type13167 / Error
Event Submitted/Written: 05/11/2008 10:03:44 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type13166 / Error
Event Submitted/Written: 05/11/2008 10:03:38 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type86672 / Error
Event Submitted/Written: 05/11/2008 10:02:48 AM
Event ID/Source: 20106 / RemoteAccess
Event Description:
Unable to add the interface {EAB561CF-1820-4088-827D-9D3E0EE93E75} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.
Event Record #/Type86670 / Warning
Event Submitted/Written: 05/11/2008 10:02:48 AM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.190.17 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.
Event Record #/Type86669 / Error
Event Submitted/Written: 05/11/2008 10:02:38 AM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain ALBION due to the following:
%%1311.
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
Event Record #/Type86665 / Error
Event Submitted/Written: 05/11/2008 09:27:05 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type86664 / Warning
Event Submitted/Written: 05/11/2008 09:27:05 AM
Event ID/Source: 54 / NaiAvFilter1
Event Description:
\Device\NaiAvFilter1
-- End of Deckard's System Scanner: finished at 2008-05-11 10:11:26 ------------ | |
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
edit:
May 12th, @08:51PM
| reply to rjorden
Duplicate Post.
Please delete | |
|
