Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Virus Detection? PVD.exe and demoscan4free.com


  • This topic is locked This topic is locked
2 replies to this topic

#1 C5Drvr

C5Drvr

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 08 September 2009 - 11:04 AM

I am trying to fix my teenage sister in-laws computer. I have tried to run Ad-Aware, Malwarebytes (but it hangs on installation) and nothing cleans it.

Here are the requested log files.






DDS




DDS (Ver_09-07-30.01) - NTFSx86
Run by Lindsey M at 11:28:30.81 on Tue 09/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.686 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\121886~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\121886~1\EE\AOLServiceHost.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lindsey M\Local Settings\Temporary Internet Files\Content.IE5\W963C1EN\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3516
uStart Page = hxxp://aimzones.aol.com/homepage
uInternet Settings,ProxyServer = http=
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3516
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HostManager] c:\program files\common files\aol\1218862329\ee\AOLHostManager.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\lindse~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222738602472
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251152599156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-7 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214024]
R1 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-24 34248]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-24 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\McShield.exe [2009-8-24 144704]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-24 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-24 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-24 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-24 40552]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-29 24652]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2008-8-16 69692]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-5 33752]

=============== Created Last 30 ================

2009-09-08 11:19 <DIR> --dsh--- c:\documents and settings\lindsey m\IECompatCache
2009-09-08 04:47 0 a------- C:\23990098.$$$
2009-09-07 21:02 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-07 21:01 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-07 21:01 <DIR> --d----- c:\program files\Lavasoft
2009-09-07 20:59 <DIR> --d----- C:\Downloads
2009-09-07 20:59 <DIR> --d----- C:\Bases
2009-09-07 20:58 <DIR> --d----- C:\Kaspersky
2009-09-07 20:34 3,942,048 a------- C:\mbam-setup.exe
2009-08-31 12:50 <DIR> --dsh--- c:\documents and settings\lindsey m\PrivacIE
2009-08-31 12:48 <DIR> --dsh--- c:\documents and settings\lindsey m\IETldCache
2009-08-31 12:31 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-31 12:30 <DIR> --d----- c:\windows\ie8updates
2009-08-31 12:30 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-31 12:30 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-31 12:27 <DIR> -cd-h--- c:\windows\ie8
2009-08-30 21:02 24,576 a------- c:\windows\system32\drivers\ndisrd.sys
2009-08-30 19:56 <DIR> --d----- c:\program files\common files\Uninstall
2009-08-29 14:39 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-08-29 14:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-08-29 14:39 <DIR> --d----- c:\program files\AIM Toolbar
2009-08-29 14:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-08-29 14:38 <DIR> --d----- c:\program files\AIM6
2009-08-24 23:18 268,648 a------- c:\windows\system32\mucltui.dll
2009-08-24 23:18 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-08-24 19:49 <DIR> --d----- c:\program files\Microsoft
2009-08-24 19:25 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-24 19:16 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-24 18:58 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-24 18:57 <DIR> --d----- C:\0f60f5b3f5bf5c03a12305b733b480a2
2009-08-24 18:47 8,709 a------- c:\windows\system32\Config.MPF
2009-08-24 18:44 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-08-24 18:44 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-08-24 18:44 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-08-24 18:44 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-08-24 18:43 <DIR> --d----- c:\program files\common files\McAfee
2009-08-24 18:40 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-08-24 18:20 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-24 18:20 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-18 20:50 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-18 20:50 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-08-18 20:50 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2008-12-14 20:26 646 a------- c:\docume~1\lindse~1\applic~1\wklnhst.dat

============= FINISH: 11:29:59.84 ===============










Attach






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/17/2008 12:26:05 AM
System Uptime: 9/8/2009 11:15:05 AM (0 hours ago)

Motherboard: Intel Corporation | | D101GGC
Processor: Intel® Celeron® D CPU 3.20GHz | | 3200/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 107 GiB total, 76.797 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.921 GiB free.
E: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP140: 9/2/2009 8:55:43 PM - Software Distribution Service 3.0
RP141: 9/2/2009 8:55:43 PM - Removed McAfee VirusScan Enterprise
RP142: 9/2/2009 8:55:43 PM - Software Distribution Service 3.0
RP143: 9/2/2009 8:55:43 PM - Printer Driver Microsoft XPS Document Writer Installed
RP144: 9/2/2009 8:55:43 PM - Software Distribution Service 3.0
RP145: 9/2/2009 8:55:43 PM - Software Distribution Service 3.0
RP146: 9/2/2009 8:55:43 PM - System Checkpoint
RP147: 9/2/2009 8:55:43 PM - Software Distribution Service 3.0
RP148: 9/2/2009 8:55:43 PM - System Checkpoint
RP149: 9/2/2009 8:55:43 PM - System Checkpoint
RP150: 9/2/2009 8:55:44 PM - System Checkpoint
RP151: 9/2/2009 8:55:44 PM - System Checkpoint
RP152: 9/2/2009 8:55:44 PM - Software Distribution Service 3.0
RP153: 9/2/2009 8:55:44 PM - System Checkpoint
RP154: 9/2/2009 8:55:44 PM - System Checkpoint
RP155: 9/3/2009 8:07:14 PM - System Checkpoint
RP156: 9/4/2009 8:36:16 PM - System Checkpoint
RP157: 9/6/2009 8:34:53 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
AIM 6
AIM Toolbar
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
ATI Display Driver
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Canon iP1700
DIGOpt
DIGReqEx
Diner Dash
Download Updater (AOL LLC)
DVD Solution
FATE
Gateway Game Console
getPlus® for Adobe
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 11
Java™ 6 Update 7
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSN Messenger 6.1
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Napster
Napster Burn Engine
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
SCRABBLE
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Soft Data Fax Modem with SmartCP
The Sims™ Life Stories
Tradewinds
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/8/2009 11:13:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/8/2009 11:07:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/7/2009 9:15:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
9/7/2009 9:14:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/7/2009 9:13:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/7/2009 9:13:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mferkdk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/7/2009 9:13:05 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 9:13:05 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 9:13:05 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 9:13:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 8:39:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service service to connect.
9/7/2009 8:39:52 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/7/2009 8:03:16 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%3" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
9/7/2009 7:37:53 PM, error: DCOM [10001] - Unable to start a DCOM Server: {6A972E27-93E2-4F98-8367-4101B2073814} as /. The error: "%3" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

==== End Of File ===========================









And RootRepeal










ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/08 11:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0EDF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE0A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAD65D000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACmglaetpcjs.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACoeejdvyxlr.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACojpsabkydl.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACxsicoituwo.dll
Status: Invisible to the Windows API!

Path: c:\windows\temp\mcafee_mandhcz1yofjlg7
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_mtra5mebwgwyg4c
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\Perflib_Perfdata_1258.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACded2.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACquntjdpwon.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\lindsey m\local settings\temp\~df5d02.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\lindsey m\local settings\temp\~df9a6b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\lindsey m\local settings\temp\~dfd6ee.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\lindsey m\local settings\temp\~dfd6f9.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Lindsey M\Local Settings\Temp\UAC729d.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Lindsey M\Local Settings\Temporary Internet Files\Content.IE5\6M1DF9AW\UACAKU1JL6CA008PLYCAYMBQOSCA2WA4MXCAZ31CZXCAJWGTC3CA4ZWCLDCAHTQYBXCAE24M2YCAO8YZ1YCAAIGQ8XCANQVAUJCAPF8SRBCA1KIPJTCAPT1J1ICA6UX5VHCAP7PI06CA1XIY2FCA4CSZPE.txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Lindsey M\Local Settings\Temporary Internet Files\Content.IE5\6MB6K753\top[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Lindsey M\Local Settings\Temporary Internet Files\Content.IE5\HMB71FLA\unsupported-systems[1].html
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Lindsey M\Local Settings\Temporary Internet Files\Content.IE5\HMB71FLA\__utm[7].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Lindsey M\Local Settings\Temporary Internet Files\Content.IE5\LR43LOOF\UACA8WSHIDCAJLEVIVCA1YMP9ACA4AZO1GCAQLBE25CAA8BCCMCAKN9IK1CA2BJGVOCAO6QFK0CAICUY2VCAI953GCCA1JK5F2CAFWVSRECA1YF3IUCA4KJAB8CAIQLO10CAH0BSO6CALBTOZFCAL0537Z.txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Lindsey M\Local Settings\Temporary Internet Files\Content.IE5\O0HY1ZES\download-background[1].png
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Lindsey M\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.xvideos.com
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Lindsey M\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid
Status: Could not get file information (Error 0xc0000008)

Stealth Objects
-------------------
Object: Hidden Module [Name: UACoeejdvyxlr.dll]
Process: svchost.exe (PID: 900) Address: 0x00a20000 Size: 65536

Object: Hidden Module [Name: UACded2.tmpoituwo.dll]
Process: svchost.exe (PID: 900) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACmglaetpcjs.dll]
Process: Explorer.EXE (PID: 1632) Address: 0x10000000 Size: 49152

Object: Hidden Module [Name: UACxsicoituwo.dll]
Process: iexplore.exe (PID: 2584) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACxsicoituwo.dll]
Process: iexplore.exe (PID: 3876) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACxsicoituwo.dll]
Process: iexplore.exe (PID: 1792) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACxsicoituwo.dll]
Process: Iexplore.exe (PID: 5972) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACxsicoituwo.dll]
Process: Iexplore.exe (PID: 3668) Address: 0x10000000 Size: 217088

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACquntjdpwon.sys

==EOF==

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 10 September 2009 - 12:29 PM

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 15 September 2009 - 12:08 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users