19 replies to this topic

[Eriku]

Hello

Similar to many users on this forum I was hit with the AntiVirus 2009 Protection malware. I followed the steps listed on several websites and downloaded Malwarebytes to remove it. However there is one dll that I cannot remove which is the uacinit.dll. I've tried in Safe Mode and Normal mode and cannot get rid of it.

Current programs that I have loaded are:
Trend Micro OfficeScan
Ad-Aware SE Personal
Malwarebytes

Thanks
-Eriku

Here is my log:



Malwarebytes' Anti-Malware 1.33
Database version: 1793
Windows 5.1.2600 Service Pack 2

3/4/2009 9:40:34 AM
mbam-log-2009-03-04 (09-40-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 652533
Time elapsed: 3 hour(s), 32 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

[Eriku]

My apologies, Here is my HiJackThis Log [I also removed my company internal sensitive information for some of the fields]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:49 AM, on 3/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IncrediBuild Agent Monitor] C:\Program Files\Xoreax\IncrediBuild\BuildTrayIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0410Mon.exe] C:\WINDOWS\V0410Mon.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\RunOnce: [WDM_SYSAUDIO] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_WDMAUD] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\Go.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - Global Startup: NBMonitor.bat
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SN-DBS Network View.lnk = C:\Program Files\SN Systems\Common\bin\dbsview.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://www.piclens.c...ed/plinstll.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {f2031c8e-864b-461c-b41e-407c8ce99ac0} - C:\WINDOWS\system32\mst122.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Hansoft Project Server (HPServer) - Hansoft AB - C:/Program Files/Hansoft Beta/Project Manager Server/HPMServer_x86.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDClient\xddclient.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SN-DBS v2 (SNDBS2) - SN Systems - C:\Program Files\SN Systems\Common\bin\dbsagent.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 14010 bytes

[Eriku]

I also wanted to add that

Both my Malwarebytes installation and HiJackThis installation would not run when i clicked on them. When I renamed them it was able to run.

[AdvancedSetup]

Please update MBAM

YOUR VERSION:
Malwarebytes' Anti-Malware 1.33
Database version: 1793


CURRENT VERSION:
Malwarebytes' Anti-Malware 1.34
Database version: 1819



Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

[Eriku]

Hello, here is MBAM-Log and HiJackThis Log after getting the newest version. It marked some dll's as only delete on reboot.

Thanks
-Eriku



Malwarebytes' Anti-Malware 1.34
Database version: 1821
Windows 5.1.2600 Service Pack 2

3/5/2009 1:26:31 PM
mbam-log-2009-03-05 (13-26-31).txt

Scan type: Quick Scan
Objects scanned: 115285
Time elapsed: 11 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f2031c8e-864b-461c-b41e-407c8ce99ac0} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\NETWOR~1\APPLIC~1\MACROM~1\Common\4df200bc1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\4df200bc1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\NETWOR~1\APPLIC~1\MACROM~1\Common\4df200bc1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\4df200bc1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\NETWOR~1\APPLIC~1\MACROM~1\Common\4df200bc1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\4df200bc1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\etam\APPLIC~1\MACROM~1\Common\4df200bc1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\LOCALS~1\APPLIC~1\MACROM~1\Common\4df200bc1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\UAChdyfriwm.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UAChudnvbgr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACoymriaeb.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACwwrencrb.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\UACwjaflgkh.sys (Rootkit.TDSS) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-2130522478-956128592-857424290-47854\Dc6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\etam\Local Settings\Temp\hNnPWAso.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\etam\Local Settings\Temp\jmIJEVBK.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\etam\Local Settings\Temp\UAC10ce.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UAC622f.tmp (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mst122.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACfjlixrsh.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACpiqcuhnl.log (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:13 PM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Hansoft Beta\Project Manager Server\HPMServer_x86.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\xddclient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\V0410Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\DZ5024.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamGO.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IncrediBuild Agent Monitor] C:\Program Files\Xoreax\IncrediBuild\BuildTrayIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0410Mon.exe] C:\WINDOWS\V0410Mon.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\RunOnce: [WDM_SYSAUDIO] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_WDMAUD] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r "C:\Program Files\Malwarebytes' Anti-Malware\mbamGO.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - Global Startup: NBMonitor.bat
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SN-DBS Network View.lnk = C:\Program Files\SN Systems\Common\bin\dbsview.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://www.piclens.c...ed/plinstll.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {f2031c8e-864b-461c-b41e-407c8ce99ac0} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Hansoft Project Server (HPServer) - Hansoft AB - C:/Program Files/Hansoft Beta/Project Manager Server/HPMServer_x86.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDClient\xddclient.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SN-DBS v2 (SNDBS2) - SN Systems - C:\Program Files\SN Systems\Common\bin\dbsagent.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 15757 bytes

[AdvancedSetup]

STEP 01
With all other applications closed (Taskbar empty), open HijackThis again
and run Do a system scan only and place a check mark on the following items.

• O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  
• O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  
• O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  
• O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  
• O4 - Global Startup: NBMonitor.bat
  
• O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
  
• O17 - HKLM\Software\..\Telephony: DomainName =
  
• O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
  
• O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
  
• O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
  
• O18 - Filter hijack: text/html - {f2031c8e-864b-461c-b41e-407c8ce99ac0} - (no file)
  Then Quit All Browsers including the one you're reading this in now.
  Then click on Fix checked and then quit HJT

STEP 02
Restart the PC and then run MBAM again. Update it again and do another Quick Scan.


STEP 03
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]


STEP 04
Post back all the logs.

[Eriku]

Hello,

Here are the logs after following your instructions. In the Attach and DDS log, I replace my company name with *****

Thanks
Eriku



MBAM Log

Malwarebytes' Anti-Malware 1.34
Database version: 1828
Windows 5.1.2600 Service Pack 2

3/9/2009 11:37:24 AM
mbam-log-2009-03-09 (11-37-24).txt

Scan type: Quick Scan
Objects scanned: 115680
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS Log


DDS (Ver_09-02-01.01) - NTFSx86
Run by etam at 11:37:37.05 on Mon 03/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1248 [GMT -7:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Hansoft Beta\Project Manager Server\HPMServer_x86.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\xddclient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\TEMP\QQ81E.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\V0410Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Documents and Settings\etam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://loncs01/cs/forums/default.aspx?GroupID=12
mDefault_Page_URL = hxxp://www.****************.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\Msmsgs.exe" /background
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IncrediBuild Agent Monitor] c:\program files\xoreax\incredibuild\BuildTrayIcon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [V0410Mon.exe] c:\windows\V0410Mon.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelAPMClient] "c:\program files\landesk\ldclient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
mRun: [SDClientMonitor] "c:\program files\landesk\ldclient\webportal\sdclientmonitor.exe"
mRunOnce: [WDM_SYSAUDIO] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {a7c7a5b0-5af3-11d1-9ced-00a024bf0407},{9b365890-165f-11d0-a195-0020afd156e4},{a7c7a5b1-5af3-11d1-9ced-00a024bf0407},c:\windows\inf\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
mRunOnce: [WDM_DRMKAUD0] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci,streamingdevicesetup {eec12db6-ad9c-4168-8658-b03daef417fe},{abd61e00-9350-47e2-a632-4438b90c6641},{6994ad04-93ef-11d0-a3cc-00a0c9223196},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
mRunOnce: [WDM_DRMKAUD1] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci,streamingdevicesetup {eec12db6-ad9c-4168-8658-b03daef417fe},{abd61e00-9350-47e2-a632-4438b90c6641},{2eb07ea0-7e70-11d0-a5d6-28db04c10000},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
mRunOnce: [WDM_DRMKAUD2] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci,streamingdevicesetup {eec12db6-ad9c-4168-8658-b03daef417fe},{abd61e00-9350-47e2-a632-4438b90c6641},{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e},c:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
mRunOnce: [WDM_KMIXER0] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {b7eafdc0-a680-11d0-96d8-00aa0051e51d},{9b365890-165f-11d0-a195-0020afd156e4},{ad809c00-7b88-11d0-a5d6-28db04c10000},c:\windows\inf\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
mRunOnce: [WDM_KMIXER1] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {b7eafdc0-a680-11d0-96d8-00aa0051e51d},{9b365890-165f-11d0-a195-0020afd156e4},{6994ad04-93ef-11d0-a3cc-00a0c9223196},c:\windows\inf\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
mRunOnce: [WDM_AEC0] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {4245ff73-1db4-11d2-86e4-98ae20524153},{9b365890-165f-11d0-a195-0020afd156e4},{2eb07ea0-7e70-11d0-a5d6-28db04c10000},c:\windows\inf\WDMAUDIO.inf,WDM_AEC.Interface.Install
mRunOnce: [WDM_AEC1] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {4245ff73-1db4-11d2-86e4-98ae20524153},{9b365890-165f-11d0-a195-0020afd156e4},{6994ad04-93ef-11d0-a3cc-00a0c9223196},c:\windows\inf\WDMAUDIO.inf,WDM_AEC.Interface.Install
mRunOnce: [WDM_AEC2] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {4245ff73-1db4-11d2-86e4-98ae20524153},{9b365890-165f-11d0-a195-0020afd156e4},{bf963d80-c559-11d0-8a2b-00a0c9255ac1},c:\windows\inf\WDMAUDIO.inf,WDM_AEC.Interface.Install
mRunOnce: [WDM_SWMIDI0] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {6c1b9f60-c0a9-11d0-96d8-00aa0051e51d},{9b365890-165f-11d0-a195-0020afd156e4},{2eb07ea0-7e70-11d0-a5d6-28db04c10000},c:\windows\inf\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
mRunOnce: [WDM_SWMIDI1] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {6c1b9f60-c0a9-11d0-96d8-00aa0051e51d},{9b365890-165f-11d0-a195-0020afd156e4},{dff220f3-f70f-11d0-b917-00a0c9223196},c:\windows\inf\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
mRunOnce: [WDM_SWMIDI2] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {6c1b9f60-c0a9-11d0-96d8-00aa0051e51d},{9b365890-165f-11d0-a195-0020afd156e4},{6994ad04-93ef-11d0-a3cc-00a0c9223196},c:\windows\inf\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
mRunOnce: [WDM_WDMAUD] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {cd171de3-69e5-11d2-b56d-0000f8754380},{9b365890-165f-11d0-a195-0020afd156e4},{3e227e76-690d-11d2-8161-0000f8775bf1},c:\windows\inf\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
mRunOnce: [WDM_SPLITTER0] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c},{9b365890-165f-11d0-a195-0020afd156e4},{9ea331fa-b91b-45f8-9285-bd2bc77afcde},c:\windows\inf\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
mRunOnce: [WDM_SPLITTER1] "c:\program files\landesk\ldclient\softmon.exe" /r rundll32.exe streamci.dll,streamingdevicesetup {2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c},{9b365890-165f-11d0-a195-0020afd156e4},{6994ad04-93ef-11d0-a3cc-00a0c9223196},c:\windows\inf\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sn-dbs~1.lnk - c:\program files\sn systems\common\bin\dbsview.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - hxxp://www.piclens.com/shared/plinstll.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remote.*****.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2006-8-30 70784]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2007-1-9 122880]
R2 HPServer;Hansoft Project Server;c:\program files\hansoft beta\project manager server\HPMServer_x86.exe [2009-1-14 2376808]
R2 LDXDD;LANDesk® Extended device discovery service;c:\program files\landesk\ldclient\XDDClient.exe [2007-12-12 184320]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2007-12-12 266240]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-2-27 205328]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-2-27 36368]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2007-12-12 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2007-12-12 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2007-12-12 3712]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-2-25 31616]
R3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;c:\windows\system32\drivers\V0410AFX.sys [2008-2-25 142656]
R3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;c:\windows\system32\drivers\V0410Aud.sys [2008-2-25 94720]
R3 V0410Dev;Creative Camera VF0410 Driver;c:\windows\system32\drivers\V0410Dev.sys [2008-2-25 244672]
R3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;c:\windows\system32\drivers\V0410Vfx.sys [2008-2-25 7168]
R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);c:\windows\system32\drivers\woem_3_2a.sys --> c:\windows\system32\drivers\WOEM_3_2a.sys [?]
S0 bfgvxp;bfgvxp;c:\windows\system32\drivers\iarjkmxm.sys --> c:\windows\system32\drivers\iarjkmxm.sys [?]
S0 pfjr;pfjr;c:\windows\system32\drivers\uogqat.sys --> c:\windows\system32\drivers\uogqat.sys [?]
S2 SNDBS2;SN-DBS v2;c:\program files\sn systems\common\bin\dbsagent.exe [2008-5-8 884736]
S3 mdxgthkn;mdxgthkn;c:\docume~1\etam\locals~1\temp\mdxgthkn.sys [2004-6-15 15872]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-11-30 558416]
S3 TPPWRIF;TPPWRIF;c:\documents and settings\all users\application data\vulscan\TPPWRIF.SYS [2006-9-21 4442]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-03-09 10:44 90,112 a------- c:\windows\system32\WOEM_3_2awoem.tmp
2009-03-05 13:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 13:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 12:18 <DIR> --d----- c:\docume~1\etam\applic~1\Malwarebytes
2009-03-03 12:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 12:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-02 15:54 <DIR> --d----- c:\program files\Lavasoft
2009-03-01 16:21 552 a------- c:\windows\system32\d3d8caps.dat
2009-02-10 12:56 <DIR> --d----- c:\program files\Common

==================== Find3M ====================

2009-01-28 12:17 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2008-02-25 17:29 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-04-24 14:52 0 a------- c:\documents and settings\etam\WoW-2.0.3.6299-to-2.0.12.6546-enUS-patch.exe
2007-04-24 14:51 0 a------- c:\documents and settings\etam\WoW-1.12.0-enUS-patch.exe
2008-02-25 16:49 75 ---shr-- c:\windows\CT4CET.bin
2008-06-24 16:39 852 a--sh--- c:\windows\system32\microsoft\protect\s-1-5-18\BK-*****.COM

============= FINISH: 11:38:02.90 ===============

Attach Log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2006 1:08:41 PM
System Uptime: 3/9/2009 9:43:32 AM (2 hours ago)

Motherboard: Intel Corporation | | D975XBX2
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | J3E1 | 2133/266mhz
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | J3E1 | 2133/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 373 GiB total, 117.053 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 838 GiB total, 90.088 GiB free.
U: is NetworkDisk (NTFS) - 1 GiB total, 21.566 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP725: 11/30/2008 1:54:47 AM - System Checkpoint
RP726: 12/1/2008 2:54:23 AM - System Checkpoint
RP727: 12/2/2008 3:51:45 AM - System Checkpoint
RP728: 12/3/2008 3:54:34 AM - System Checkpoint
RP729: 12/4/2008 3:55:09 AM - System Checkpoint
RP730: 12/5/2008 4:00:12 AM - System Checkpoint
RP731: 12/6/2008 5:07:13 AM - System Checkpoint
RP732: 12/7/2008 5:54:39 AM - System Checkpoint
RP733: 12/8/2008 6:54:46 AM - System Checkpoint
RP734: 12/9/2008 7:54:42 AM - System Checkpoint
RP735: 12/9/2008 1:37:19 PM - Installed Java™ 6 Update 11
RP736: 12/9/2008 1:38:27 PM - Installed MSN Toolbar Setup
RP737: 12/9/2008 2:16:48 PM - Software Distribution Service 3.0
RP738: 12/10/2008 2:28:30 PM - System Checkpoint
RP739: 12/11/2008 5:32:13 PM - System Checkpoint
RP740: 12/12/2008 2:31:44 PM - Software Distribution Service 3.0
RP741: 12/13/2008 2:48:17 PM - System Checkpoint
RP742: 12/14/2008 3:45:55 PM - System Checkpoint
RP743: 12/15/2008 4:34:58 PM - System Checkpoint
RP744: 12/16/2008 11:42:09 AM - Installed DirectX
RP745: 12/16/2008 11:46:56 AM - Installed Maya 2009
RP746: 12/17/2008 12:02:15 PM - System Checkpoint
RP747: 12/18/2008 12:17:58 PM - System Checkpoint
RP748: 12/19/2008 1:01:54 PM - System Checkpoint
RP749: 12/20/2008 1:07:10 PM - System Checkpoint
RP750: 12/21/2008 2:06:57 PM - System Checkpoint
RP751: 12/22/2008 1:34:02 PM - Installed Star Wars®: Knights of the Old Republic ™
RP752: 12/23/2008 2:21:05 PM - System Checkpoint
RP753: 12/24/2008 3:07:04 PM - System Checkpoint
RP754: 12/25/2008 4:06:15 PM - System Checkpoint
RP755: 12/26/2008 4:07:10 PM - System Checkpoint
RP756: 12/27/2008 4:07:30 PM - System Checkpoint
RP757: 12/28/2008 5:07:07 PM - System Checkpoint
RP758: 12/29/2008 6:07:12 PM - System Checkpoint
RP759: 12/30/2008 7:05:18 PM - System Checkpoint
RP760: 12/31/2008 7:07:15 PM - System Checkpoint
RP761: 1/1/2009 7:07:39 PM - System Checkpoint
RP762: 1/2/2009 8:07:17 PM - System Checkpoint
RP763: 1/3/2009 9:07:19 PM - System Checkpoint
RP764: 1/4/2009 10:07:27 PM - System Checkpoint
RP765: 1/5/2009 11:06:05 PM - System Checkpoint
RP766: 1/6/2009 11:07:19 PM - System Checkpoint
RP767: 1/7/2009 11:19:21 PM - System Checkpoint
RP768: 1/9/2009 12:04:50 AM - System Checkpoint
RP769: 1/9/2009 4:09:07 PM - Software Distribution Service 3.0
RP770: 1/12/2009 12:21:36 PM - System Checkpoint
RP771: 1/13/2009 2:48:20 PM - System Checkpoint
RP772: 1/14/2009 3:56:01 PM - System Checkpoint
RP773: 1/15/2009 5:36:07 PM - System Checkpoint
RP774: 1/19/2009 1:47:09 PM - System Checkpoint
RP775: 1/20/2009 2:59:23 PM - System Checkpoint
RP776: 1/21/2009 4:25:47 PM - System Checkpoint
RP777: 1/22/2009 6:00:56 PM - System Checkpoint
RP778: 1/23/2009 6:12:49 PM - System Checkpoint
RP779: 1/24/2009 7:13:22 PM - System Checkpoint
RP780: 1/25/2009 8:10:54 PM - System Checkpoint
RP781: 1/26/2009 8:12:52 PM - System Checkpoint
RP782: 1/28/2009 11:19:56 AM - Installed DirectX
RP783: 1/28/2009 11:21:34 AM - Installed Windows XP WIC.
RP784: 1/28/2009 11:21:57 AM - Installed %1 %2.
RP785: 1/28/2009 11:22:06 AM - Printer Driver Microsoft XPS Document Writer Installed
RP786: 1/28/2009 11:54:50 AM - Installed Windows XP WIC.
RP787: 1/28/2009 11:55:13 AM - Installed %1 %2.
RP788: 1/28/2009 11:55:22 AM - Printer Driver Microsoft XPS Document Writer Installed
RP789: 1/28/2009 11:56:25 AM - Installed DirectX
RP790: 1/28/2009 11:57:46 AM - Installed Fallout 3
RP791: 1/29/2009 12:02:12 PM - System Checkpoint
RP792: 1/30/2009 12:04:08 PM - System Checkpoint
RP793: 1/31/2009 1:03:48 PM - System Checkpoint
RP794: 2/1/2009 1:04:07 PM - System Checkpoint
RP795: 2/2/2009 7:00:02 PM - System Checkpoint
RP796: 2/3/2009 10:05:01 PM - System Checkpoint
RP797: 2/4/2009 11:04:15 PM - System Checkpoint
RP798: 2/5/2009 11:16:17 PM - System Checkpoint
RP799: 2/7/2009 12:21:02 AM - System Checkpoint
RP800: 2/8/2009 1:16:15 AM - System Checkpoint
RP801: 2/9/2009 2:04:16 AM - System Checkpoint
RP802: 2/10/2009 3:04:21 AM - System Checkpoint
RP803: 2/11/2009 3:16:18 AM - System Checkpoint
RP804: 2/12/2009 4:16:19 AM - System Checkpoint
RP805: 2/12/2009 6:50:16 PM - Software Distribution Service 3.0
RP806: 2/13/2009 6:54:06 PM - System Checkpoint
RP807: 2/14/2009 7:54:37 PM - System Checkpoint
RP808: 2/15/2009 8:54:04 PM - System Checkpoint
RP809: 2/16/2009 9:54:34 PM - System Checkpoint
RP810: 2/17/2009 10:54:06 PM - System Checkpoint
RP811: 2/18/2009 11:54:04 PM - System Checkpoint
RP812: 2/19/2009 11:54:35 PM - System Checkpoint
RP813: 2/23/2009 10:45:22 AM - System Checkpoint
RP814: 2/24/2009 3:54:59 PM - System Checkpoint
RP815: 2/25/2009 4:42:25 PM - System Checkpoint
RP816: 2/26/2009 6:45:03 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
ACDSee Pro
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
Advanced Audio FX Engine
Advanced Video FX Engine
Autodesk DirectConnect 2.0
Autodesk DirectConnect 2009
Buccaneer: The Pursuit of Infamy Demo
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Manager
Creative Live! Cam User's Guide
Creative Live! Cam Video IM Pro (VF0410) (1.00.06.00)
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
DivX Content Uploader
DivX Web Player
Fallout 3
Google Talk (remove only)
Google Toolbar for Firefox
Hansoft Project Manager Client
Hansoft Project Manager Server
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for 2007 Microsoft Office system 2007 (KB936864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel Audio Studio 2.0
Intel® PRO Network Connections
iTunes
Java™ 6 Update 11
Juniper Networks Host Checker
Juniper Terminal Services Client
LANDesk Advance Agent
LANDesk® Common Base Agent 8
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Maya 2009
Maya 8.0
Maya 8.0 Documentation (en_US)
Maya 8.5
Maya 8.5 Documentation (en_US)
Mayhem Intergalactic Demo
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft FrontPage Client - English
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Managed DirectX (1126)
Microsoft National Language Support Downlevel APIs
Microsoft Office Communicator 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Beta2 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Windows Journal Viewer
Microsoft Xbox 360 SDK 2.0.5632.2
Mount and Blade Demo
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.6)
MSDN Library for Visual Studio .NET 2003
MSDN Library for Visual Studio 2005
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Drivers
OpenOffice.org Installer 1.0
Perforce Core Components
PicLens for Internet Explorer
PicLens Publisher
Post-it® Software Notes Lite
ProView for PlayStation 2
QuickTime
ScrumWorks Basic Client
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sentinel System Driver
SigmaTel Audio
SketchUp 4.0
Skype™ 3.6
SN Systems ProDG for PLAYSTATION®3 v210.2.0
SN Systems ProDG Visual Studio Integration v1.7.10
SN Systems SN-DBS v2.0.44
Star Wars®: Knights of the Old Republic ™
Steam
TestTrack
TestTrack Pro
TF2
Time Zone Data Update Tool for Microsoft Office Outlook
TreeSize Free V2.1
Trend Micro OfficeScan Client
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Veoh Web Player Beta
VideoLAN VLC media player 0.8.6b
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
VNC Free Edition 4.1.2
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/3/2009 11:03:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/3/2009 10:33:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi
3/3/2009 10:33:08 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/3/2009 10:33:08 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/3/2009 10:33:08 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/3/2009 10:33:08 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2009 11:06:38 AM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
3/2/2009 11:05:14 AM, error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.
3/2/2009 9:59:34 AM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
3/2/2009 9:57:52 AM, error: NETLOGON [5719] - No Domain Controller is available for domain *****.COM due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
3/3/2009 11:15:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm tmtdi
3/3/2009 11:16:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/3/2009 3:25:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mv61xx ohci1394 tmtdi
3/9/2009 9:45:43 AM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
3/9/2009 10:21:18 AM, error: Service Control Manager [7034] - The LANDesk Targeted Multicast service terminated unexpectedly. It has done this 1 time(s).
3/9/2009 10:21:20 AM, error: Service Control Manager [7034] - The OfficeScan NT Listener service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Attached Files

•  Attach.txt   20.33K   18 downloads
•  DDS.txt   15.07K   18 downloads

[AdvancedSetup]

Well I can appreciate the fact that you don't want the information on a public forum, however you may have something here that does not belong but I'm not sure as you edited it out.
c:\windows\system32\microsoft\protect\s-1-5-18\BK-*****.COM

You need to check and update your Adobe Acrobat software. It has old exploited code.
Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat


STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::

Driver::
bfgvxp
pfjr
mdxgthkn

File::
c:\windows\system32\drivers\iarjkmxm.sys
c:\windows\system32\drivers\uogqat.sys
c:\docume~1\etam\locals~1\temp\mdxgthkn.sys
c:\windows\system32\WOEM_3_2awoem.tmp

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  
• Disconnect from the Internet.
  
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

Download and install CCleaner

• CCleaner
  
• Double-click on the downloaded file "ccsetup217.exe" and install the application.
  
• Keep the default installation folder "C:\Program Files\CCleaner"
  
• Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
  
• Click finish when done and close ALL PROGRAMS
  
• Start the CCleaner program.
  
• Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  
• Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  
• Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  
• Click on Run Cleaner button on the bottom right side of the program.
  
• Click OK to any prompts

STEP 03
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

[Eriku]

Hello AdvanceSetup,

Is there anyway to send you the files privately so that you can analyze the logs properly and without me having to reveal private information?

Thanks
-Eriku

[AdvancedSetup]

You can send me a Private Message with an un-edited log and I'll take a look.

[Eriku]

Hello AdvanceSetup

I sent you the unedited version to you through the private message system.

I have updated Adobe Reader but am holding off the ComboFix step incase there are any changes needed that you see from the RAW log files?

Thanks
-Eric

[AdvancedSetup]

The one file I mentioned that end in .com - if you're aware of it and what its for then that's fine, otherwise I'd remove it.

Please proceed with the Combofix script.

[Eriku]

Hello AdvancedSetup,

Sorry for the late reply. I was trying to turn Trendmicro office scan off before the ComboFix. I tried killing off all the processes and "net stop" two fo the processes and was hoping that it was enough for it to not interfere with ComboFix. Combofix did complete and rebooted my PC but my applications started to open up before Combofix finished. I hope that was okay.

Here are the Combo Fix, MBam and HiJackThis logs. Again i replaced my Private information with *****

Thanks
Eriku

ComboFix

ComboFix 09-03-10.03 - etam 2009-03-13 9:35:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1408 [GMT -7:00]
Running from: c:\documents and settings\etam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\etam\Desktop\CFScript.txt
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated)
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\docume~1\etam\locals~1\temp\mdxgthkn.sys
c:\windows\system32\drivers\iarjkmxm.sys
c:\windows\system32\drivers\uogqat.sys
c:\windows\system32\microsoft\protect\s-1-5-18\BK-*****.COM
c:\windows\system32\WOEM_3_2awoem.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\etam\locals~1\temp\mdxgthkn.sys
C:\install.exe
c:\program files\Common\helper.sig
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\microsoft\protect\s-1-5-18\BK-*****.COM
c:\windows\system32\WOEM_3_2awoem.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MDXGTHKN
-------\Service_bfgvxp
-------\Service_mdxgthkn
-------\Service_pfjr
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-05 13:01 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 13:01 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 12:18 . 2009-03-03 12:18 <DIR> d-------- c:\documents and settings\etam\Application Data\Malwarebytes
2009-03-03 12:17 . 2009-03-05 13:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 12:17 . 2009-03-03 12:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-03 12:03 . 2009-03-03 12:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-03-02 15:54 . 2009-03-02 15:54 <DIR> d-------- c:\program files\Lavasoft
2009-03-02 15:54 . 2009-03-02 15:54 <DIR> d-------- c:\documents and settings\etam\Application Data\Lavasoft
2009-03-01 16:21 . 2009-03-01 16:21 552 --a------ c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 17:48 --------- d-----w c:\documents and settings\etam\Application Data\skypePM
2009-03-13 17:48 --------- d-----w c:\documents and settings\etam\Application Data\Skype
2009-03-13 17:47 --------- d-----w c:\program files\Steam
2009-03-13 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\vulScan
2009-03-13 16:35 --------- d-----w c:\program files\Common
2009-03-09 21:38 --------- d-----w c:\program files\Common Files\Adobe
2009-03-09 21:15 --------- d-----w c:\documents and settings\etam\Application Data\AdobeUM
2009-03-04 19:13 --------- d-----w c:\program files\Trend Micro
2009-03-02 22:54 --------- d-----w c:\documents and settings\dhong\Application Data\Lavasoft
2009-01-28 19:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-28 19:57 --------- d-----w c:\program files\Bethesda Softworks
2009-01-28 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2009-01-28 19:22 --------- d-----w c:\program files\Reference Assemblies
2009-01-19 21:22 --------- d-----w c:\program files\Hansoft Beta
2008-02-26 00:29 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-04-24 21:52 0 ----a-w c:\documents and settings\etam\WoW-2.0.3.6299-to-2.0.12.6546-enUS-patch.exe
2007-04-24 21:51 0 ----a-w c:\documents and settings\etam\WoW-1.12.0-enUS-patch.exe
2006-06-16 04:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-26 02:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 22:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 21:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 20:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-11 02:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 19:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 19:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 19:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 19:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-01-23 02:05 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-01-23 02:05 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-01-23 02:05 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-01-23 02:05 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-01-23 02:05 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-02-25 23:49 75 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\Msmsgs.exe" [2005-08-31 1658592]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\steam\steam.exe" [2008-11-11 1410296]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-09-27 3497208]
"CTRegRun"="c:\windows\CTRegRun.EXE" [2006-10-05 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-17 8478720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 710000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-17 81920]
"V0410Mon.exe"="c:\windows\V0410Mon.exe" [2007-06-06 32768]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2007-12-07 5720072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"IntelAPMClient"="c:\program files\LANDesk\LDClient\amclient.exe" [2008-01-07 331776]
"SDClientMonitor"="c:\program files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2007-11-29 262144]
"nwiz"="nwiz.exe" [2007-08-17 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WDM_SYSAUDIO"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_DRMKAUD0"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_DRMKAUD1"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_DRMKAUD2"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_KMIXER0"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_KMIXER1"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_AEC0"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_AEC1"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_AEC2"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_SWMIDI0"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_SWMIDI1"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_SWMIDI2"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_WDMAUD"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_SPLITTER0"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]
"WDM_SPLITTER1"="c:\program files\LANDesk\LDClient\softmon.exe" [2007-11-15 266240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
SN-DBS Network View.lnk - c:\program files\SN Systems\Common\bin\dbsview.exe [2008-05-08 1024000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=HostCheck.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-33954\Scripts\Logon\0\0]
"Script"=MPK_IT_login_script.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-33954\Scripts\Logon\0\1]
"Script"=MPK_local_admin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-34606\Scripts\Logon\0\0]
"Script"=\\*****.com\SysVol\*****.com\scripts\sfostd.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-47260\Scripts\Logon\0\0]
"Script"=MPK_IT_login_script.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-47260\Scripts\Logon\0\1]
"Script"=MPK_local_admin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-47854\Scripts\Logon\0\0]
"Script"=MPK_ST_login_script.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-47854\Scripts\Logon\0\1]
"Script"=MPK_local_admin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-9218\Scripts\Logon\0\0]
"Script"=MPK_IT_login_script.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2130522478-956128592-857424290-9218\Scripts\Logon\0\1]
"Script"=MPK_local_admin.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^dhong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\dhong\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2006-08-02 18:17 9134080 c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
"c:\\Program Files\\LANDesk\\LDClient\\xddclient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"19503:TCP"= 19503:TCP:Trend Micro OfficeScan Listener

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2006-08-30 70784]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [2007-01-09 122880]
R2 HPServer;Hansoft Project Server;c:\program files\Hansoft Beta\Project Manager Server\HPMServer_x86.exe [2009-01-14 2376808]
R2 LDXDD;LANDesk® Extended device discovery service;c:\program files\LANDesk\LDClient\XDDClient.exe [2007-12-12 184320]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [2007-12-12 266240]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [2008-02-27 205328]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2008-02-27 36368]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2007-12-12 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2007-12-12 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2007-12-12 3712]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-02-25 31616]
R3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;c:\windows\system32\drivers\V0410AFX.sys [2008-02-25 142656]
R3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;c:\windows\system32\drivers\V0410Aud.sys [2008-02-25 94720]
R3 V0410Dev;Creative Camera VF0410 Driver;c:\windows\system32\drivers\V0410Dev.sys [2008-02-25 244672]
R3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;c:\windows\system32\drivers\V0410Vfx.sys [2008-02-25 7168]
R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);c:\windows\system32\drivers\WOEM_3_2a.sys --> c:\windows\system32\drivers\WOEM_3_2a.sys [?]
S2 SNDBS2;SN-DBS v2;c:\program files\SN Systems\Common\bin\dbsagent.exe [2008-05-08 884736]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2007-11-30 558416]
S3 TPPWRIF;TPPWRIF;c:\documents and settings\All Users\Application Data\vulScan\TPPWRIF.SYS [2006-09-21 4442]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\FalloutLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d52cc925-7b72-11dd-98f3-0019d10e0eb8}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-IncrediBuild Agent Monitor - c:\program files\Xoreax\IncrediBuild\BuildTrayIcon.exe
HKLM-Run-SigmatelSysTrayApp - sttray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://loncs01/cs/forums/default.aspx?GroupID=12
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - hxxp://www.piclens.com/shared/plinstll.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 10:50:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPServer]
"ImagePath"="\"C:/Program Files/Hansoft Beta/Project Manager Server/HPMServer_x86.exe\" -Service HPServer"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPServer]
"ImagePath"="\"C:/Program Files/Hansoft Beta/Project Manager Server/HPMServer_x86.exe\" -Service HPServer"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\windows\system32\cba\pds.exe
c:\program files\LANDesk\LDClient\tmcsvc.exe
c:\progra~1\LANDesk\LDClient\issuser.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe
c:\windows\system32\nvsvc32.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Trend Micro\OfficeScan Client\TmListen.exe
c:\progra~1\LANDesk\LDClient\collector.exe
c:\progra~1\LANDesk\LDClient\LDRegWatch.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\temp\SPD45.EXE
c:\progra~1\LANDesk\LDClient\rcgui.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-03-13 10:57:47 - machine was rebooted [etam]
ComboFix-quarantined-files.txt 2009-03-13 17:57:44

Pre-Run: 126,084,313,088 bytes free
Post-Run: 128,447,389,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

265 --- E O F --- 2009-03-02 18:51:51


MBAM LOG

Malwarebytes' Anti-Malware 1.34
Database version: 1845
Windows 5.1.2600 Service Pack 2

2009-03-13 11:21:30
mbam-log-2009-03-13 (11-21-30).txt

Scan type: Quick Scan
Objects scanned: 96417
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21, on 2009-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Hansoft Beta\Project Manager Server\HPMServer_x86.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\xddclient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\SPD45.EXE
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\V0410Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamGO.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loncs01/cs/fo...aspx?GroupID=12
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0410Mon.exe] C:\WINDOWS\V0410Mon.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\RunOnce: [WDM_SYSAUDIO] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_WDMAUD] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SN-DBS Network View.lnk = C:\Program Files\SN Systems\Common\bin\dbsview.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://www.piclens.c...ed/plinstll.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Hansoft Project Server (HPServer) - Hansoft AB - C:/Program Files/Hansoft Beta/Project Manager Server/HPMServer_x86.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDClient\xddclient.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SN-DBS v2 (SNDBS2) - SN Systems - C:\Program Files\SN Systems\Common\bin\dbsagent.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 14811 bytes

[AdvancedSetup]

STEP 01
Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location and post it back when you reply
  
  Then look for the following Java folders and if found delete them.
  C:\Program Files\Java
  C:\Program Files\Common Files\Java
  C:\Documents and Settings\All Users\Application Data\Java
  C:\Documents and Settings\All Users\Application Data\Sun\Java
  C:\Documents and Settings\username\Application Data\Java
  C:\Documents and Settings\username\Application Data\Sun\Java

STEP 02
Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat

STEP 03
With all other applications closed (Taskbar empty), open HijackThis again
and run Do a system scan only and place a check mark on the following items.

• O4 - HKLM\..\RunOnce: [WDM_SYSAUDIO] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_DRMKAUD0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_DRMKAUD1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_DRMKAUD2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_KMIXER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_KMIXER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_AEC0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_AEC1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_AEC2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_SWMIDI0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_SWMIDI1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_SWMIDI2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_WDMAUD] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
  
• O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
  
• O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
  Then Quit All Browsers including the one you're reading this in now.
  Then click on Fix checked and then quit HJT

How is the computer running now?
Are there still any signs of an infection?

[Eriku]

Hello AdvancedSetup,

Thank you so much for all your assistance! There doesn't seem to be any sign of infection as in no redirection of the browser or pop ups or detection by Trend / Malware byts

Here is the JavaRa log below too.

Just wanted to ask, I want to protect my home PC just incase of future malware, will MalwareBytes be enough or should i also get additional anti virus??

Thanks
_Eriku


JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Mar 17 08:28:44 2009

------------------------------------

Finished reporting.

[AdvancedSetup]

MBAM is not an Anti-Virus product and you would still need an Anti-Virus product that is updated daily and offers live continuous protection.
I believe you're running Trend Anti-Virus already, so just make sure that it is set to get updates every day and do scans at least once a week.


Please run the following so that we can verify that all is okay now.


Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.



Then run this please.

[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]

[Eriku]

Hello Advance, here are my logs!

Thanks again,
Eriku

Malwarebytes' Anti-Malware 1.34
Database version: 1845
Windows 5.1.2600 Service Pack 2

2009-03-20 11:35:42
mbam-log-2009-03-20 (11-35-42).txt

Scan type: Quick Scan
Objects scanned: 98592
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36, on 2009-03-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Hansoft Beta\Project Manager Server\HPMServer_x86.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\LANDesk\LDClient\xddclient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\V0410Mon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\TEMP\STBC40.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loncs01/cs/fo...aspx?GroupID=12
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0410Mon.exe] C:\WINDOWS\V0410Mon.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SN-DBS Network View.lnk = C:\Program Files\SN Systems\Common\bin\dbsview.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://www.piclens.c...ed/plinstll.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.*****.com/dana-cached/setup/...perSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = *****.com
O17 - HKLM\Software\..\Telephony: DomainName = *****.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = *****.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = *****.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Hansoft Project Server (HPServer) - Hansoft AB - C:/Program Files/Hansoft Beta/Project Manager Server/HPMServer_x86.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDClient\xddclient.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SN-DBS v2 (SNDBS2) - SN Systems - C:\Program Files\SN Systems\Common\bin\dbsagent.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9688 bytes



DDS (Ver_09-02-01.01) - NTFSx86
Run by etam at 11:36:33.93 on 2009-03-20
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1295 [GMT -7:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Hansoft Beta\Project Manager Server\HPMServer_x86.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\LANDesk\LDClient\xddclient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\V0410Mon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\TEMP\STBC40.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\etam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://loncs01/cs/forums/default.aspx?GroupID=12
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
uRun: [MSMSGS] "c:\program files\messenger\Msmsgs.exe" /background
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [V0410Mon.exe] c:\windows\V0410Mon.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [IntelAPMClient] "c:\program files\landesk\ldclient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
mRun: [SDClientMonitor] "c:\program files\landesk\ldclient\webportal\sdclientmonitor.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sn-dbs~1.lnk - c:\program files\sn systems\common\bin\dbsview.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - hxxp://www.piclens.com/shared/plinstll.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remote.*****.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2006-8-30 70784]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2007-1-9 122880]
R2 HPServer;Hansoft Project Server;c:\program files\hansoft beta\project manager server\HPMServer_x86.exe [2009-1-14 2376808]
R2 LDXDD;LANDesk® Extended device discovery service;c:\program files\landesk\ldclient\XDDClient.exe [2007-12-12 184320]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2007-12-12 266240]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-2-27 205328]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-2-27 36368]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2007-12-12 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2007-12-12 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2007-12-12 3712]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-2-25 31616]
R3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;c:\windows\system32\drivers\V0410AFX.sys [2008-2-25 142656]
R3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;c:\windows\system32\drivers\V0410Aud.sys [2008-2-25 94720]
R3 V0410Dev;Creative Camera VF0410 Driver;c:\windows\system32\drivers\V0410Dev.sys [2008-2-25 244672]
R3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;c:\windows\system32\drivers\V0410Vfx.sys [2008-2-25 7168]
R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);c:\windows\system32\drivers\woem_3_2a.sys --> c:\windows\system32\drivers\WOEM_3_2a.sys [?]
S2 SNDBS2;SN-DBS v2;c:\program files\sn systems\common\bin\dbsagent.exe [2008-5-8 884736]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-11-30 558416]
S3 TPPWRIF;TPPWRIF;c:\documents and settings\all users\application data\vulscan\TPPWRIF.SYS [2006-9-21 4442]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-03-17 07:33 268 a---h--- C:\sqmdata04.sqm
2009-03-17 07:33 244 a---h--- C:\sqmnoopt04.sqm
2009-03-17 07:20 90,112 a------- c:\windows\system32\WOEM_3_2awoem.tmp
2009-03-13 11:01 <DIR> --d----- c:\program files\CCleaner
2009-03-13 11:01 268 a---h--- C:\sqmdata03.sqm
2009-03-13 11:01 244 a---h--- C:\sqmnoopt03.sqm
2009-03-13 09:28 <DIR> a-dshr-- C:\cmdcons
2009-03-13 09:26 161,792 a------- c:\windows\SWREG.exe
2009-03-13 09:26 98,816 a------- c:\windows\sed.exe
2009-03-13 09:26 <DIR> --d----- C:\ComboFix
2009-03-05 13:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-05 13:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 12:18 <DIR> --d----- c:\docume~1\etam\applic~1\Malwarebytes
2009-03-03 12:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 12:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-02 15:54 <DIR> --d----- c:\program files\Lavasoft
2009-03-01 16:21 552 a------- c:\windows\system32\d3d8caps.dat

==================== Find3M ====================

2009-03-13 09:58 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-28 12:17 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2008-02-25 17:29 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-04-24 14:52 0 a------- c:\documents and settings\etam\WoW-2.0.3.6299-to-2.0.12.6546-enUS-patch.exe
2007-04-24 14:51 0 a------- c:\documents and settings\etam\WoW-1.12.0-enUS-patch.exe
2008-02-25 16:49 75 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 11:37:01.97 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-12-13 13:08:41
System Uptime: 2009-03-17 07:19:44 (76 hours ago)

Motherboard: Intel Corporation | | D975XBX2
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | J3E1 | 2133/266mhz
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | J3E1 | 2133/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 373 GiB total, 120.045 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 838 GiB total, 86.823 GiB free.
U: is NetworkDisk (NTFS) - 1 GiB total, 21.362 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP749: 2008-12-20 13:07:10 - System Checkpoint
RP750: 2008-12-21 14:06:57 - System Checkpoint
RP751: 2008-12-22 13:34:02 - Installed Star Wars®: Knights of the Old Republic ™
RP752: 2008-12-23 14:21:05 - System Checkpoint
RP753: 2008-12-24 15:07:04 - System Checkpoint
RP754: 2008-12-25 16:06:15 - System Checkpoint
RP755: 2008-12-26 16:07:10 - System Checkpoint
RP756: 2008-12-27 16:07:30 - System Checkpoint
RP757: 2008-12-28 17:07:07 - System Checkpoint
RP758: 2008-12-29 18:07:12 - System Checkpoint
RP759: 2008-12-30 19:05:18 - System Checkpoint
RP760: 2008-12-31 19:07:15 - System Checkpoint
RP761: 2009-01-01 19:07:39 - System Checkpoint
RP762: 2009-01-02 20:07:17 - System Checkpoint
RP763: 2009-01-03 21:07:19 - System Checkpoint
RP764: 2009-01-04 22:07:27 - System Checkpoint
RP765: 2009-01-05 23:06:05 - System Checkpoint
RP766: 2009-01-06 23:07:19 - System Checkpoint
RP767: 2009-01-07 23:19:21 - System Checkpoint
RP768: 2009-01-09 00:04:50 - System Checkpoint
RP769: 2009-01-09 16:09:07 - Software Distribution Service 3.0
RP770: 2009-01-12 12:21:36 - System Checkpoint
RP771: 2009-01-13 14:48:20 - System Checkpoint
RP772: 2009-01-14 15:56:01 - System Checkpoint
RP773: 2009-01-15 17:36:07 - System Checkpoint
RP774: 2009-01-19 13:47:09 - System Checkpoint
RP775: 2009-01-20 14:59:23 - System Checkpoint
RP776: 2009-01-21 16:25:47 - System Checkpoint
RP777: 2009-01-22 18:00:56 - System Checkpoint
RP778: 2009-01-23 18:12:49 - System Checkpoint
RP779: 2009-01-24 19:13:22 - System Checkpoint
RP780: 2009-01-25 20:10:54 - System Checkpoint
RP781: 2009-01-26 20:12:52 - System Checkpoint
RP782: 2009-01-28 11:19:56 - Installed DirectX
RP783: 2009-01-28 11:21:34 - Installed Windows XP WIC.
RP784: 2009-01-28 11:21:57 - Installed %1 %2.
RP785: 2009-01-28 11:22:06 - Printer Driver Microsoft XPS Document Writer Installed
RP786: 2009-01-28 11:54:50 - Installed Windows XP WIC.
RP787: 2009-01-28 11:55:13 - Installed %1 %2.
RP788: 2009-01-28 11:55:22 - Printer Driver Microsoft XPS Document Writer Installed
RP789: 2009-01-28 11:56:25 - Installed DirectX
RP790: 2009-01-28 11:57:46 - Installed Fallout 3
RP791: 2009-01-29 12:02:12 - System Checkpoint
RP792: 2009-01-30 12:04:08 - System Checkpoint
RP793: 2009-01-31 13:03:48 - System Checkpoint
RP794: 2009-02-01 13:04:07 - System Checkpoint
RP795: 2009-02-02 19:00:02 - System Checkpoint
RP796: 2009-02-03 22:05:01 - System Checkpoint
RP797: 2009-02-04 23:04:15 - System Checkpoint
RP798: 2009-02-05 23:16:17 - System Checkpoint
RP799: 2009-02-07 00:21:02 - System Checkpoint
RP800: 2009-02-08 01:16:15 - System Checkpoint
RP801: 2009-02-09 02:04:16 - System Checkpoint
RP802: 2009-02-10 03:04:21 - System Checkpoint
RP803: 2009-02-11 03:16:18 - System Checkpoint
RP804: 2009-02-12 04:16:19 - System Checkpoint
RP805: 2009-02-12 18:50:16 - Software Distribution Service 3.0
RP806: 2009-02-13 18:54:06 - System Checkpoint
RP807: 2009-02-14 19:54:37 - System Checkpoint
RP808: 2009-02-15 20:54:04 - System Checkpoint
RP809: 2009-02-16 21:54:34 - System Checkpoint
RP810: 2009-02-17 22:54:06 - System Checkpoint
RP811: 2009-02-18 23:54:04 - System Checkpoint
RP812: 2009-02-19 23:54:35 - System Checkpoint
RP813: 2009-02-23 10:45:22 - System Checkpoint
RP814: 2009-02-24 15:54:59 - System Checkpoint
RP815: 2009-02-25 16:42:25 - System Checkpoint
RP816: 2009-02-26 18:45:03 - System Checkpoint
RP817: 2009-03-09 11:09:34 - System Checkpoint
RP818: 2009-03-09 13:38:29 - Installed Adobe Reader 7.1.0
RP819: 2009-03-10 13:47:40 - System Checkpoint
RP820: 2009-03-11 13:59:39 - System Checkpoint
RP821: 2009-03-12 14:58:48 - System Checkpoint
RP822: 2009-03-13 08:26:49 - ComboFix created restore point
RP823: 2009-03-14 08:43:17 - System Checkpoint
RP824: 2009-03-15 10:43:18 - System Checkpoint
RP825: 2009-03-16 11:44:25 - System Checkpoint
RP826: 2009-03-17 07:16:19 - Removed Adobe Reader 7.1.0
RP827: 2009-03-17 08:25:42 - Removed Java™ 6 Update 10
RP828: 2009-03-18 09:24:59 - System Checkpoint
RP829: 2009-03-19 10:25:54 - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
ACDSee Pro
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Advanced Audio FX Engine
Advanced Video FX Engine
Autodesk DirectConnect 2.0
Autodesk DirectConnect 2009
Buccaneer: The Pursuit of Infamy Demo
CCleaner (remove only)
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Manager
Creative Live! Cam User's Guide
Creative Live! Cam Video IM Pro (VF0410) (1.00.06.00)
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
DivX Content Uploader
DivX Web Player
Fallout 3
Google Talk (remove only)
Google Toolbar for Firefox
Hansoft Project Manager Client
Hansoft Project Manager Server
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for 2007 Microsoft Office system 2007 (KB936864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel Audio Studio 2.0
Intel® PRO Network Connections
iTunes
Juniper Networks Host Checker
Juniper Terminal Services Client
LANDesk Advance Agent
LANDesk® Common Base Agent 8
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
Maya 2009
Maya 8.0
Maya 8.0 Documentation (en_US)
Maya 8.5
Maya 8.5 Documentation (en_US)
Mayhem Intergalactic Demo
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft FrontPage Client - English
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Managed DirectX (1126)
Microsoft National Language Support Downlevel APIs
Microsoft Office Communicator 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Beta2 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Windows Journal Viewer
Microsoft Xbox 360 SDK 2.0.5632.2
Mount and Blade Demo
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.6)
MSDN Library for Visual Studio .NET 2003
MSDN Library for Visual Studio 2005
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Drivers
OpenOffice.org Installer 1.0
Perforce Core Components
PicLens for Internet Explorer
PicLens Publisher
Post-it® Software Notes Lite
ProView for PlayStation 2
QuickTime
ScrumWorks Basic Client
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sentinel System Driver
SigmaTel Audio
SketchUp 4.0
Skype™ 3.6
SN Systems ProDG for PLAYSTATION®3 v210.2.0
SN Systems ProDG Visual Studio Integration v1.7.10
SN Systems SN-DBS v2.0.44
Star Wars®: Knights of the Old Republic ™
Steam
TestTrack
TestTrack Pro
TF2
Time Zone Data Update Tool for Microsoft Office Outlook
TreeSize Free V2.1
Trend Micro OfficeScan Client
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Veoh Web Player Beta
VideoLAN VLC media player 0.8.6b
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
VNC Free Edition 4.1.2
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2009-03-13 08:41:18, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
2009-03-13 08:39:48, error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016.
2009-03-13 08:35:27, error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:35:27, error: Service Control Manager [7031] - The Hansoft Project Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2009-03-13 08:35:27, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:35:27, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:35:27, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:35:27, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-03-13 08:35:27, error: Service Control Manager [7034] - The Intel PDS service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:35:27, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:23:42, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:23:31, error: Service Control Manager [7034] - The OfficeScanNT RealTime Scan service terminated unexpectedly. It has done this 5 time(s).
2009-03-13 08:22:19, error: Service Control Manager [7034] - The OfficeScan NT Listener service terminated unexpectedly. It has done this 4 time(s).
2009-03-13 08:22:14, error: Service Control Manager [7034] - The OfficeScanNT RealTime Scan service terminated unexpectedly. It has done this 4 time(s).
2009-03-13 08:20:58, error: Service Control Manager [7034] - The LANDesk® Software Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:20:37, error: Service Control Manager [7034] - The LANDesk® Extended device discovery service service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:20:23, error: Service Control Manager [7034] - The LANDesk Remote Control Service service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:20:12, error: Service Control Manager [7034] - The Intel Local Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:19:58, error: Service Control Manager [7034] - The LANDesk® Management Agent service terminated unexpectedly. It has done this 1 time(s).
2009-03-13 08:19:05, error: Service Control Manager [7034] - The OfficeScanNT RealTime Scan service terminated unexpectedly. It has done this 3 time(s).
2009-03-13 08:18:07, error: Service Control Manager [7034] - The OfficeScan NT Listener service terminated unexpectedly. It has done this 3 time(s).
2009-03-13 08:17:54, error: Service Control Manager [7034] - The OfficeScanNT RealTime Scan service terminated unexpectedly. It has done this 2 time(s).
2009-03-13 08:16:12, error: Service Control Manager [7034] - The OfficeScan NT Listener service terminated unexpectedly. It has done this 2 time(s).
2009-03-13 08:15:32, error: Service Control Manager [7034] - The OfficeScanNT RealTime Scan service terminated unexpectedly. It has done this 1 time(s).
2009-03-17 07:23:40, error: TermServDevices [1111] - Driver HP LaserJet 5200 PS required for printer !!mtlfps01!mtl-prn-07 (LJ5200) PS3 is unknown. Contact the administrator to install the driver before you log in again.

==== End Of File ===========================

[AdvancedSetup]

Sorry for the delay. I had some business to attend to.

If you still need help let me know, otherwise I'll be closing your post soon.

[AdvancedSetup]

Please post a status update. Will close post soon.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.