Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mal_otorun1


  • This topic is locked This topic is locked
2 replies to this topic

#1 arbie3030

arbie3030

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 31 March 2009 - 09:12 AM

I downloaded something yesterday and Norton caught something from the download and said it removed it but my PC has been running strange ever since. Sometimes I can't log in as my user name but booting to safe mode works everytime. Norton does not seem to find anything now but I ran the Trend Micro free scan and it said I had Mal_Otorun1.

Here are the logs from D.D.S and Attach. Thanks for the help


DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by marbenowske at 9:10:34.53 on Tue 03/31/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.946 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HBS Systems\OfficeView\OfficeView.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\marbenowske\Local Settings\Temporary Internet Files\Content.IE5\06IMG3ER\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hbssystems.com/
uDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\16.0.0.125\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\win-ec~1.lnk - c:\program files\hbs systems\win-eclipse\WinEclipse.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: {E5417A1C-5CC3-45DE-88F6-7E1CE0EEBC5A} = 129.50.95.100
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marben~1\applic~1\mozilla\firefox\profiles\14sl4lme.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\marbenowske\application data\mozilla\firefox\profiles\14sl4lme.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071302000002.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1000000.07d\SymEFA.sys [2009-3-31 309296]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R3 HypSerBus;Hypercom virtual serial port bus driver;c:\windows\system32\drivers\HypSerBus.sys [2006-4-28 6272]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2008-8-2 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2008-8-2 9216]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1000000.07d\BHDrvx86.sys [2009-3-31 254512]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1000000.07d\ccHPx86.sys [2009-3-31 362544]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090318.001\IDSxpx86.sys [2009-3-31 276344]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\16.0.0.125\ccSvcHst.exe [2009-3-31 115560]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-7-11 569344]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-30 101936]
S3 HypSerPort;Hypercom Serial port driver for L4100;c:\windows\system32\drivers\HypSerPort.sys [2006-4-28 19840]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090330.049\NAVENG.SYS [2009-3-30 89104]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090330.049\NAVEX15.SYS [2009-3-30 876144]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S3 umpserenum;Serenum Filter Driver ;c:\windows\system32\drivers\umpserenum.sys [2009-1-5 16000]
S3 umpusbvista;UMP Serial Port Driver ;c:\windows\system32\drivers\umpusbvista.sys [2009-1-5 58112]

=============== Created Last 30 ================

2009-03-31 08:05 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-31 08:04 <DIR> --d----- c:\docume~1\marben~1\applic~1\HouseCall 6.6
2009-03-31 08:04 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-31 07:30 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-03-31 07:30 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-31 07:30 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-31 07:30 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-31 07:30 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-31 07:29 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-03-30 16:20 <DIR> --d--r-- c:\program files\Norton Support
2009-03-30 13:21 303 ---shr-- C:\autorun.inf
2009-03-19 14:18 66,591 a------- c:\windows\system32\drivers\el90xbc5.sys
2009-03-19 14:18 66,591 a------- c:\windows\system32\dllcache\el90xbc5.sys
2009-03-16 15:48 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-16 15:48 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 15:48 <DIR> --d----- c:\program files\iPod
2009-03-16 15:48 <DIR> --d----- c:\program files\iTunes
2009-03-16 15:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 15:48 <DIR> --d----- c:\program files\Bonjour
2009-03-16 15:47 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-16 15:47 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-12 16:39 <DIR> --dsh--- c:\documents and settings\marbenowske\IECompatCache
2009-03-12 16:38 <DIR> --dsh--- c:\documents and settings\marbenowske\PrivacIE
2009-03-12 16:38 <DIR> --dsh--- c:\documents and settings\marbenowske\IETldCache
2009-03-12 16:34 <DIR> --d----- c:\windows\ie8updates
2009-03-12 16:32 <DIR> -cd-h--- c:\windows\ie8
2009-03-12 16:28 79,360 -------- c:\windows\system32\dllcache\iecompat.dll
2009-03-09 09:21 <DIR> --d----- c:\documents and settings\marbenowske\.yed3
2009-03-09 09:20 <DIR> --d----- c:\program files\yWorks
2009-03-05 18:02 <DIR> --d----- c:\program files\AWS
2009-03-05 18:02 <DIR> --d----- c:\docume~1\marben~1\applic~1\WeatherBug
2009-03-04 12:19 <DIR> --d----- c:\program files\Hypercom

==================== Find3M ====================

2009-03-10 08:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-15 02:17 636,264 a------- c:\windows\system32\dllcache\iexplore.exe
2009-01-15 02:17 392,040 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 02:13 5,888,512 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 02:12 10,963,968 a------- c:\windows\system32\dllcache\ieframe.dll
2009-01-15 02:06 1,182,720 a------- c:\windows\system32\dllcache\urlmon.dll
2009-01-15 02:06 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-01-15 02:06 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 911,872 a------- c:\windows\system32\dllcache\wininet.dll
2009-01-15 02:05 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-01-15 02:05 109,056 a------- c:\windows\system32\dllcache\occache.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 02:04 755,200 a------- c:\windows\system32\dllcache\VGX.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:04 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-01-15 02:04 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 02:02 1,975,296 a------- c:\windows\system32\dllcache\iertutil.dll
2009-01-15 02:02 593,920 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 02:02 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-01-15 02:01 183,808 a------- c:\windows\system32\dllcache\iepeers.dll
2009-01-15 02:01 59,904 a------- c:\windows\system32\dllcache\icardie.dll
2009-01-15 02:01 54,272 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\dllcache\imgutil.dll
2009-01-15 02:01 348,160 a------- c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 02:01 46,592 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 02:01 216,064 a------- c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 02:01 66,560 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:00 45,568 a------- c:\windows\system32\dllcache\mshta.exe
2009-01-15 01:53 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-15 01:50 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-01-15 01:35 445,440 a------- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-31 11:23 278,528 a------- c:\documents and settings\marbenowske\HBSMobile.exe
2007-08-14 01:46 10,896 a------- c:\program files\ThinkVantage Fingerprint Software
2008-08-02 07:57 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-09-17 14:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
2008-09-18 10:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 9:10:41.00 ===============



Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/17/2008 12:15:46 PM
System Uptime: 3/31/2009 7:49:24 AM (2 hours ago)

Motherboard: LENOVO | | LENOVO
Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | CPU 1 | 2194/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 103.61 GiB free.
D: is CDROM ()
F: is NetworkDisk (NTFS) - 137 GiB total, 84.07 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP95: 11/19/2008 4:03:22 PM - System Checkpoint
RP96: 11/24/2008 10:19:09 AM - System Checkpoint
RP97: 11/25/2008 11:16:15 AM - System Checkpoint
RP98: 11/26/2008 11:56:31 AM - System Checkpoint
RP99: 11/27/2008 12:56:20 PM - System Checkpoint
RP100: 11/28/2008 1:48:05 PM - System Checkpoint
RP101: 11/29/2008 1:56:20 PM - System Checkpoint
RP102: 11/30/2008 2:56:20 PM - System Checkpoint
RP103: 12/1/2008 12:02:23 PM - Installed Java™ 6 Update 10
RP104: 12/2/2008 12:37:19 PM - System Checkpoint
RP105: 12/3/2008 12:44:18 PM - System Checkpoint
RP106: 12/4/2008 1:12:22 PM - System Checkpoint
RP107: 12/5/2008 1:18:34 PM - System Checkpoint
RP108: 12/6/2008 1:18:50 PM - System Checkpoint
RP109: 12/7/2008 1:36:52 PM - System Checkpoint
RP110: 12/8/2008 2:36:13 PM - System Checkpoint
RP111: 12/9/2008 3:24:22 PM - System Checkpoint
RP112: 12/9/2008 4:30:29 PM - Installed Java™ 6 Update 11
RP113: 12/10/2008 8:27:52 AM - Software Distribution Service 3.0
RP114: 12/10/2008 9:53:39 AM - Printer Driver hp LaserJet 1320 PCL 6 Installed
RP115: 12/10/2008 9:54:47 AM - Installed hp LaserJet 1160/1320 series
RP116: 12/10/2008 12:18:25 PM - Installed Microsoft ActiveSync
RP117: 12/11/2008 2:12:48 PM - System Checkpoint
RP118: 12/12/2008 10:50:36 AM - Installed 3Com Wireless Infrastructure Device Manager
RP119: 12/12/2008 12:45:58 PM - Installed Win-ECLIPSE
RP120: 12/12/2008 12:46:30 PM - Installed OfficeView
RP121: 12/15/2008 2:19:04 PM - System Checkpoint
RP122: 12/16/2008 4:10:49 PM - System Checkpoint
RP123: 12/17/2008 11:07:55 AM - Installed WD Diagnostics
RP124: 12/18/2008 8:01:10 AM - Software Distribution Service 3.0
RP125: 12/19/2008 9:04:01 AM - System Checkpoint
RP126: 12/19/2008 11:35:37 AM - Installed Realtek High Definition Audio Driver
RP127: 12/22/2008 1:01:15 PM - System Checkpoint
RP128: 12/23/2008 1:12:10 PM - System Checkpoint
RP129: 12/29/2008 8:26:18 AM - System Checkpoint
RP130: 12/30/2008 10:34:33 AM - System Checkpoint
RP131: 12/31/2008 11:49:30 AM - System Checkpoint
RP132: 1/2/2009 7:47:31 AM - System Checkpoint
RP133: 1/5/2009 8:26:11 AM - System Checkpoint
RP134: 1/5/2009 12:55:05 PM - Unsigned driver install
RP135: 1/5/2009 12:55:56 PM - Update to an unsigned driver
RP136: 1/5/2009 12:57:53 PM - Update to an unsigned driver
RP137: 1/5/2009 12:58:32 PM - Unsigned driver install
RP138: 1/6/2009 2:45:48 PM - System Checkpoint
RP139: 1/7/2009 3:46:37 PM - System Checkpoint
RP140: 1/8/2009 5:10:34 PM - System Checkpoint
RP141: 1/9/2009 5:14:24 PM - System Checkpoint
RP142: 1/12/2009 8:20:40 AM - System Checkpoint
RP143: 1/13/2009 11:08:50 AM - System Checkpoint
RP144: 1/14/2009 1:43:22 PM - System Checkpoint
RP145: 1/15/2009 7:35:56 AM - Software Distribution Service 3.0
RP146: 1/16/2009 9:24:04 AM - System Checkpoint
RP147: 1/20/2009 10:14:54 AM - System Checkpoint
RP148: 1/21/2009 2:54:31 PM - System Checkpoint
RP149: 1/22/2009 3:08:52 PM - System Checkpoint
RP150: 1/23/2009 4:24:44 PM - System Checkpoint
RP151: 1/26/2009 9:17:09 AM - System Checkpoint
RP152: 1/27/2009 9:43:27 AM - System Checkpoint
RP153: 1/27/2009 12:20:16 PM - Removed Norton Ghost
RP154: 1/28/2009 1:23:24 PM - System Checkpoint
RP155: 1/29/2009 1:35:16 PM - System Checkpoint
RP156: 1/30/2009 1:50:30 PM - System Checkpoint
RP157: 2/2/2009 9:45:00 AM - System Checkpoint
RP158: 2/3/2009 9:55:13 AM - System Checkpoint
RP159: 2/4/2009 1:05:10 PM - System Checkpoint
RP160: 2/5/2009 1:54:51 PM - System Checkpoint
RP161: 2/6/2009 2:23:09 PM - System Checkpoint
RP162: 2/9/2009 11:24:27 AM - System Checkpoint
RP163: 2/10/2009 11:38:29 AM - System Checkpoint
RP164: 2/11/2009 7:41:44 AM - Software Distribution Service 3.0
RP165: 2/12/2009 9:58:18 AM - System Checkpoint
RP166: 2/12/2009 1:13:33 PM - Removed Diskeeper Lite.
RP167: 2/13/2009 1:17:18 PM - System Checkpoint
RP168: 2/16/2009 11:47:45 AM - System Checkpoint
RP169: 2/17/2009 8:07:11 AM - Installed Ad-Aware
RP170: 2/17/2009 2:18:02 PM - Installed Compatibility Pack for the 2007 Office system
RP171: 2/19/2009 7:36:17 AM - Software Distribution Service 3.0
RP172: 2/25/2009 7:32:08 AM - Software Distribution Service 3.0
RP173: 2/27/2009 7:31:13 AM - Software Distribution Service 3.0
RP174: 3/3/2009 10:38:52 AM - Installed RS232ToUSB
RP175: 3/3/2009 10:39:51 AM - Unsigned driver install
RP176: 3/3/2009 11:08:34 AM - Removed RS232ToUSB
RP177: 3/5/2009 5:02:08 PM - Installed WeatherBug
RP178: 3/10/2009 7:29:17 AM - Removed Java™ 6 Update 10
RP179: 3/10/2009 7:29:45 AM - Installed Java™ 6 Update 12
RP180: 3/11/2009 2:00:17 AM - Software Distribution Service 3.0
RP181: 3/12/2009 3:29:55 PM - Software Distribution Service 3.0
RP182: 3/12/2009 3:33:17 PM - Installed Windows Internet Explorer 8.
RP183: 3/12/2009 3:34:24 PM - Software Distribution Service 3.0
RP184: 3/16/2009 3:48:13 PM - Installed iTunes

==== Installed Programs ======================


32 Bit HP CIO Components Installer
3Com Wireless Infrastructure Device Manager
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HouseCall 6.6
hp LaserJet 1160/1320 series
HP Update
Hypercom FPE Interface Services
ICE.TCP 4.3.1 for Windows 95
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
J2SE Development Kit 5.0 Update 17
J2SE Runtime Environment 5.0 Update 17
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 12
Java™ 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Mouse Suite
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetBeans IDE 6.5
Norton AntiVirus
OfficeView
PC-Doctor 5 for Windows
Picasa 2
PrintScreen
QuickTime
Realtek High Definition Audio Driver
Rescue and Recovery
RS232ToUSB
SeaTools for Windows
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Spybot - Search & Destroy
System Update
ThinkVantage Technologies Welcome Message
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Video Insight
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
WD Diagnostics
WeatherBug
WebFldrs XP
Win-ECLIPSE
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Service Pack 3
XP Themes
Yahoo! Toolbar
yEd Graph Editor 3.1.1

==== Event Viewer Messages From Past Week ========

3/25/2009 11:18:24 AM, error: HypSerPort [43] - The system sleep operation failed
3/25/2009 7:38:49 AM, error: NETLOGON [5719] - No Domain Controller is available for domain HBSSYSTEMS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
3/30/2009 9:20:26 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
3/30/2009 12:49:48 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/30/2009 1:30:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2009 1:31:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm SRTSP SRTSPX SYMTDI
3/30/2009 1:33:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/30/2009 1:37:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/30/2009 2:40:06 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
3/30/2009 2:51:28 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
3/30/2009 3:21:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm SRTSPX SYMTDI

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:22 AM

Posted 08 April 2009 - 03:15 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:22 AM

Posted 19 April 2009 - 06:18 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users