Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 ForumTown

ForumTown

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 June 2009 - 04:42 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by GU at 17:38:53.29 on 06/04/2009 Thu
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.958.372 [GMT -4:00]

AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\360\360Safe\safemon\360tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
svchost.exe
C:\Program Files\Windows7\RunMe\RunMe.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\GU\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch = hxxp://www.baidu.com/baidu?tn=youcome_pg
mSearchAssistant = hxxp://www.baidu.com/baidu?tn=youcome_pg
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Download_Bho Class: {a986e409-30cc-4185-89bb-ab212c104524} - c:\program files\ppliveva\DownloaderManager.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: SafeMon Class: {b69f34dd-f0f9-42dc-9edd-957187da688d} - c:\program files\360\360safe\safemon\safemon.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [TransBar] c:\program files\windows7\transbar\TransBar.exe /s
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [360Safetray] c:\program files\360\360safe\safemon\360tray.exe /start
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [KRun] c:\program files\windows7\runme\RunMe.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - d:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
IE: Append to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download by easyMule - c:\program files\easymule\IE2EM.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gu\applic~1\mozilla\firefox\profiles\7heswz6p.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: d:\program files\adobe\acrobat 8.0\acrobat\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-11 12552]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-3-26 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-3-26 52224]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-11 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-11 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-11 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-4-28 13696]
R1 SafeBoxKrnl;SafeBoxKrnl;c:\windows\system32\drivers\safeboxkrnl.sys [2009-3-3 223624]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-11 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-5-11 1366904]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-5-11 29208]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-6-4 714240]
S2 gupdate1c9c925c9e7dafc;Google Update Service (gupdate1c9c925c9e7dafc);c:\program files\google\update\GoogleUpdate.exe [2009-4-29 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-5-11 29208]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]

=============== Created Last 30 ================

2009-05-30 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm
2009-05-30 15:28 <DIR> --d----- c:\program files\Last.fm
2009-05-17 21:22 <DIR> --d----- c:\program files\Xilisoft
2009-05-15 19:48 <DIR> --d----- c:\docume~1\gu\applic~1\MPEG Streamclip
2009-05-13 16:06 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-13 16:06 208,744 a------- c:\windows\system32\muweb.dll
2009-05-13 16:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-12 22:53 <DIR> --d----- c:\docume~1\gu\applic~1\PPLiveVA
2009-05-12 22:53 <DIR> --d----- c:\program files\PPLiveVA
2009-05-12 22:48 13 a------- c:\windows\msgtn.ini
2009-05-12 21:20 <DIR> --d----- c:\program files\Autorun Eater
2009-05-12 19:59 <DIR> --d----- c:\documents and settings\gu\Tracing
2009-05-12 19:58 <DIR> --d----- c:\program files\Microsoft
2009-05-12 19:58 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-12 19:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-12 15:45 34 a------- c:\documents and settings\gu\jagex_runescape_preferences.dat
2009-05-11 22:53 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-11 20:34 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-05-11 20:34 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-11 20:34 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-11 20:34 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-11 20:34 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-11 20:33 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-05-11 20:33 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-05-11 20:33 <DIR> --d----- c:\program files\AVG
2009-05-11 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-11 20:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-05-11 20:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-05-11 20:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-05-11 20:04 <DIR> --d----- c:\docume~1\gu\applic~1\DAEMON Tools Lite
2009-05-11 20:01 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-05-11 20:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-05-11 19:59 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-11 19:59 <DIR> --d----- c:\docume~1\gu\applic~1\DAEMON Tools Pro
2009-05-09 20:51 99,448 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-09 20:45 90,112 a------- c:\windows\unvise32.exe
2009-05-09 20:45 <DIR> --d----- c:\program files\Encore 5
2009-05-09 16:36 <DIR> --d----- c:\docume~1\gu\applic~1\Dev-Cpp
2009-05-08 20:41 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-04-29 22:38 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-29 16:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-28 10:07 315,392 a------- c:\windows\HideWin.exe
2009-04-28 09:50 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2003-11-10 20:26 376,884 a------- c:\program files\image001.bmp

============= FINISH: 17:39:23.89 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/28/2009 9:58:10 AM
System Uptime: 6/4/2009 5:19:37 PM (0 hours ago)

Motherboard: BIOSTAR Group | | P4M90-M4
Processor: Intel® Pentium® 4 CPU 2.40GHz | Socket 775 | 2400/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 48 GiB total, 37.3 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 17.092 GiB free.
E: is FIXED (NTFS) - 27 GiB total, 26.244 GiB free.
F: is FIXED (NTFS) - 39 GiB total, 19.619 GiB free.
G: is FIXED (NTFS) - 18 GiB total, 11.285 GiB free.
H: is Removable
I: is CDROM ()
J: is CDROM ()
K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP97: 5/30/2009 1:22:56 PM - System Checkpoint
RP98: 5/31/2009 3:31:05 PM - System Checkpoint
RP99: 6/1/2009 5:33:56 PM - System Checkpoint
RP100: 6/3/2009 8:09:56 PM - System Checkpoint

==== Installed Programs ======================

360保险箱
360安全卫士
ABBYY FineReader 6.0 Sprint
Add or Remove Adobe Creative Suite 3 Design Standard
Adobe Acrobat 8 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Standard
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
Autorun Eater v2.3
AVG 8.5
Bonjour
Choice Guard
Critical Update for Windows Media Player 11 (KB959772)
Dev-C++ 5 beta 9 release (4.9.9.2)
easyMule
Encore 5
Google Update Helper
Google Updater
Google 地球
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB944043-v3)
Hotfix for Windows XP (KB951830)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB955535)
iTunes
Java™ 6 Update 13
jetAudio Basic
Last.fm 1.5.4.24567
Lexmark 5400 Series
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSVCRT
PDF Settings
Platform
PPLive Video Accelerator
QuickTime
Realtek High Definition Audio Driver
RocketDock 1.3.5
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
TVAnts 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955839)
Update for Windows XP (KB958752)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VIA Display Driver 6.14.10.0095
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows优化大师
WinRAR archiver

==== Event Viewer Messages From Past Week ========

6/3/2009 5:14:41 PM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
6/3/2009 4:30:50 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2009 4:29:46 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2009 2:12:32 PM, error: Print [6161] - The document Microsoft Word - Arch-Pictures-_3_4 owned by GU failed to print on printer Lexmark 5400 Series. Data type: LEMF. Size of the spool file in bytes: 9147769. Number of bytes printed: 9147769. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\XPWINDOWS7. Win32 error code returned by the print processor: 0 (0x0).
5/31/2009 11:19:26 AM, error: Print [6161] - The document Microsoft Word - Document3 owned by GU failed to print on printer Lexmark 5400 Series. Data type: LEMF. Size of the spool file in bytes: 7643056. Number of bytes printed: 7643056. Total number of pages in the document: 7. Number of pages printed: 0. Client machine: \\XPWINDOWS7. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 04 June 2009 - 04:43 PM

Hello ForumTown. Welcome to BC.

Please provide a GMER scan log in addition to the DDS and Attach.txt logs.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

With Regards,
The Panda

#3 ForumTown

ForumTown
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 June 2009 - 05:02 PM

Thanks, but when I try to run GMER, it scans well for the first few minutes and then crashes, resulting in a BSOD. I have done this twice and this has been the result both times.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 04 June 2009 - 05:07 PM

Hello.

In that case, let's try RootRepeal.

Download and Run Scan with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop:
  • Extract RootRepeal.exe from the zip archive.
  • Open RootRepeal.exe on your desktop. If you are using Windows Vista, right click RootRepeal.exe and select Run As Administrator.
  • Click the Report tab.
  • Click the Scan button.
  • Check all six boxes.
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

With Regards,
The Panda

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 16 June 2009 - 07:44 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users