Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot start explorer.exe, dds.scr and Rootrepeal cannot scan


  • This topic is locked This topic is locked
5 replies to this topic

#1 JBeezy

JBeezy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 October 2009 - 06:31 PM

Running Windows XP Home SP3.

I left my laptop on overnight and in the morning I noticed the CPU was at 100%. Ran process explorer and saw msa.exe, b.exe running and msa.exe had run Adobe Reader or another Adobe program. I killed the processes and searched my hard drive for msa.exe and b.exe and deleted the files. Did a google search and deleted everything I could find of msa.exe, b.exe, Pop Rock, Nord Bull from registry and hard drive. Downloaded Avast to do a boot time scan.

I started the boot time scan but then had to go to the store and someone moved my laptop and unplugged it so it never finished. When I got home, I started Windows and nothing happened, just saw the wallpaper. Ran Process Explorer and saw that explorer.exe and all other application processes were not running. System processes were running. (I will try to include a screenshot that i just took.) I tried to start C:\WINDOWS\explorer.exe from File>Run... but i got the following error message:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."



Restarted to Safe Mode and did a system restore to earliest restore date (8 days ago). Restore failed but after computer rebooted, explorer.exe was running but msa.exe and b.exe were back. Deleted them again from hard drive and registry. Avast was not installed anymore so i reinstalled it and did a boot time scan but avast wouldn't open after the reboot. I received the same "Windows cannot access the specified device, path....." message.

msa.exe and b.exe are not running at this point.

Took a break and when I came back the taskbar and icons on my desktop were missing but RocketDock was still up. I right clicked on the wallpaper and laptop froze. Tried Ctrl+Alt+Del to start Process Explorer but nothing happened for ten minutes so I turned it off (held the power button) and when it rebooted, explorer.exe would not start again.

I again tried to do a System Restore but all restore points were deleted/missing.

Then I looked on BleepingComputer.

Tried to run dds.scr and it started running. After all processes terminated, no logs were displayed to save. Tried to run RootRepeal.exe. Went to report and scan. checked all boxes, then selected the C: drive. Scan started and then closed. I tried to rerun RootRepeal.exe but it displayed the "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." error.
I re-downloaded RootRepeal and checked all boxes besides Files and it scanned and I saved that log. When I rescanned but only checked to box besides Files, the scan did not complete.

Also installed HJT. Clicked "Full System Scan and save log" it began scanning and then closed. Attempting to run the program gives the "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." error.

Seems to give that error a lot after closing programs...

Help! and Thanks!

Edited by garmanma, 15 October 2009 - 09:04 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:37 AM

Posted 15 October 2009 - 09:08 PM

One thing to note, when you finally post in the HJT forum do not add additional post. It will only move you back in line
Please copy and paste the root Repeal log you ran and also run this log




Please download peek.bat and save it to your Desktop. Double-click on peek.bat to run it. A black Command Prompt window will appear indicating the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates in your next reply.

If you encounter a problem downloading or getting peek.bat to run, go to Posted Image > Run..., and in the open box, type: Notepad
  • Click OK.
  • Copy and paste everything in the code box below into the Untitled - Notepad.
@ECHO OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txt
START Log.txt
DEL %0
  • Go to File > Save As, click the drop-down box to change the Save As Type to *All Files and save it as "peek.bat" on your desktop.
  • Double-click peek.bat to run the script.
  • A window will open and close quickly, this is normal.
  • A file called log.txt should be created on your Desktop.
  • Open that file and copy/paste the contents in your next reply.
-- Vista users, users can refer to these instructions to Run a Batch File as an Administrator.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 JBeezy

JBeezy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 October 2009 - 09:37 PM

UPDATE:
I was on Google and came across this site: http://www.techsupportforum.com/security-c...o-gmer-exe.html

I began to follow the instructions. I ran the Win32kDiag.exe and then ComboFix.exe and after ComboFix finished, my explorer.exe is working again. I can also run all the programs that I didn't have permission to before.

I ran peek.bat and then ran Root Repeal again. Here is the peek.bat log and then the full RootRepeal log (including scanning Files which I couldn't before).

Also, since dds.scr runs now I will include that log also.

Is the problem fixed because explorer.exe is running again? I do not want to restart my computer unless I have to because on reboot is usually when the problems start.

Thank you.

=====================
peek.bat log
=====================
Volume in drive C is JoshyP
Volume Serial Number is 4882-DA87

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 05:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 05:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 13,207,617,536 bytes free

=====================
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/15 19:12
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000089
Image Path: \Driver\00000089
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xF78FB000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF762B000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE00C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AD7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP111.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP111.SYS
Address: 0xF7B45000 Size: 7680 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF7B13000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED45B000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf74bec04

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf74bed48

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf74bf0c0

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf74beae2

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf74bf18a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf74bf022

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf74bf212

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f87bf8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x86d48788 Size: 15

Object: Hidden Code [Driver: tffsport, IRP_MJ_CREATE]
Process: System Address: 0x86fd5398 Size: 15

Object: Hidden Code [Driver: tffsport, IRP_MJ_CLOSE]
Process: System Address: 0x86fd5398 Size: 15

Object: Hidden Code [Driver: tffsport, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd5398 Size: 15

Object: Hidden Code [Driver: tffsport, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd5398 Size: 15

Object: Hidden Code [Driver: tffsport, IRP_MJ_POWER]
Process: System Address: 0x86fd5398 Size: 15

Object: Hidden Code [Driver: tffsport, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd5398 Size: 15

Object: Hidden Code [Driver: tffsport, IRP_MJ_PNP]
Process: System Address: 0x86fd5398 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86f130e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86e3ceb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x86f87eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86fd5a40 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_CREATE]
Process: System Address: 0x86fd55d0 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_CLOSE]
Process: System Address: 0x86fd55d0 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd55d0 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd55d0 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_POWER]
Process: System Address: 0x86fd55d0 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd55d0 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_PNP]
Process: System Address: 0x86fd55d0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86d3a0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86d3a0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d3a0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d3a0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86d3a0e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86d3a0e8 Size: 15

Object: Hidden Code [Driver: vaxscsi, IRP_MJ_CREATE]
Process: System Address: 0x86ce2a58 Size: 15

Object: Hidden Code [Driver: vaxscsi, IRP_MJ_CLOSE]
Process: System Address: 0x86ce2a58 Size: 15

Object: Hidden Code [Driver: vaxscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ce2a58 Size: 15

Object: Hidden Code [Driver: vaxscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ce2a58 Size: 15

Object: Hidden Code [Driver: vaxscsi, IRP_MJ_POWER]
Process: System Address: 0x86ce2a58 Size: 15

Object: Hidden Code [Driver: vaxscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ce2a58 Size: 15

Object: Hidden Code [Driver: vaxscsi, IRP_MJ_PNP]
Process: System Address: 0x86ce2a58 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86e13870 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86d000e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_CREATE]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_CLOSE]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_READ]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_WRITE]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_CLEANUP]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: NpfsЅఐ卆浩Ƅ, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86d130e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_CREATE]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_CLOSE]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_READ]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_WRITE]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_CLEANUP]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: MsfsЅఐ卆浩˜, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86c1b0e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_CREATE]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_CLOSE]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_READ]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_CLEANUP]
Process: System Address: 0x86e55a98 Size: 15

Object: Hidden Code [Driver: Cdfsȅఅ瑎獆㐰, IRP_MJ_PNP]
Process: System Address: 0x86e55a98 Size: 15

==EOF==


=====================
dds.scr log
=====================

DDS (Ver_09-10-12.01) - NTFSx86
Run by Fo Shankles at 19:09:47.81 on Thu 10/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1007.623 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fo Shankles\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\foshan~1\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\foshan~1\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c12/v21.123/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\foshan~1\applic~1\mozilla\firefox\profiles\k49wp2yy.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-3-7 12552]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2006-10-29 149376]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 108552]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-3-7 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-3-7 29208]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S4 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe --> c:\progra~1\avg\avg8\avgfws8.exe [?]

=============== Created Last 30 ================

2009-10-15 18:54 <DIR> a-dshr-- C:\cmdcons
2009-10-15 18:52 236,544 a------- c:\windows\PEV.exe
2009-10-15 18:52 161,792 a------- c:\windows\SWREG.exe
2009-10-15 18:52 98,816 a------- c:\windows\sed.exe
2009-10-15 18:24 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-15 16:14 <DIR> --d----- c:\program files\Trend Micro
2009-10-14 02:04 <DIR> --d----- C:\chrome-win32
2009-10-14 02:04 <DIR> --d----- C:\scripts
2009-10-11 23:27 <DIR> --d----- c:\program files\VZBB Toolbar
2009-10-04 04:10 0 a------- c:\windows\system32\commonpub.log.lock
2009-10-04 04:10 0 a------- c:\windows\system32\commonpriv.log.lock
2009-09-28 14:08 57,344 a------- c:\windows\system32\MFC71ENU.DLL
2009-09-21 09:39 111 a------- C:\mw.bat

==================== Find3M ====================

2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 08:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-01-19 10:55 270,128 a------- c:\program files\΅Torrent.exe
2008-11-26 15:39 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2007-02-21 14:09 470 a------- c:\docume~1\foshan~1\applic~1\wklnhst.dat
2005-06-01 10:02 1,336,890 a------- c:\program files\Jun2005_d3dx9_26_x64.cab
2005-06-01 10:02 1,065,813 a------- c:\program files\Jun2005_d3dx9_26_x86.cab
2005-06-01 10:02 916,000 a------- c:\program files\Jun2005_MDX_x86.cab
2005-06-01 10:02 703,080 a------- c:\program files\BDA.cab
2005-06-01 10:02 482,000 a------- c:\program files\DXSETUP.exe
2005-06-01 10:02 67,440 a------- c:\program files\dxupdate.cab
2005-06-01 10:02 13,265,040 a------- c:\program files\dxnt.cab
2005-06-01 10:02 2,245,840 a------- c:\program files\dsetup32.dll
2005-06-01 10:02 75,472 a------- c:\program files\DSETUP.dll
2005-06-01 10:02 15,493,481 a------- c:\program files\DirectX.cab
2005-06-01 10:02 1,156,363 a------- c:\program files\BDANT.cab
2005-06-01 10:02 976,020 a------- c:\program files\BDAXP.cab
2005-01-20 17:53 45,056 -----r-- c:\program files\SetAttrib.exe
2008-04-13 17:12 60,416 a--sh--- c:\windows\bricopacks\sysfiles\80_msimn.exe
2009-03-06 20:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030620090307\index.dat
2007-03-18 00:58 82,464 a--sh--- c:\windows\system32\drivers\fidbox.dat
2007-03-18 00:58 2,592 a--sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 19:10:01.64 ===============

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:37 AM

Posted 16 October 2009 - 04:48 PM

You need to post both of these logs in our Hijack This forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

If you are going to post in multiple forums, please do not waste our HJT team members time
They are extremely busy and fighting a rather large backlog


Good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 JBeezy

JBeezy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 16 October 2009 - 08:26 PM

Sorry, I'm new to the forum and I thought I had posted it in the wrong place. Twice actually. Won't do it again. I apologize.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:37 AM

Posted 23 October 2009 - 08:06 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/264905/msaexe-bexe-pop-rock-nordbull/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users