Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer will not d-load MWBytes or HJT


  • This topic is locked This topic is locked
3 replies to this topic

#1 chansen

chansen

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 21 August 2009 - 05:40 PM

I have a persistant computer problem. I think my one of my kids accidently downloaded a file through a Video Codec from a site like hulu dot com, not sure. I have tried to fix the problem myself, but it still is on my computer. I have run Spyware Terimantor and it found 38 threats, I got rid of those. I have gone through my ADD/REMOVE and remove any unwanted d-loads and files. I have run my AVG and it found nothing(I did update it before running scan). I have tried to d-load MalwareBytes and HiJackThis from download.com, but they will not open after the install. I have even tried to re-named them before installing...nothing works.

Thank You, Chris

Oh since I ran the Spyware Terminator my browser seems to run better, but every once in a while the screen 'blinks' in the background. Within 5 seconds a 'pop-up' window appears in the upper right hand corner area of my screen.

I tried again to d-load MalwareBytes and HiJackThis and still the same problem.

Here is my DDS report


DDS (Ver_09-07-30.01) - NTFSx86
Run by Chris at 18:56:52.25 on Fri 08/21/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.363 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSmsc.exe
svchost.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSYSTEM32USRmlnkA.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMicrosoft IntelliType Protype32.exe
C:Program FilesMicrosoft IntelliPointpoint32.exe
C:Program FilesSpyware Terminatorsp_rsser.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDell Photo AIO Printer 944dlcdmon.exe
C:Program FilesAMT Media ManagerAMTDeviceService.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSYSTEM32USRshutA.exe
C:WINDOWSSYSTEM32USRmlnkA.exe
C:WINDOWSmsupdate32.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSlivemessenger.com
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32MsPMSPSv.exe
C:WINDOWSsystem32dlcdcoms.exe
C:Program FilesHPhpcoretechcomphptskmgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:DOCUME~1ChrisLOCALS~1Tempb.exe
C:WINDOWSsystem32spoolsv.exe
C:Documents and SettingsChrisMy Documentsdds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar =
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpnyt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpnYTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [Monopod] c:docume~1chrislocals~1tempb.exe
mRun: [USRpdA] c:windowssystem32usrmlnka.exe runservices device3cpipe-USRpdA
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [ATIPTA] c:program filesati technologiesati control panelatiptaxx.exe
mRun: [RoxioEngineUtility] "c:program filescommon filesroxio sharedsystemEngUtil.exe"
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [type32] "c:program filesmicrosoft intellitype protype32.exe"
mRun: [IntelliPoint] "c:program filesmicrosoft intellipointpoint32.exe"
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRun: [HP Software Update] "c:program fileshphp software updateHPWuSchd2.exe"
mRun: [HP Component Manager] "c:program fileshphpcoretechhpcmpmgr.exe"
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [tgcmd] "c:program filessupport.combellsouthhcenter.exe" /starthidden /tgcmdwrapper
mRun: [DLCDCATS] rundll32 c:windowssystem32spooldriversw32x863DLCDtime.dll,_RunDLLEntry@16
mRun: [dlcdmon.exe] "c:program filesdell photo aio printer 944dlcdmon.exe"
mRun: [MemoryCardManager]
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [AMTDeviceService] "c:program filesamt media managerAMTDeviceService.exe"
mRun: [Microsoft Update] livemessenger.com
mRun: [Windows Update Service] msupdate32.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:program filesmalwarebytes' anti-malwarembamgui.exe /install /silent
StartupFolder: c:docume~1alluse~1startm~1programsstartupeventr~1.lnk - c:program filesprintmaster gold 17Remind.exe
mPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableRegistrytools = 1 (0x1)
IE: Add to AMV Converter... - c:program filesmp3 player utilities 4.15amvconvertergrab.html
IE: Add to Media Manager... - c:program filesmp3 player utilities 4.15mediamanagergrab.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonyinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234639681531
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:program fileshphpcoretechcomphpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-2-16 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-2-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-2-16 108552]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-2-16 297752]
R3 dlcd_device;dlcd_device;c:windowssystem32dlcdcoms.exe -service --> c:windowssystem32dlcdcoms.exe -service [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:program fileslavasoftad-awareaawservice.exe" --> c:program fileslavasoftad-awareAAWService.exe [?]
S3 iteio;iteio;??c:windowssystem32driversiteio.sys --> c:windowssystem32driversiteio.sys [?]
S3 itsernum;itsernum Filter ÅX°µ{¦¡;c:windowssystem32driversitsernum.sys [2009-2-14 20133]

=============== Created Last 30 ================

2009-08-21 18:12 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-08-21 17:33 141,312 a------- c:windowssystem32driverssp_rsdrv2.sys
2009-08-21 17:33 <DIR> --d----- c:docume~1chrisapplic~1Spyware Terminator
2009-08-21 17:33 <DIR> --d----- c:program filesSpyware Terminator
2009-08-21 17:33 <DIR> --d----- c:docume~1alluse~1applic~1Spyware Terminator
2009-08-21 13:30 <DIR> --d----- C:spoolerlogs
2009-08-21 13:06 77,392 ---shr-- c:windowsmsupdate32.exe
2009-08-20 17:03 244 a---h--- C:sqmnoopt19.sqm
2009-08-20 17:03 232 a---h--- C:sqmdata19.sqm
2009-08-20 17:00 244 a---h--- C:sqmnoopt18.sqm
2009-08-20 17:00 232 a---h--- C:sqmdata18.sqm
2009-08-20 16:57 244 a---h--- C:sqmnoopt17.sqm
2009-08-20 16:57 232 a---h--- C:sqmdata17.sqm
2009-08-20 16:54 244 a---h--- C:sqmnoopt16.sqm
2009-08-20 16:54 232 a---h--- C:sqmdata16.sqm
2009-08-20 16:51 244 a---h--- C:sqmnoopt15.sqm
2009-08-20 16:51 232 a---h--- C:sqmdata15.sqm
2009-08-20 16:48 244 a---h--- C:sqmnoopt14.sqm
2009-08-20 16:48 232 a---h--- C:sqmdata14.sqm
2009-08-20 16:45 244 a---h--- C:sqmnoopt13.sqm
2009-08-20 16:45 232 a---h--- C:sqmdata13.sqm
2009-08-20 16:42 244 a---h--- C:sqmnoopt12.sqm
2009-08-20 16:42 232 a---h--- C:sqmdata12.sqm
2009-08-20 16:39 244 a---h--- C:sqmnoopt11.sqm
2009-08-20 16:39 232 a---h--- C:sqmdata11.sqm
2009-08-20 16:36 244 a---h--- C:sqmnoopt10.sqm
2009-08-20 16:36 232 a---h--- C:sqmdata10.sqm
2009-08-20 16:33 244 a---h--- C:sqmnoopt09.sqm
2009-08-20 16:33 232 a---h--- C:sqmdata09.sqm
2009-08-20 16:32 <DIR> --d----- c:program filesTrend Micro
2009-08-20 16:30 244 a---h--- C:sqmnoopt08.sqm
2009-08-20 16:30 232 a---h--- C:sqmdata08.sqm
2009-08-20 16:27 244 a---h--- C:sqmnoopt07.sqm
2009-08-20 16:27 232 a---h--- C:sqmdata07.sqm
2009-08-20 16:24 244 a---h--- C:sqmnoopt06.sqm
2009-08-20 16:24 232 a---h--- C:sqmdata06.sqm
2009-08-20 16:21 244 a---h--- C:sqmnoopt05.sqm
2009-08-20 16:21 232 a---h--- C:sqmdata05.sqm
2009-08-20 16:18 244 a---h--- C:sqmnoopt04.sqm
2009-08-20 16:18 232 a---h--- C:sqmdata04.sqm
2009-08-20 16:16 147,456 a------- c:windowsmsc.exe
2009-08-20 16:12 244 a---h--- C:sqmnoopt03.sqm
2009-08-20 16:12 232 a---h--- C:sqmdata03.sqm
2009-08-20 16:09 244 a---h--- C:sqmnoopt02.sqm
2009-08-20 16:09 232 a---h--- C:sqmdata02.sqm
2009-08-20 16:06 244 a---h--- C:sqmnoopt01.sqm
2009-08-20 16:06 232 a---h--- C:sqmdata01.sqm
2009-08-20 16:03 244 a---h--- C:sqmnoopt00.sqm
2009-08-20 16:03 232 a---h--- C:sqmdata00.sqm
2009-08-20 15:12 147,456 a------- c:windowsmsb.exe
2009-08-19 18:59 835,584 a------- c:windowssystem32WINCTL4.OCX
2009-08-19 18:59 495,616 a------- c:windowssystem32WINUTIL5.DLL
2009-08-19 18:59 393,216 a------- c:windowssystem32WINLCTL5.DLL
2009-08-19 18:59 <DIR> --d----- c:program filesWinferno
2009-08-19 14:03 140,292 a------- c:windowsmsa.exe
2009-08-17 21:43 75,264 ---shr-- c:windowslivemessenger.com
2009-08-12 11:37 128,512 -c------ c:windowssystem32dllcachedhtmled.ocx
2009-08-12 11:37 1,315,328 -c------ c:windowssystem32dllcachemsoe.dll
2009-08-05 19:08 <DIR> --d----- c:program filesGroove Games
2009-08-04 22:40 <DIR> --d----- C:Need4Video files
2009-08-04 22:38 <DIR> --d----- c:windowssystem32appmgmt
2009-08-04 22:32 <DIR> --d----- c:program filescommon filesDVDVideoSoft
2009-08-03 17:57 <DIR> --d----- c:program filesMP3 Player Utilities 4.15
2009-07-29 19:02 <DIR> --d----- c:program filesAMT Media Manager
2009-07-26 13:52 <DIR> --d----- c:documents and settingschris.sv
2009-07-26 13:52 <DIR> --d----- c:documents and settingschris.jogl_ext
2009-07-26 13:52 <DIR> --d----- c:docume~1chrisapplic~1Octoshape

==================== Find3M ====================

2009-08-20 08:09 335,240 a------- c:windowssystem32driversavgldx86.sys
2009-08-20 08:09 11,952 a------- c:windowssystem32avgrsstx.dll
2009-08-05 05:01 204,800 -------- c:windowssystem32mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:windowssystem32atl.dll
2009-07-13 23:43 286,208 -------- c:windowssystem32wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:windowssystem32wininet.dll
2009-06-16 10:36 119,808 -------- c:windowssystem32t2embed.dll
2009-06-16 10:36 81,920 -------- c:windowssystem32fontsub.dll
2009-06-12 08:31 80,896 -------- c:windowssystem32tlntsess.exe
2009-06-12 08:31 76,288 -------- c:windowssystem32telnet.exe
2009-06-10 10:13 84,992 -------- c:windowssystem32avifil32.dll
2009-06-10 09:19 2,066,432 -------- c:windowssystem32mstscax.dll
2009-06-10 02:14 132,096 -------- c:windowssystem32wkssvc.dll
2009-06-03 15:09 1,291,264 -------- c:windowssystem32quartz.dll
2001-11-23 00:08 712,704 ac------ c:windowsinfotherAUDIO3D.DLL

============= FINISH: 18:59:13.37 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 2/14/2009 11:39:14 AM
System Uptime: 8/21/2009 5:52:12 PM (1 hours ago)

Motherboard: | | 845PE-ITE8712
Processor: Intel® Pentium® 4 CPU 2.66GHz | Socket 478 | 2666/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 113.916 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/21/2009 1:23:04 PM - System Checkpoint
RP2: 8/21/2009 5:50:34 PM - Spyware Terminator - restore point

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AMT Media Manager
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Remote Wonder 2.3
ATIRW2
AVG Free 8.5
BellSouth FastAccess DSL Help Center
BroadJump Client Foundation
BufferChm
C-Media 3D Audio
CameraDrivers
Camfrog Video Chat 5.3
CardRd81
CCleaner (remove only)
CCScore
CR2
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
DAO
Dell Photo AIO Printer 944
Director
Easy CD & DVD Creator 6
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Photosmart Cameras 4.0
HP Software Update
HPSystemDiagnostics
InstantShare
Java™ 6 Update 11
Java™ SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
LimeWire 4.16.6
Macromedia Shockwave Player
Marine Sharpshooter 3
Marine Sharpshooter II: Jungle Warfare
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Move Media Player
MP3 Player Utilities 4.15
MSXML 4.0 SP2 (KB954430)
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Overland
PhotoGallery
PrintMaster Gold 17
QFolder
QuickProjects
QuickTime
Rhapsody Player Engine
Roxio DVDMAX Player
Roxio PhotoSuite 5
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SFR
SHASTA
Sid Meier's Gettysburg! 2000/XP Compatibility Update
SKIN0001
SkinsHP1
SKINXSDK
SOYO H/W Monitor
Spyware Terminator
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/21/2009 11:37:13 AM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
8/20/2009 6:16:20 PM, information: Windows File Protection [64007] - The protected system file eventlog.dll could not be verified as valid because the file was in use. Use the SFC utility to verify the integrity of the file at a later time.

==== End Of File ===========================

RooRepeal Report

OOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/21 19:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:WINDOWSSystem32Driversdump_atapi.sys
Address: 0xA57C3000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xF7B7A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA578B000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:WINDOWSwin32k.sys:1
Address: 0xF78EE000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:WINDOWSwin32k.sys:2
Address: 0xA576B000 Size: 61440 File Visible: No Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Module [Name: kbiwkmxevsdbmq.dll]
Process: svchost.exe (PID: 772) Address: 0x10000000 Size: 53248

Object: Hidden Module [Name: kbiwkmmsqtegtp.dll]
Process: Explorer.EXE (PID: 2012) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: kbiwkmmsqtegtp.dll]
Process: iexplore.exe (PID: 3472) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: kbiwkmmsqtegtp.dll]
Process: iexplore.exe (PID: 4084) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: kbiwkmmsqtegtp.dll]
Process: iexplore.exe (PID: 2384) Address: 0x10000000 Size: 32768

Hidden Services
-------------------
Service Name: kbiwkmokblrdlv
Image Path: C:WINDOWSsystem32driverskbiwkmmyqrhhlp.sys

==EOF==

Merged posts. ~ OB

Edited by Orange Blossom, 22 August 2009 - 12:07 AM.


BC AdBot (Login to Remove)

 


#2 chansen

chansen
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 August 2009 - 10:48 PM

Logfile of Spyware Terminator v2.3.0.487 (db:3.008.021.000)
Scan Time: 8/23/2009 11:26:19 PM length: 1075 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: %Custom_Scan%
Scanned Objects: 133811 (Critical:5)
Filter: No System items, No Safe items, No Invalid items

Running Processes
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
livemessenger.com : C:\WINDOWS\livemessenger.com
dlcdcoms.exe : C:\WINDOWS\system32\dlcdcoms.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - [Yahoo! Inc] : C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

Toolbars
03 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Monopod : : C:\Documents and Settings\Chris\Local Settings\Temp\b.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cmaudio : [C-Media Corporation] : C:\WINDOWS\system\cmicnfg.cpl
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RoxioEngineUtility : [Roxio] : C:\Program Files\Common Files\ROXIO SHARED\SYSTEM\ENGUTIL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Company] : C:\Program Files\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, tgcmd : [BellSouth] : C:\Program Files\SUPPORT.COM\BELLSOUTH\HCENTER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, DLCDCATS : : C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dlcdmon.exe : [Dell] : C:\Program Files\DELL PHOTO AIO PRINTER 944\DLCDMON.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AMTDeviceService : : C:\Program Files\AMT MEDIA MANAGER\AMTDEVICESERVICE.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Update : : C:\WINDOWS\livemessenger.com
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Winsock2 driver : : C:\WINDOWS\system32\LSASS32.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx, Microsoft Update : : C:\WINDOWS\livemessenger.com
04 - Startup: : C:\Documents and Settings\Chris\Start Menu\Programs\Startup\desktop.ini
04 - Startup: : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
04 - Startup: : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
04 - Startup: %STARTUPALL%\Event Reminder.lnk [Broderbund Properties LLC] : C:\Program Files\PrintMaster Gold 17\Remind.exe

Shell Extensions
Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL
My Media - {A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} - [Roxio, Inc.] : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll
IntelliType Pro Zooming Property Page - {97FA8AA2-EE77-4FF2-9449-424D8924EF21} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLITYPE PRO\ITCPLZM.DLL
IntelliType Pro Scrolling Property Page - {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLITYPE PRO\ITCPLWHL.DLL
IntelliType Pro Key Settings Property Page - {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLITYPE PRO\ITCPLKEY.DLL
IntelliType Pro Wireless Control Panel Property Page - {A2569D1F-4E06-43EC-9825-0088B471BE47} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLITYPE PRO\ITCPLWIR.DLL
Wireless Property Page - {20082881-FC36-4E47-9A7A-644C95FF749F} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLIPOINT\IPCPLWIR.DLL
Wheel Property Page - {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLIPOINT\IPCPLWHL.DLL
Activities Property Page - {653DCCC2-13DB-45B2-A389-427885776CFE} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLIPOINT\IPCPLACT.DLL
Buttons Property Page - {124597D8-850A-41AE-849C-017A4FA99CA2} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLIPOINT\IPCPLBTN.DLL
KodakShellExtension - {acb4a560-3606-11d3-aef4-00104bd0f92d} - [Eastman Kodak Company] : C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll

Protocol Handler
CZipHandler Object - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - [Hewlett-Packard Company] : C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

Services
23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
23 - [Jungo] : C:\WINDOWS\system32\drivers\ATIRWVD.SYS
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmuda.sys
23 - [Eastman Kodak Company] : C:\WINDOWS\system32\DRIVERS\DcCam.sys
23 - [Eastman Kodak Company] : C:\WINDOWS\system32\drivers\dcfs2k.sys
23 - [CNet Technology, Inc.] : C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
23 - [U.S. Robotics Corporation] : C:\WINDOWS\system32\DRIVERS\USRpdA.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll

IE URL Search Hooks
Yahoo! Toolbar - {{EF99BD32-C1FB-11D2-892F-0090271D4F88}} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

Threat Files
<Trojan.BHO.xxc.1> : C:\WINDOWS\system32\dddesot.dll
<Trojan.Crypt.XPACK.Gen> : C:\WINDOWS\Temp\xnixrxewrv.exe

Advanced Files Report
%SYSDIR%\Ati2evxx.dll [ATI Technologies Inc.] [ATI External Event Utility for NT, W2K and W9X] MD5=338B63B4E19A879EC6F6E48B7A48CE7C SIZE=86016
%SYSDIR%\Ati2evxx.exe [ATI Technologies Inc.] [ATI External Event Utility for WindowsNT and Windows9X] MD5=D24907C31A3004A560385E5048C72DD7 SIZE=385024
%SystemDiskRoot%\?\globalroot\Device\__max++>\4CE34F8A.x86.dll
%SYSDIR%\dlcdlmpm.DLL [Printer Communication System] MD5=461173FBE09B231941FA9A2E3291EEEA SIZE=483328
%SYSDIR%\spool\PRTPROCS\W32X86\dlcdPP5C.dll [Dell, Inc.] [Windows 2K/XP printer driver] MD5=C8E1F2783FCADCDC53B0F6FB2FA222EC SIZE=73728
%SYSDIR%\spool\DRIVERS\W32X86\3\dlcdUI5C.DLL [Dell, Inc.] [Windows 2K/XP printer driver] MD5=366AF60AF68485D753DFEF699042ACA3 SIZE=57344
%SYSDIR%\spool\DRIVERS\W32X86\3\dlcdSTRN.DLL [Dell, Inc.] [Windows 2K/XP printer driver] MD5=6DF56CC511A45BFEC3D5526AECFF6E8B SIZE=287232
%SYSDIR%\spool\DRIVERS\W32X86\3\dlcdDR5C.DLL [Dell, Inc.] [Windows 2K/XP printer driver] MD5=DB40E346106F62C2381C2D2EC44217FF SIZE=117248
%SYSDIR%\spool\DRIVERS\W32X86\3\dlcdPCFG.dll [Dell, Inc.] [Windows 2K/XP printer driver] MD5=00E69A7A6FA665CFA8682A4366FEA883 SIZE=4096
%SYSDIR%\spool\DRIVERS\W32X86\3\dlcdcfg.dll [config] MD5=4C6B624074A2DD127BA70FC9A4B2BB56 SIZE=65536
%SYSDIR%\spool\DRIVERS\W32X86\3\dlcdHPEC.DLL [Host Print Engine] MD5=31F63E5A6725A4F0192050D33CA1150E SIZE=479232
%SYSDIR%\spool\DRIVERS\W32X86\3\dlcdflib.dll [Host Print Engine] MD5=7C872E44EE7940E6F945C00DB94C6A45 SIZE=114688
%SYSDIR%\spool\DRIVERS\W32X86\3\dlcdtsfw.dll [Lexmark International Inc.] [Touchstone] MD5=B964BFAA2AE146451288AAA637613EBF SIZE=180224
%SYSDIR%\dlcdcomc.dll [Printer Communication System] MD5=22C9F047D240FFF6D41B466DAF378ED7 SIZE=704512
%SYSDIR%\dlcdpplc.dll [Printer Communication System] MD5=FBA9ED5D597191D53FE818FF2DA8D845 SIZE=114688
%SYSDIR%\dlcdprox.dll [Printer Communication System] MD5=2BFF139D2E0BD3A181211E7B9913F232 SIZE=155648
%PROGRAMFILES%\Dell Photo AIO Printer 944\dlcddrs.dll [Dell] [Scan Data Retrieval Subsystem] MD5=A7A36BD8057DF6389961145197A5277C SIZE=380928
%SYSDIR%\dlcdcfg.dll [config] MD5=4C6B624074A2DD127BA70FC9A4B2BB56 SIZE=65536
%PROGRAMFILES%\Dell Photo AIO Printer 944\dlcdcnv4.dll MD5=98C3EE9B1C3381B2054BA4948DF76E67 SIZE=61440
%PROGRAMFILES%\AVG\AVG8\avglvex.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=19A8B72D162E1F365889097D11B3CC8D SIZE=197912
%SYSDIR%\dlcdcoms.exe [Printer Communication System] MD5=FFA104BF98B9677516B38421EE2810EE SIZE=491520
msupdate32.exe
%SYSDIR%\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
%STARTUP%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
%STARTUPALL%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
%STARTUPALL%\Event Reminder.lnk MD5=28A922CBD552FEBAB1BB073729E3F489 SIZE=685
%PROGRAMFILES%\PrintMaster Gold 17\Remind.exe [Broderbund Properties LLC] [PrintMaster] MD5=171995BFBC6095F11958452BE6693320 SIZE=344064
%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=6A2E0E49A4F2A9DF3E6293E37E7486BD SIZE=882416
deskpan.dll
%PROGRAMFILES%\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=283926C9F1D6C0EC263962F684F502A1 SIZE=33120
%PROGRAMFILES%\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=EEFF9EB53DE2111DEC77E7C9E8D090F0 SIZE=236384
%PROGRAMFILES%\msaccrt\Access 97\soa800.dll
%PROGRAMFILES%\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll [Roxio, Inc.] [AudioCentral Media Manager] MD5=7355B4C4F6D727E6EB0A475CE4EC928D SIZE=1191936
%PROGRAMFILES%\MICROSOFT INTELLITYPE PRO\ITCPLZM.DLL [Microsoft Corporation] [Microsoft IntelliType Pro] MD5=DDD2E528CBC510E74AAEA6634721D97D SIZE=217088
%PROGRAMFILES%\MICROSOFT INTELLITYPE PRO\ITCPLWHL.DLL [Microsoft Corporation] [Microsoft IntelliType Pro] MD5=0E6403B95274E5F76367765BD10683D3 SIZE=241664
%PROGRAMFILES%\MICROSOFT INTELLITYPE PRO\ITCPLKEY.DLL [Microsoft Corporation] [Microsoft IntelliType Pro] MD5=0A6C43755FB7E78B4E468F061AD4676F SIZE=368640
%PROGRAMFILES%\MICROSOFT INTELLITYPE PRO\ITCPLWIR.DLL [Microsoft Corporation] [Microsoft IntelliType Pro] MD5=346CDEBC57EFAF5E754B3D3FCA797C69 SIZE=208896
%PROGRAMFILES%\MICROSOFT INTELLIPOINT\IPCPLWIR.DLL [Microsoft Corporation] [Microsoft IntelliPoint] MD5=E98489592493ECC3024D7475E2009BA4 SIZE=348160
%PROGRAMFILES%\MICROSOFT INTELLIPOINT\IPCPLWHL.DLL [Microsoft Corporation] [Microsoft IntelliPoint] MD5=B96854EDA874AD5816265F69D3CC0147 SIZE=245760
%PROGRAMFILES%\MICROSOFT INTELLIPOINT\IPCPLACT.DLL [Microsoft Corporation] [Microsoft IntelliPoint] MD5=FCECA10414B14B57C90CD3A67430F599 SIZE=184320
%PROGRAMFILES%\MICROSOFT INTELLIPOINT\IPCPLBTN.DLL [Microsoft Corporation] [Microsoft IntelliPoint] MD5=68D60E239FE966764C1718B62ED21FD7 SIZE=380928
%COMMONFILES%\Kodak\ifscore\KodakShX.dll [Eastman Kodak Company] [SHELLEXT Dynamic Link Library] MD5=6F894CC5A5CED38C1CB75E0B756530BE SIZE=183296
%SYSDIR%\drivers\ATIRWVD.SYS [Jungo] [WinDriver Device Driver] MD5=368BE3DB3A6B9621DF51216D323CDA23 SIZE=257872
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\drivers\cmuda.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=997F912324B3BB977AF2DF376E5508CE SIZE=451599
%SYSDIR%\DRIVERS\DcCam.sys [Eastman Kodak Company] [Kodak Digital Camera Driver] MD5=1B269ED3EB2D81EC11CD5B0544E89962 SIZE=37150
%SYSDIR%\drivers\dcfs2k.sys [Eastman Kodak Company] [Kodak DC File System Driver (NT)] MD5=1315E0B5B6FC1FE930EE3498309700BD SIZE=38673
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\dlcdcoms.exe -service
%SYSDIR%\DRIVERS\DM9PCI5.SYS [CNet Technology, Inc.] [CNet PRO200WL PCI Fast Ethernet Adapter] MD5=51EF6CA3D57055FED6AB99021D562443 SIZE=29696
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\msiexec.exe \V
%SYSDIR%\svchost -k rpcss
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\USRpdA.sys [U.S. Robotics Corporation] [U.S. Robotics Modem Driver] MD5=497F2190E87D58FD68E559E083796EDC SIZE=113762
%SYSDIR%\svchost.exe -k WudfServiceGroup
%PROGRAMFILES%\HP\hpcoretech\comp\hpuiprot.dll [Hewlett-Packard Company] [hp coretech (COmponent REuse TECHnology)] MD5=7863F5A6DB70289FF9434CD484B3274C SIZE=81920
%COMMONFILES%\Microsoft Shared\Web Components\10\OWC10.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=AA2204BD7F9FBFAA09EF15C212A67D69 SIZE=7255384
%TEMP%\A.EXE MD5=D4005071BFA9AB12F30B51297EA708C6 SIZE=133120
%SYSDIR%\pxdrv.dll [Sonic Solutions] [Px] MD5=3389FD2C04CD116926D9D736D2CAB242 SIZE=397312
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=CB23B162AC655F24C6711A5F5DF348C6 SIZE=61440
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=1B7524806D0270B81360C63A2FA047CB SIZE=1101824
%COMMONFILES%\Microsoft Shared\GRPHFLT\CGMIMP32.FLT [Microsoft Corporation] [Microsoft Office 2003] MD5=D12C778C066B0532DA00F98D2C36544E SIZE=289120
%COMMONFILES%\Microsoft Shared\PROOF\MSHY3ES.DLL [SIGNUM Cía. Ltda.
Av. 12 de Octubre E24-994
Quito, Ecuador
Phones: (593 2) 2568038, 2568037
Fax: (593 2) 2568114
e-mail: servicio@lenguaje.com
http://www.lenguaje.com] [Spanish Hyphenation Engine] MD5=C1C2359354F01F1472494C7150D31E0C SIZE=749568
%COMMONFILES%\Microsoft Shared\Smart Tag\FPERSON.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=DD55EF4AE8244FAED88AC71F69B2ECEC SIZE=186208
%PROGRAMFILES%\Microsoft Works\ltkrn13n.dll [LEAD Technologies, Inc.] [LEADTOOLS® DLL for Win32] MD5=6D853FA6843DF479F456D0B498D654FE SIZE=446976
%COMMONFILES%\Microsoft Shared\OFFICE11\1033\MSOINTL.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=D213A1970A4A47C7373CBD8B8867627F SIZE=1753952

End of Report

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:11 AM

Posted 28 August 2009 - 08:55 PM

Hello chansen,

Step 1

Download and run Win32kDiag:Step 2

Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
Please post back with:
  • Win32kDiag.txt
  • Content of the log.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:11 AM

Posted 10 September 2009 - 06:53 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users