Jump to content

virusproblem001

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Reputation

0 Neutral
  1. So I reinstalled VirusScan, and it is now starting up on reboot and has returned to the system tray. I THINK that the problem may be resolved. Thank you so much for the assistance...hopefully this case will also be able to help assisting the many other people that are being afflicted by a similar problem recently.
  2. In case this may help identify a problem, I've attached a screenshot of task manager before and after rebooting, when my VirusScan wouldn't start up.
  3. The script 5.7 already had a newer version installed, but i was able to install the other update. Within VirusScan, the option "enable on-access scanning at system startup" is checked so it should be loading up, but isn't. I'll try reinstalling the program, perhaps with the virus, it got corrupted at some point, as it doesn't appear that any scanners are picking up anything suspicious now.
  4. GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-21 14:42:05 Windows 5.1.2600 Service Pack 3 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 nipbcfk.sys (NI PCI Bridge Class Filter/National Instruments Corporation) ---- EOF - GMER 1.0.14 ----
  5. Continuing problem is that VirusScan On-Access Scanner continues to be disabled on startup, and I also noticed that the VirusScan Enterprise should normally be loading up in the system tray, which it is not. Is this the virus or perhaps a setting I need to restore from the previous set of steps I have taken?
  6. After another reboot, a mbam scan again showed no findings, and here is the HJT log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:30:55 PM, on 1/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\lkcitdl.exe F:\WINDOWS\system32\lkads.exe F:\WINDOWS\system32\lktsrv.exe F:\Program Files\Network Associates\Common Framework\FrameworkService.exe F:\Program Files\Network Associates\VirusScan\vstskmgr.exe F:\WINDOWS\Explorer.EXE F:\Program Files\National Instruments\MAX\nimxs.exe F:\WINDOWS\system32\nipalsm.exe F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe F:\WINDOWS\system32\nisvcloc.exe F:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe F:\WINDOWS\system32\HPZipm12.exe f:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe F:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\stunnel\stunnel.exe F:\WINDOWS\system32\nipalsm.exe F:\WINDOWS\system32\wuauclt.exe F:\WINDOWS\system32\wscntfy.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll (file missing) O4 - HKLM\..\Run: [niDevMon] F:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147969174935 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - F:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - F:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - F:\WINDOWS\system32\lktsrv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - F:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - F:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - F:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - F:\WINDOWS\system32\nipalsm.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - F:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - F:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - F:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - F:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe O23 - Service: stunnel - Unknown owner - F:\Program Files\stunnel\stunnel.exe -- End of file - 5490 bytes
  7. Malwarebytes' Anti-Malware 1.33 Database version: 1673 Windows 5.1.2600 Service Pack 3 1/20/2009 4:25:01 PM mbam-log-2009-01-20 (16-25-01).txt Scan type: Quick Scan Objects scanned: 53202 Time elapsed: 2 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. ComboFix 09-01-19.05 - gyrotron 2009-01-20 16:16:05.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.680 [GMT -5:00] Running from: f:\documents and settings\gyrotron\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 ))))))))))))))))))))))))))))))) . 2009-01-20 11:06 . 2009-01-20 11:06 <DIR> d-------- f:\program files\CCleaner 2009-01-16 11:35 . 2009-01-16 11:35 <DIR> d-------- f:\program files\Malwarebytes' Anti-Malware 2009-01-16 11:35 . 2009-01-16 11:35 <DIR> d-------- f:\documents and settings\gyrotron\Application Data\Malwarebytes 2009-01-16 11:35 . 2009-01-16 11:35 <DIR> d-------- f:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-16 11:35 . 2009-01-14 16:11 38,496 --a------ f:\windows\system32\drivers\mbamswissarmy.sys 2009-01-16 11:35 . 2009-01-14 16:11 15,504 --a------ f:\windows\system32\drivers\mbam.sys 2009-01-16 10:47 . 2009-01-16 10:47 41,984 --a------ f:\windows\system32\chert5-998.exe 2009-01-15 17:07 . 2009-01-15 17:07 <DIR> d-------- f:\program files\Trend Micro 2009-01-15 16:12 . 2009-01-15 15:57 <DIR> d-------- f:\documents and settings\gyrotron\Application Data\HouseCall 6.6 2009-01-15 15:57 . 2009-01-15 16:03 <DIR> d-------- f:\documents and settings\gyrotron\.housecall6.6 2009-01-15 15:57 . 2009-01-15 15:57 102,664 --a------ f:\windows\system32\drivers\tmcomm.sys 2009-01-14 05:08 . 2009-01-14 05:08 24,064 --a------ f:\windows\system32\pcload.exe 2009-01-13 17:03 . 2009-01-16 14:06 <DIR> d-------- f:\documents and settings\All Users\Application Data\avg8 2009-01-13 16:37 . 2009-01-16 14:26 1,104 --a------ f:\windows\olocxhrn 2009-01-12 15:09 . 2006-06-03 21:29 48,640 --a------ f:\windows\system32\hpzll4pi.dll 2009-01-12 15:08 . 1998-10-29 16:45 306,688 --a------ f:\windows\IsUninst.exe 2009-01-12 15:08 . 2006-03-03 21:03 282,680 --a------ f:\windows\system32\HPZidr12.dll 2009-01-12 15:08 . 2006-03-03 21:02 204,800 --a------ f:\windows\system32\HPZipr12.dll 2009-01-12 15:08 . 2006-03-03 21:02 94,208 --a------ f:\windows\system32\HPZipt12.dll 2009-01-12 15:08 . 2006-03-03 21:03 69,632 --a------ f:\windows\system32\HPZipm12.exe 2009-01-12 15:08 . 2006-03-03 21:03 65,536 --a------ f:\windows\system32\HPZinw12.exe 2009-01-12 15:08 . 2006-03-03 21:02 57,344 --a------ f:\windows\system32\HPZisn12.dll 2009-01-12 15:04 . 2009-01-12 15:10 123,131 --a------ f:\windows\HPHins12.dat 2009-01-12 15:04 . 2006-05-16 15:25 77,824 --a------ f:\windows\system32\hpzids01.dll 2009-01-12 15:04 . 2006-07-17 14:39 14,916 --------- f:\windows\hphmdl12.dat 2009-01-12 14:40 . 2009-01-12 14:40 <DIR> d-------- f:\windows\Downloaded Installations 2009-01-12 14:40 . 2009-01-12 15:08 <DIR> d-------- f:\program files\HP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 16:37 --------- d--h--w f:\program files\InstallShield Installation Information 2009-01-14 16:37 --------- d-----w f:\program files\Common Files\InstallShield 2009-01-14 16:37 --------- d-----w f:\program files\Andor iStar 2008-12-11 10:57 333,952 ----a-w f:\windows\system32\drivers\srv.sys 2008-10-23 12:36 286,720 ----a-w f:\windows\system32\gdi32.dll 2004-03-15 21:51 114,688 -c--a-w f:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2003-05-01 13:36 114,688 -c--a-w f:\program files\internet explorer\plugins\LV7ActiveXControl.dll 2006-01-23 14:32 131,072 -c--a-w f:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 14:48 133,920 ----a-w f:\program files\internet explorer\plugins\LV82ActiveXControl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "niDevMon"="f:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-02-24 92960] "Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] f:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 nipbcfk;National Instruments Class Upper Filter Driver;f:\windows\system32\drivers\nipbcfk.sys [2007-02-15 15136] R1 NaiAvTdi1;NaiAvTdi1;f:\windows\system32\drivers\mvstdi5x.sys [2006-05-18 58464] R3 nidimk;nidimk;f:\windows\system32\drivers\nidimkl.sys [2007-02-21 11552] R3 nimru2k;nimru2k;f:\windows\system32\drivers\nimru2kl.sys [2007-02-21 11552] R3 nimstsk;nimstsk;f:\windows\system32\drivers\nimstskl.sys [2007-02-25 11552] R4 ni488enumsvc;NI-488.2 Enumeration Service;f:\windows\system32\nipalsm.exe [2007-02-16 12696] R4 nidevldu;NI Device Loader;f:\windows\system32\nipalsm.exe [2007-02-16 12696] R4 nipxirmk;nipxirmk;f:\windows\system32\drivers\nipxirmkl.sys [2007-02-22 11552] R4 NiViPxiK;NI-VISA PXI Driver;f:\windows\system32\drivers\NiViPxiKl.sys [2007-02-23 11552] S3 gpibprtk;gpibprtk;f:\windows\system32\drivers\gpibprtk.sys [2007-08-30 215840] S3 lvalarmk;lvalarmk;f:\windows\system32\drivers\lvalarmk.sys [2007-01-11 20256] S3 MBAMSwissArmy;MBAMSwissArmy;f:\windows\system32\drivers\mbamswissarmy.sys [2009-01-16 38496] S3 ni1006k;NI PXI-1006 Chassis Pilot;f:\windows\system32\drivers\ni1006k.sys [2007-02-22 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;f:\windows\system32\drivers\ni1045kl.sys [2007-02-22 11552] S3 ni488lock;NI-488.2 Locking Service;f:\windows\system32\drivers\ni488lock.sys [2007-02-26 16672] S3 nicdrk;nicdrk;f:\windows\system32\drivers\nicdrkl.sys [2007-02-22 11552] S3 nidmxfk;nidmxfk;f:\windows\system32\drivers\nidmxfkl.sys [2007-02-25 11552] S3 nidsark;nidsark;f:\windows\system32\drivers\nidsarkl.sys [2007-02-23 11552] S3 niemrk;niemrk;f:\windows\system32\drivers\niemrkl.sys [2007-02-25 11552] S3 niesrk;niesrk;f:\windows\system32\drivers\niesrkl.sys [2007-02-25 11552] S3 nifslk;nifslk;f:\windows\system32\drivers\nifslkl.sys [2007-02-22 11552] S3 nimsdrk;nimsdrk;f:\windows\system32\drivers\nimsdrkl.sys [2007-02-25 11552] S3 nimslk;nimslk;f:\windows\system32\drivers\nimslk.dll [2006-12-18 14464] S3 nimsrlk;nimsrlk;f:\windows\system32\drivers\nimsrlk.dll [2006-12-18 151683] S3 nimxpk;nimxpk;f:\windows\system32\drivers\nimxpkl.sys [2007-02-22 11552] S3 ninshsdk;ninshsdk;f:\windows\system32\drivers\ninshsdkl.sys [2007-02-23 11552] S3 nipalfwedl;nipalfwedl;f:\windows\system32\drivers\nipalfwedl.sys [2007-02-15 11552] S3 nipalusb;NI-PAL USB Driver;f:\windows\system32\drivers\nipalusb.sys [2007-02-15 10528] S3 nipalusbedl;nipalusbedl;f:\windows\system32\drivers\nipalusbedl.sys [2007-02-15 11552] S3 nipxigpk;NI PXI Generic Chassis Pilot;f:\windows\system32\drivers\nipxigpk.sys [2007-02-22 20768] S3 niscdk;niscdk;f:\windows\system32\drivers\niscdkl.sys [2007-02-26 11552] S3 nisdigk;nisdigk;f:\windows\system32\drivers\nisdigkl.sys [2007-02-25 11552] S3 nisftk;nisftk;f:\windows\system32\drivers\nisftkl.sys [2007-02-23 11552] S3 nismbusk;nismbusk;f:\windows\system32\drivers\nismbusk.sys [2007-02-22 86304] S3 nispdk;nispdk;f:\windows\system32\drivers\nispdkl.sys [2007-02-26 11552] S3 nissrk;nissrk;f:\windows\system32\drivers\nissrkl.sys [2007-02-25 11552] S3 nistc2k;nistc2k;f:\windows\system32\drivers\nistc2kl.sys [2007-02-22 11552] S3 nistcrk;nistcrk;f:\windows\system32\drivers\nistcrkl.sys [2007-02-23 11552] S3 niswdk;niswdk;f:\windows\system32\drivers\niswdkl.sys [2007-02-23 11552] S3 nitiork;nitiork;f:\windows\system32\drivers\nitiorkl.sys [2007-02-23 11552] S3 NiViFWK;NI-VISA FireWire Driver;f:\windows\system32\drivers\NiViFWKl.sys [2007-02-22 11552] S3 NiViPciK;NI-VISA PCI Driver;f:\windows\system32\drivers\NiViPciKl.sys [2007-02-23 11552] S3 niwfrk;niwfrk;f:\windows\system32\drivers\niwfrkl.sys [2007-02-25 11552] S3 nixsrk;nixsrk;f:\windows\system32\drivers\nixsrkl.sys [2007-02-25 11552] S3 usb6xxxk;usb6xxxk;f:\windows\system32\drivers\usb6xxxk.sys [2007-02-25 27936] --- Other Services/Drivers In Memory --- *NewlyCreated* - NIPALK . . ------- Supplementary Scan ------- . uStart Page = hxxp://web.mit.edu/ IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab FF - ProfilePath - f:\documents and settings\gyrotron\Application Data\Mozilla\Firefox\Profiles\wawlxq1h.default\ FF - plugin: f:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll FF - plugin: f:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 16:16:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-20 16:17:50 ComboFix-quarantined-files.txt 2009-01-20 21:17:48 ComboFix2.txt 2009-01-20 21:08:21 Pre-Run: 218,662,838,272 bytes free Post-Run: 218,651,971,584 bytes free 141 --- E O F --- 2009-01-20 16:58:08
  9. ComboFix 09-01-19.05 - gyrotron 2009-01-20 16:03:50.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.483 [GMT -5:00] Running from: f:\documents and settings\gyrotron\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . f:\windows\Tasks\yhhpujxz.job . ((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 ))))))))))))))))))))))))))))))) . 2009-01-20 11:06 . 2009-01-20 11:06 <DIR> d-------- f:\program files\CCleaner 2009-01-16 11:35 . 2009-01-16 11:35 <DIR> d-------- f:\program files\Malwarebytes' Anti-Malware 2009-01-16 11:35 . 2009-01-16 11:35 <DIR> d-------- f:\documents and settings\gyrotron\Application Data\Malwarebytes 2009-01-16 11:35 . 2009-01-16 11:35 <DIR> d-------- f:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-16 11:35 . 2009-01-14 16:11 38,496 --a------ f:\windows\system32\drivers\mbamswissarmy.sys 2009-01-16 11:35 . 2009-01-14 16:11 15,504 --a------ f:\windows\system32\drivers\mbam.sys 2009-01-16 10:47 . 2009-01-16 10:47 41,984 --a------ f:\windows\system32\chert5-998.exe 2009-01-15 17:07 . 2009-01-15 17:07 <DIR> d-------- f:\program files\Trend Micro 2009-01-15 16:12 . 2009-01-15 15:57 <DIR> d-------- f:\documents and settings\gyrotron\Application Data\HouseCall 6.6 2009-01-15 15:57 . 2009-01-15 16:03 <DIR> d-------- f:\documents and settings\gyrotron\.housecall6.6 2009-01-15 15:57 . 2009-01-15 15:57 102,664 --a------ f:\windows\system32\drivers\tmcomm.sys 2009-01-14 05:08 . 2009-01-14 05:08 24,064 --a------ f:\windows\system32\pcload.exe 2009-01-13 17:03 . 2009-01-16 14:06 <DIR> d-------- f:\documents and settings\All Users\Application Data\avg8 2009-01-13 16:37 . 2009-01-16 14:26 1,104 --a------ f:\windows\olocxhrn 2009-01-12 15:09 . 2006-06-03 21:29 48,640 --a------ f:\windows\system32\hpzll4pi.dll 2009-01-12 15:08 . 1998-10-29 16:45 306,688 --a------ f:\windows\IsUninst.exe 2009-01-12 15:08 . 2006-03-03 21:03 282,680 --a------ f:\windows\system32\HPZidr12.dll 2009-01-12 15:08 . 2006-03-03 21:02 204,800 --a------ f:\windows\system32\HPZipr12.dll 2009-01-12 15:08 . 2006-03-03 21:02 94,208 --a------ f:\windows\system32\HPZipt12.dll 2009-01-12 15:08 . 2006-03-03 21:03 69,632 --a------ f:\windows\system32\HPZipm12.exe 2009-01-12 15:08 . 2006-03-03 21:03 65,536 --a------ f:\windows\system32\HPZinw12.exe 2009-01-12 15:08 . 2006-03-03 21:02 57,344 --a------ f:\windows\system32\HPZisn12.dll 2009-01-12 15:04 . 2009-01-12 15:10 123,131 --a------ f:\windows\HPHins12.dat 2009-01-12 15:04 . 2006-05-16 15:25 77,824 --a------ f:\windows\system32\hpzids01.dll 2009-01-12 15:04 . 2006-07-17 14:39 14,916 --------- f:\windows\hphmdl12.dat 2009-01-12 14:40 . 2009-01-12 14:40 <DIR> d-------- f:\windows\Downloaded Installations 2009-01-12 14:40 . 2009-01-12 15:08 <DIR> d-------- f:\program files\HP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 16:37 --------- d--h--w f:\program files\InstallShield Installation Information 2009-01-14 16:37 --------- d-----w f:\program files\Common Files\InstallShield 2009-01-14 16:37 --------- d-----w f:\program files\Andor iStar 2008-12-11 10:57 333,952 ----a-w f:\windows\system32\drivers\srv.sys 2004-03-15 21:51 114,688 -c--a-w f:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2003-05-01 13:36 114,688 -c--a-w f:\program files\internet explorer\plugins\LV7ActiveXControl.dll 2006-01-23 14:32 131,072 -c--a-w f:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 14:48 133,920 ----a-w f:\program files\internet explorer\plugins\LV82ActiveXControl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "niDevMon"="f:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-02-24 92960] "Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] f:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 nipbcfk;National Instruments Class Upper Filter Driver;f:\windows\system32\drivers\nipbcfk.sys [2007-02-15 15136] R1 NaiAvTdi1;NaiAvTdi1;f:\windows\system32\drivers\mvstdi5x.sys [2006-05-18 58464] R3 nidimk;nidimk;f:\windows\system32\drivers\nidimkl.sys [2007-02-21 11552] R3 nimru2k;nimru2k;f:\windows\system32\drivers\nimru2kl.sys [2007-02-21 11552] R3 nimstsk;nimstsk;f:\windows\system32\drivers\nimstskl.sys [2007-02-25 11552] R4 ni488enumsvc;NI-488.2 Enumeration Service;f:\windows\system32\nipalsm.exe [2007-02-16 12696] R4 nidevldu;NI Device Loader;f:\windows\system32\nipalsm.exe [2007-02-16 12696] R4 nipxirmk;nipxirmk;f:\windows\system32\drivers\nipxirmkl.sys [2007-02-22 11552] R4 NiViPxiK;NI-VISA PXI Driver;f:\windows\system32\drivers\NiViPxiKl.sys [2007-02-23 11552] S3 gpibprtk;gpibprtk;f:\windows\system32\drivers\gpibprtk.sys [2007-08-30 215840] S3 lvalarmk;lvalarmk;f:\windows\system32\drivers\lvalarmk.sys [2007-01-11 20256] S3 MBAMSwissArmy;MBAMSwissArmy;f:\windows\system32\drivers\mbamswissarmy.sys [2009-01-16 38496] S3 ni1006k;NI PXI-1006 Chassis Pilot;f:\windows\system32\drivers\ni1006k.sys [2007-02-22 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;f:\windows\system32\drivers\ni1045kl.sys [2007-02-22 11552] S3 ni488lock;NI-488.2 Locking Service;f:\windows\system32\drivers\ni488lock.sys [2007-02-26 16672] S3 nicdrk;nicdrk;f:\windows\system32\drivers\nicdrkl.sys [2007-02-22 11552] S3 nidmxfk;nidmxfk;f:\windows\system32\drivers\nidmxfkl.sys [2007-02-25 11552] S3 nidsark;nidsark;f:\windows\system32\drivers\nidsarkl.sys [2007-02-23 11552] S3 niemrk;niemrk;f:\windows\system32\drivers\niemrkl.sys [2007-02-25 11552] S3 niesrk;niesrk;f:\windows\system32\drivers\niesrkl.sys [2007-02-25 11552] S3 nifslk;nifslk;f:\windows\system32\drivers\nifslkl.sys [2007-02-22 11552] S3 nimsdrk;nimsdrk;f:\windows\system32\drivers\nimsdrkl.sys [2007-02-25 11552] S3 nimslk;nimslk;f:\windows\system32\drivers\nimslk.dll [2006-12-18 14464] S3 nimsrlk;nimsrlk;f:\windows\system32\drivers\nimsrlk.dll [2006-12-18 151683] S3 nimxpk;nimxpk;f:\windows\system32\drivers\nimxpkl.sys [2007-02-22 11552] S3 ninshsdk;ninshsdk;f:\windows\system32\drivers\ninshsdkl.sys [2007-02-23 11552] S3 nipalfwedl;nipalfwedl;f:\windows\system32\drivers\nipalfwedl.sys [2007-02-15 11552] S3 nipalusb;NI-PAL USB Driver;f:\windows\system32\drivers\nipalusb.sys [2007-02-15 10528] S3 nipalusbedl;nipalusbedl;f:\windows\system32\drivers\nipalusbedl.sys [2007-02-15 11552] S3 nipxigpk;NI PXI Generic Chassis Pilot;f:\windows\system32\drivers\nipxigpk.sys [2007-02-22 20768] S3 niscdk;niscdk;f:\windows\system32\drivers\niscdkl.sys [2007-02-26 11552] S3 nisdigk;nisdigk;f:\windows\system32\drivers\nisdigkl.sys [2007-02-25 11552] S3 nisftk;nisftk;f:\windows\system32\drivers\nisftkl.sys [2007-02-23 11552] S3 nismbusk;nismbusk;f:\windows\system32\drivers\nismbusk.sys [2007-02-22 86304] S3 nispdk;nispdk;f:\windows\system32\drivers\nispdkl.sys [2007-02-26 11552] S3 nissrk;nissrk;f:\windows\system32\drivers\nissrkl.sys [2007-02-25 11552] S3 nistc2k;nistc2k;f:\windows\system32\drivers\nistc2kl.sys [2007-02-22 11552] S3 nistcrk;nistcrk;f:\windows\system32\drivers\nistcrkl.sys [2007-02-23 11552] S3 niswdk;niswdk;f:\windows\system32\drivers\niswdkl.sys [2007-02-23 11552] S3 nitiork;nitiork;f:\windows\system32\drivers\nitiorkl.sys [2007-02-23 11552] S3 NiViFWK;NI-VISA FireWire Driver;f:\windows\system32\drivers\NiViFWKl.sys [2007-02-22 11552] S3 NiViPciK;NI-VISA PCI Driver;f:\windows\system32\drivers\NiViPciKl.sys [2007-02-23 11552] S3 niwfrk;niwfrk;f:\windows\system32\drivers\niwfrkl.sys [2007-02-25 11552] S3 nixsrk;nixsrk;f:\windows\system32\drivers\nixsrkl.sys [2007-02-25 11552] S3 usb6xxxk;usb6xxxk;f:\windows\system32\drivers\usb6xxxk.sys [2007-02-25 27936] --- Other Services/Drivers In Memory --- *NewlyCreated* - NIPALK . . ------- Supplementary Scan ------- . uStart Page = hxxp://web.mit.edu/ IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab FF - ProfilePath - f:\documents and settings\gyrotron\Application Data\Mozilla\Firefox\Profiles\wawlxq1h.default\ FF - plugin: f:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll FF - plugin: f:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 16:06:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . f:\windows\system32\lkads.exe f:\windows\system32\lktsrv.exe f:\program files\Network Associates\Common Framework\FrameworkService.exe f:\program files\Network Associates\VirusScan\vstskmgr.exe f:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe f:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe f:\program files\National Instruments\MAX\nimxs.exe f:\program files\National Instruments\Shared\Security\nidmsrv.exe f:\windows\system32\nisvcloc.exe f:\program files\National Instruments\Shared\Tagger\tagsrv.exe f:\windows\system32\HPZipm12.exe f:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe f:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe f:\program files\stunnel\stunnel.exe f:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-01-20 16:08:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-20 21:08:17 ComboFix2.txt 2009-01-20 16:29:32 Pre-Run: 218,573,463,552 bytes free Post-Run: 218,585,108,480 bytes free 166 --- E O F --- 2009-01-20 16:58:08
  10. Again, the virusscan was turned on prior to rebooting, and after the reboot by combofix, it was turned off. Logs to follow.
  11. One other thing, and hopefully it's not a sign of continued trouble. I enabled my virusscan enterprise on-access scanner prior to installing the windows update, which of course forced me to reboot. After the reboot, I got the security center bubble that my virusscan enterprise was turned off....does this mean that there is still remnants of the virus or was it just the program not saving the setting? I will run MBAM and HJT again now to see if they find anything now that it is up to date.
  12. After completion of all these steps, I was able to update MBAM, and was also prompted to install the latest windows update.
  13. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:48 AM, on 1/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\ctfmon.exe F:\WINDOWS\system32\lkcitdl.exe F:\WINDOWS\system32\lkads.exe F:\WINDOWS\system32\lktsrv.exe F:\Program Files\Network Associates\Common Framework\FrameworkService.exe F:\Program Files\Network Associates\VirusScan\vstskmgr.exe F:\Program Files\National Instruments\MAX\nimxs.exe F:\WINDOWS\system32\nipalsm.exe F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe F:\WINDOWS\system32\nisvcloc.exe F:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe F:\WINDOWS\system32\HPZipm12.exe f:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe F:\Program Files\stunnel\stunnel.exe F:\WINDOWS\system32\nipalsm.exe F:\WINDOWS\system32\wscntfy.exe F:\WINDOWS\system32\wuauclt.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll (file missing) O4 - HKLM\..\Run: [niDevMon] F:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147969174935 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - F:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - F:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - F:\WINDOWS\system32\lktsrv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - F:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - F:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - F:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - F:\WINDOWS\system32\nipalsm.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - F:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - F:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - F:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - F:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe O23 - Service: stunnel - Unknown owner - F:\Program Files\stunnel\stunnel.exe -- End of file - 5413 bytes
  14. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-01-18.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/18/2006 12:03:42 PM System Uptime: 1/20/2009 11:41:35 AM (0 hours ago) Motherboard: Dell Computer Corp. | | 0W2562 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 112 GiB total, 63.569 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 233 GiB total, 203.632 GiB free. G: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: Description: Other PCI Bridge Device Device ID: PCI\VEN_12FC&DEV_5CEC&SUBSYS_905010B5&REV_01\4&1C660DD6&0&08F0 Manufacturer: Name: Other PCI Bridge Device PNP Device ID: PCI\VEN_12FC&DEV_5CEC&SUBSYS_905010B5&REV_01\4&1C660DD6&0&08F0 Service: Class GUID: Description: Multimedia Audio Controller Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01571028&REV_02\3&172E68DD&0&FD Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01571028&REV_02\3&172E68DD&0&FD Service: ==== System Restore Points =================== RP1: 1/20/2009 10:58:58 AM - System Checkpoint ==== Installed Programs ====================== ActiveDSO Adobe Flash Player 10 ActiveX Adobe Reader 8.1.1 BufferChm CCleaner (remove only) CutePDF Writer 2.7 DeviceManagementQFolder GDR 3068 for SQL Server Database Services 2005 ENU (KB948109) GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109) GPL Ghostscript 8.60 GPL Ghostscript Fonts GSview 4.9 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) HouseCall 6.6 HP Imaging Device Functions 7.0 HP Photosmart and Deskjet 7.0 Software HP Product Detection hph_software_req Intel® PRO Network Adapters and Drivers Malwarebytes' Anti-Malware MATLAB R2007a McAfee VirusScan Enterprise Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft MSDN 2005 Express Edition - ENU Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual Basic 2005 Express Edition - ENU Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.5) MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) National Instruments Software NI-488.2 2.5 NI-488.2 Provider for MAX NI-653x Installer 1.6.0 NI-APAL Error Files 1.2.0f0 NI-DAQ C and VB6 API NI-DAQ Document Set NI-DAQ INF Files NI-DAQmx - LabVIEW shared documentation NI-DAQmx 8.5 NI-DAQmx Documentation NI-DAQmx MAX Support 1.8.0 NI-DAQmx OPC Support NI-DAQmx support for LabVIEW NI-DAQmx Switch Core 1.11.0 NI-DIM 1.6.0f0 NI-IVI Provider for MAX NI-MDBG 1.6.0f0 NI-MRU 2.7.0f0 NI-MXDF 1.7.0f0 NI-ORB 1.6.0f0 NI-PAL 2.0.0f0 NI-RPC 3.1.1f0 for PharLap NI-RPC 3.2.1f0 for Phar Lap ETS NI-RPC 3.3.1f0 NI-RPC 3.3.1f0 for Phar Lap ETS NI-VISA 4.1 NI-VISA 4.1 MAX Provider NI-VISA Runtime 4.1 NI-VISA Server 4.1 NI AFW Channel Configuration Tool NI Assistant Framework NI Assistant Framework LabVIEW Code Generator 6.1 NI Assistant Framework LabVIEW Code Generator 7.0 NI Assistant Framework LabVIEW Code Generator 7.1 NI Assistant Framework LabVIEW Code Generator 8.0 NI Assistant Framework LabVIEW Code Generator 8.2 NI Calibration Provider for MAX NI Certificates Deployment Support NI Common Digital 1.7.0 NI DAQ Assistant 1.6.0 NI DataSocket 4.3.0 NI DN 2.0 installer NI Dynamic Signal Acquisition Installer 1.9.0 NI EULA Depot NI Example Finder 8.0 NI ExpressWorkbench 2.0 NI ExpressWorkbench 2.0 LabVIEW Support NI Fusion Standard Library Installer 1.5.0 NI Help Assistant NI Instrument I/O Assistant NI Instrument IO Assistant for LabVIEW 8.0 NI IVI Class Driver LabVIEW 8.0 Support NI IVI Class Drivers NI IVI Class Simulation Drivers NI IVI Compliance Package 3.0 NI IVI Engine NI IVI lcltxxxx Driver NI IVI Specific Drivers NI LabVIEW 8.0 NI LabVIEW 8.0 Activity NI LabVIEW 8.0 Applibs NI LabVIEW 8.0 CINtools NI LabVIEW 8.0 Device Detection and Deployment Support NI LabVIEW 8.0 Examples NI LabVIEW 8.0 gMath NI LabVIEW 8.0 Help NI LabVIEW 8.0 Help File NI LabVIEW 8.0 iMath NI LabVIEW 8.0 Instr.lib NI LabVIEW 8.0 Manuals NI LabVIEW 8.0 MeasAppChm File NI LabVIEW 8.0 Menus NI LabVIEW 8.0 Project NI LabVIEW 8.0 Resource NI LabVIEW 8.0 Simulation NI LabVIEW 8.0 Templates NI LabVIEW 8.0 User.lib NI LabVIEW 8.0 VI.lib NI LabVIEW 8.0 WWW NI LabVIEW Broker NI LabVIEW C Interface NI LabVIEW Deployable License 8.0 NI LabVIEW MAX XML NI LabVIEW Real-Time Error Dialog NI LabVIEW Real-Time FIFO for Runtime NI LabVIEW Run-Time Engine 7.0 NI LabVIEW Run-Time Engine 7.1.1 NI LabVIEW Run-Time Engine 8.0.1 NI LabVIEW Run-Time Engine 8.2.1 NI LabVIEW SignalExpress 2.0 NI LabVIEW SignalExpress 2.0 Licenses NI LabWindows/CVI 7.0 Code Generator NI LabWindows/CVI 8.1 Run-Time Engine NI LabWindows/CVI Code Generator NI Legacy DAQmxRF NI License Manager NI Logos 4.7 NI Logos LabVIEW 8.0 Support NI LVBrokerAux 8.2.1 NI LVBrokerAux1071 NI LVBrokerAux70 NI LVBrokerAux71 NI LVBrokerAux8.0 NI Math Kernel Libraries NI MAX LabVIEW Support NI MDF Support NI Measurement & Automation Explorer 4.2.1 NI Measurement Studio 8.1 Enterprise RunTime for VS2005 NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 1.1 NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0 NI Measurement Studio Recipe Processor NI Measurements eXtensions for PAL 1.6.0 NI MIO Device Drivers 1.12.0 NI MXS NI OPC Support NI Portable Configuration NI PXI Platform Services for Windows 2.3.0 NI PXI Platform Services Provider for MAX 2.3.0 NI Registration Wizard NI Remote Provider for MAX NI Remote PXI Provider for MAX NI SCXI 1.8.0 NI Service Locator NI SignalExpress 2.0 Datatypes NI SignalExpress 2.0 LabVIEW Support NI SignalExpress 2.0 Tools NI SignalExpress 2.0.0 Steps NI Software Provider for MAX NI Sound and Vibration Frequency Analysis 5.0 NI Spy 2.5.0 NI STC 1.2.0 NI TDMS NI Timing Installer 1.9.0 NI Uninstaller NI USI 1.2.0 NI Variable Engine NI Variable Engine LabVIEW 8.0 Support NI Variable Manager NI VC2005MSMs x86 NI Web Pipeline Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) stunnel Toolbox Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) VirtualCloneDrive WebFldrs XP Windows Defender Signatures Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool Windows Internet Explorer 7 Windows XP Service Pack 3 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 1/14/2009 11:35:26 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 1/14/2009 11:33:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: olocxhrn PCIIde 1/13/2009 9:05:12 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 1/13/2009 4:32:20 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). 1/14/2009 4:13:10 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 1/14/2009 4:13:10 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). 1/20/2009 10:58:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde 1/20/2009 11:42:08 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume. 1/14/2009 11:35:00 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file userinit.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. ==== End Of File ===========================
  15. DDS (Ver_09-01-18.01) - NTFSx86 Run by gyrotron at 11:45:59.82 on Tue 01/20/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.665 [GMT -5:00] ============== Running Processes =============== F:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe F:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe F:\WINDOWS\system32\ctfmon.exe F:\WINDOWS\system32\lkcitdl.exe F:\WINDOWS\system32\lkads.exe F:\WINDOWS\system32\lktsrv.exe F:\Program Files\Network Associates\Common Framework\FrameworkService.exe F:\Program Files\Network Associates\VirusScan\vstskmgr.exe F:\Program Files\National Instruments\MAX\nimxs.exe F:\WINDOWS\system32\nipalsm.exe F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe F:\WINDOWS\system32\nisvcloc.exe F:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe F:\WINDOWS\system32\HPZipm12.exe f:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe F:\Program Files\stunnel\stunnel.exe F:\WINDOWS\system32\nipalsm.exe F:\WINDOWS\system32\wuauclt.exe F:\WINDOWS\system32\wscntfy.exe F:\WINDOWS\system32\wuauclt.exe F:\Documents and Settings\gyrotron\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://web.mit.edu/ BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg8\avgssie.dll uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe mRun: [niDevMon] f:\program files\national instruments\ni-daq\hwconfig\nidevmon.exe mRun: [Adobe Reader Speed Launcher] "f:\program files\adobe\reader 8.0\reader\Reader_sl.exe" StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office10\OSA.EXE dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe LSA: Authentication Packages = msv1_0 f:\windows\system32\ljJBUKbc ================= FIREFOX =================== FF - ProfilePath - f:\docume~1\gyrotron\applic~1\mozilla\firefox\profiles\wawlxq1h.default\ FF - plugin: f:\program files\mozilla firefox\plugins\NPLV80Win32.dll FF - plugin: f:\program files\mozilla firefox\plugins\NPLV82Win32.dll ============= SERVICES / DRIVERS =============== R0 nipbcfk;National Instruments Class Upper Filter Driver;f:\windows\system32\drivers\nipbcfk.sys [2007-2-15 15136] R1 NaiAvTdi1;NaiAvTdi1;f:\windows\system32\drivers\mvstdi5x.sys [2006-5-18 58464] R3 nidimk;nidimk;f:\windows\system32\drivers\nidimkl.sys [2007-2-21 11552] R3 nimru2k;nimru2k;f:\windows\system32\drivers\nimru2kl.sys [2007-2-21 11552] R3 nimstsk;nimstsk;f:\windows\system32\drivers\nimstskl.sys [2007-2-25 11552] R4 McAfeeFramework;McAfee Framework Service;f:\program files\network associates\common framework\FrameworkService.exe [2006-5-18 102463] R4 McTaskManager;Network Associates Task Manager;f:\program files\network associates\virusscan\vstskmgr.exe [2005-8-22 29184] R4 ni488enumsvc;NI-488.2 Enumeration Service;f:\windows\system32\nipalsm.exe [2007-2-16 12696] R4 nidevldu;NI Device Loader;f:\windows\system32\nipalsm.exe [2007-2-16 12696] R4 nipxirmk;nipxirmk;f:\windows\system32\drivers\nipxirmkl.sys [2007-2-22 11552] R4 NiViPxiK;NI-VISA PXI Driver;f:\windows\system32\drivers\NiViPxiKl.sys [2007-2-23 11552] S3 gpibprtk;gpibprtk;f:\windows\system32\drivers\gpibprtk.sys [2007-8-30 215840] S3 lvalarmk;lvalarmk;f:\windows\system32\drivers\lvalarmk.sys [2007-1-11 20256] S3 McShield;Network Associates McShield;f:\program files\network associates\virusscan\mcshield.exe [2005-8-22 221191] S3 NaiAvFilter1;NaiAvFilter1;f:\windows\system32\drivers\naiavf5x.sys [2006-5-18 114624] S3 ni1006k;NI PXI-1006 Chassis Pilot;f:\windows\system32\drivers\ni1006k.sys [2007-2-22 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;f:\windows\system32\drivers\ni1045kl.sys [2007-2-22 11552] S3 ni488lock;NI-488.2 Locking Service;f:\windows\system32\drivers\ni488lock.sys [2007-2-26 16672] S3 nicdrk;nicdrk;f:\windows\system32\drivers\nicdrkl.sys [2007-2-22 11552] S3 nidmxfk;nidmxfk;f:\windows\system32\drivers\nidmxfkl.sys [2007-2-25 11552] S3 nidsark;nidsark;f:\windows\system32\drivers\nidsarkl.sys [2007-2-23 11552] S3 niemrk;niemrk;f:\windows\system32\drivers\niemrkl.sys [2007-2-25 11552] S3 niesrk;niesrk;f:\windows\system32\drivers\niesrkl.sys [2007-2-25 11552] S3 nifslk;nifslk;f:\windows\system32\drivers\nifslkl.sys [2007-2-22 11552] S3 nimsdrk;nimsdrk;f:\windows\system32\drivers\nimsdrkl.sys [2007-2-25 11552] S3 nimslk;nimslk;f:\windows\system32\drivers\nimslk.dll [2006-12-18 14464] S3 nimsrlk;nimsrlk;f:\windows\system32\drivers\nimsrlk.dll [2006-12-18 151683] S3 nimxpk;nimxpk;f:\windows\system32\drivers\nimxpkl.sys [2007-2-22 11552] S3 ninshsdk;ninshsdk;f:\windows\system32\drivers\ninshsdkl.sys [2007-2-23 11552] S3 nipalfwedl;nipalfwedl;f:\windows\system32\drivers\nipalfwedl.sys [2007-2-15 11552] S3 nipalusb;NI-PAL USB Driver;f:\windows\system32\drivers\nipalusb.sys [2007-2-15 10528] S3 nipalusbedl;nipalusbedl;f:\windows\system32\drivers\nipalusbedl.sys [2007-2-15 11552] S3 nipxigpk;NI PXI Generic Chassis Pilot;f:\windows\system32\drivers\nipxigpk.sys [2007-2-22 20768] S3 niscdk;niscdk;f:\windows\system32\drivers\niscdkl.sys [2007-2-26 11552] S3 nisdigk;nisdigk;f:\windows\system32\drivers\nisdigkl.sys [2007-2-25 11552] S3 nisftk;nisftk;f:\windows\system32\drivers\nisftkl.sys [2007-2-23 11552] S3 nismbusk;nismbusk;f:\windows\system32\drivers\nismbusk.sys [2007-2-22 86304] S3 nispdk;nispdk;f:\windows\system32\drivers\nispdkl.sys [2007-2-26 11552] S3 nissrk;nissrk;f:\windows\system32\drivers\nissrkl.sys [2007-2-25 11552] S3 nistc2k;nistc2k;f:\windows\system32\drivers\nistc2kl.sys [2007-2-22 11552] S3 nistcrk;nistcrk;f:\windows\system32\drivers\nistcrkl.sys [2007-2-23 11552] S3 niswdk;niswdk;f:\windows\system32\drivers\niswdkl.sys [2007-2-23 11552] S3 nitiork;nitiork;f:\windows\system32\drivers\nitiorkl.sys [2007-2-23 11552] S3 NiViFWK;NI-VISA FireWire Driver;f:\windows\system32\drivers\NiViFWKl.sys [2007-2-22 11552] S3 NiViPciK;NI-VISA PCI Driver;f:\windows\system32\drivers\NiViPciKl.sys [2007-2-23 11552] S3 niwfrk;niwfrk;f:\windows\system32\drivers\niwfrkl.sys [2007-2-25 11552] S3 nixsrk;nixsrk;f:\windows\system32\drivers\nixsrkl.sys [2007-2-25 11552] S3 usb6xxxk;usb6xxxk;f:\windows\system32\drivers\usb6xxxk.sys [2007-2-25 27936] =============== Created Last 30 ================ 2009-01-20 11:27 161,792 a------- f:\windows\SWREG.exe 2009-01-20 11:27 98,816 a------- f:\windows\sed.exe 2009-01-20 11:26 <DIR> --d----- F:\Combo-Fix 2009-01-20 11:06 <DIR> --d----- f:\program files\CCleaner 2009-01-16 11:35 <DIR> --d----- f:\docume~1\gyrotron\applic~1\Malwarebytes 2009-01-16 11:35 15,504 a------- f:\windows\system32\drivers\mbam.sys 2009-01-16 11:35 38,496 a------- f:\windows\system32\drivers\mbamswissarmy.sys 2009-01-16 11:35 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware 2009-01-16 11:35 <DIR> --d----- f:\docume~1\alluse~1\applic~1\Malwarebytes 2009-01-16 10:47 41,984 a------- f:\windows\system32\chert5-998.exe 2009-01-15 17:07 <DIR> --d----- f:\program files\Trend Micro 2009-01-15 16:12 <DIR> --d----- f:\docume~1\gyrotron\applic~1\HouseCall 6.6 2009-01-15 16:01 1,375,225 a--sh--- f:\windows\system32\fhhpcotq.ini 2009-01-15 15:57 102,664 a------- f:\windows\system32\drivers\tmcomm.sys 2009-01-15 15:57 <DIR> --d----- f:\documents and settings\gyrotron\.housecall6.6 2009-01-15 15:37 1,375,225 a--sh--- f:\windows\system32\lnkqoxwv.ini 2009-01-14 05:08 24,064 a------- f:\windows\system32\pcload.exe 2009-01-13 17:03 <DIR> --d----- f:\docume~1\alluse~1\applic~1\avg8 2009-01-13 16:37 1,104 a------- f:\windows\olocxhrn 2009-01-12 15:09 48,640 a------- f:\windows\system32\hpzll4pi.dll 2009-01-12 15:08 94,208 a------- f:\windows\system32\HPZipt12.dll 2009-01-12 15:08 57,344 a------- f:\windows\system32\HPZisn12.dll 2009-01-12 15:08 282,680 a------- f:\windows\system32\HPZidr12.dll 2009-01-12 15:08 204,800 a------- f:\windows\system32\HPZipr12.dll 2009-01-12 15:08 69,632 a------- f:\windows\system32\HPZipm12.exe 2009-01-12 15:08 65,536 a------- f:\windows\system32\HPZinw12.exe 2009-01-12 15:08 306,688 a------- f:\windows\IsUninst.exe 2009-01-12 15:04 123,131 a------- f:\windows\HPHins12.dat 2009-01-12 15:04 14,916 -------- f:\windows\hphmdl12.dat 2009-01-12 15:04 77,824 a------- f:\windows\system32\hpzids01.dll 2009-01-12 14:40 <DIR> --d----- f:\program files\HP 2009-01-12 14:40 <DIR> --d----- f:\windows\Downloaded Installations ==================== Find3M ==================== 2008-12-02 13:25 87,263 a------- f:\windows\pchealth\helpctr\offlinecache\index.dat 2008-10-23 07:36 286,720 a------- f:\windows\system32\gdi32.dll ============= FINISH: 11:46:16.29 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.