Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

maybe something maybe self fear


  • This topic is locked This topic is locked
2 replies to this topic

#1 Shapsplace

Shapsplace

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 16 October 2009 - 05:23 PM

DDS (Ver_09-10-13.01) - FAT32x86
Run by shop at 15:12:35.42 on Fri 10/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.368.79 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\shop\Desktop\Tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/news?ned=us

uSearch Bar = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SystemTray] SysTray.Exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRunOnce: [Printing Migration] rundll32.exe c:\windows\system32\spool\migrate.dll,ProcessWin9xNetworkPrinters
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: eautoclaims.com\ea9
Trusted Zone: processclaims.com
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso4.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4} - hxxp://shopflow.processclaims.com/ShopFlowWeb/cab/UDCClientAccess.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157666243184
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} - hxxp://cflive.adpclaims.com/cf1live/static/weblaunch/weblaunch2.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37861.6954398148
DPF: {B02A1229-4EC7-4827-AF39-C38CF8D8AA86} - hxxp://www.processclaims.com/dll/PCDirTree.CAB
DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} - hxxp://www.processclaims.com/dll/vsflex7L.cab
DPF: {C5432542-213E-4513-9093-F2A538D2916B} - hxxp://www.processclaims.com/dll/PCSecureUpload.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE21B5EC-C60D-42E7-B282-F3541DB0AD40} - hxxp://www.processclaims.com/dll/FileSystem.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://viewcam.mctraffic.org:8022/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://processclaims.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxp://www.processclaims.com/dll/ikcntrls.cab
TCP: {9ACF686C-7CE7-46C8-9198-EE20591909CD} = 206.13.29.12,206.13.30.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shop\applic~1\mozilla\firefox\profiles\default.nah\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-19 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-19 297752]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-16 305936]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-4 47640]
R3 SiS630;SiS630;c:\windows\system32\drivers\sis630p.sys [2009-4-19 164608]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-4-19 332928]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-10-16 14:06 <DIR> --d----- c:\program files\Trend Micro
2009-10-16 13:32 <DIR> --d----- c:\program files\CCleaner
2009-10-16 13:29 <DIR> --d----- c:\program files\FileHippo.com
2009-10-16 12:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-10-16 12:58 <DIR> --d----- c:\program files\IObit
2009-10-16 12:55 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-10-16 12:53 429,440 a------- c:\windows\system32\drivers\rt73.sys
2009-10-16 12:53 319,488 a------- c:\windows\system32\AegisI5.exe
2009-10-16 12:53 295,018 a------- c:\windows\system32\Install7x.dll
2009-10-16 12:53 2,048 a------- c:\windows\system32\drivers\rt73.bin
2009-10-16 12:53 45 a------- c:\windows\filespec7x
2009-10-16 12:52 <DIR> --d----- c:\program files\RALINK
2009-09-25 11:53 <DIR> --dsh--- C:\FOUND.065
2009-09-24 14:29 2,134,016 a------- c:\windows\system32\cdintf251.dll
2009-09-24 14:24 <DIR> --d----- c:\windows\ADPTemp
2009-09-24 14:24 <DIR> --d----- c:\windows\ADPEMSTemplates
2009-09-24 14:24 <DIR> --d----- c:\windows\ADPClaimPDFs
2009-09-24 14:24 <DIR> --d----- c:\windows\ADPClaimJPGs
2009-09-24 14:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Bomgar-SCC-4ABBDF03
2009-09-24 13:40 <DIR> --dsh--- C:\FOUND.064

==================== Find3M ====================

2009-10-16 13:47 1,956 a------- c:\windows\system32\d3d8caps.dat
2009-10-01 11:55 87,352 a------- c:\windows\system32\LMIinit.dll
2009-10-01 11:55 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 11:55 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 07:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-07 17:21 25,248 a------- c:\windows\system32\lmimirr.dll
2009-09-07 17:21 11,552 a------- c:\windows\system32\lmimirr2.dll
2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 14:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 09:57 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 09:56 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 03:29 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 03:29 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 22:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-26 22:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 01:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 01:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 08:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-04 08:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 07:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 07:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 07:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2005-10-31 13:04 26,958 a------- c:\program files\Movieland Terms.html
2003-05-06 10:00 589,866 a------- c:\program files\user.pca
2003-05-06 09:59 6,520,886 a------- c:\program files\system.pca
2003-04-23 07:16 266 ---sh--- c:\program files\desktop.ini
2003-04-23 07:16 11,079 ----h--- c:\program files\folder.htt
2003-04-22 07:26 32 a--sh--- c:\windows\{703B2237-04E5-412E-B2B2-69DF3776F352}.dat
2003-04-22 07:26 32 a--sh--- c:\windows\system\{718ACC0D-AA03-4907-AED6-66F84E726351}.dat

============= FINISH: 15:13:54.12 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/6/2006 9:15:20 AM
System Uptime: 10/16/2009 2:54:23 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | TUSI-M
Processor: Intel® Celeron™ CPU 1000MHz | PGA 370 | 1002/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 149 GiB total, 116.63 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP407: 9/11/2009 2:55:46 PM - System Checkpoint
RP408: 9/12/2009 3:24:49 PM - System Checkpoint
RP409: 9/13/2009 4:24:49 PM - System Checkpoint
RP410: 9/14/2009 4:32:23 PM - System Checkpoint
RP411: 9/15/2009 5:25:25 PM - System Checkpoint
RP412: 9/16/2009 5:48:53 PM - System Checkpoint
RP413: 9/17/2009 6:24:52 PM - System Checkpoint
RP414: 9/18/2009 6:36:53 PM - System Checkpoint
RP415: 9/19/2009 7:24:52 PM - System Checkpoint
RP416: 9/20/2009 8:24:53 PM - System Checkpoint
RP417: 9/21/2009 9:24:54 PM - System Checkpoint
RP418: 9/22/2009 9:49:33 PM - System Checkpoint
RP419: 9/23/2009 10:49:34 PM - System Checkpoint
RP420: 9/24/2009 12:55:54 PM - Removed Audatex Estimating / Autosource
RP421: 9/24/2009 1:47:30 PM - Printer Driver LogMeIn Printer Driver Installed
RP422: 9/24/2009 2:05:27 PM - Removed Audatex Estimating / Autosource
RP423: 9/24/2009 2:23:47 PM - Installed Audatex Estimating / Autosource
RP424: 9/24/2009 2:30:06 PM - Removed Audatex Estimating Vehicle Data
RP425: 9/24/2009 2:30:13 PM - Installed Audatex Estimating Vehicle Data
RP426: 9/25/2009 3:36:45 PM - System Checkpoint
RP427: 9/26/2009 3:58:05 PM - System Checkpoint
RP428: 9/27/2009 4:58:05 PM - System Checkpoint
RP429: 9/28/2009 4:59:10 PM - System Checkpoint
RP430: 9/29/2009 4:59:30 PM - System Checkpoint
RP431: 9/30/2009 6:26:39 PM - System Checkpoint
RP432: 10/1/2009 7:10:26 PM - System Checkpoint
RP433: 10/2/2009 8:12:56 PM - System Checkpoint
RP434: 10/3/2009 9:10:19 AM - Avg8 Update
RP435: 10/3/2009 9:11:57 AM - Avg8 Update
RP436: 10/4/2009 10:10:56 AM - System Checkpoint
RP437: 10/5/2009 8:33:47 AM - Printer Driver LogMeIn Printer Driver Installed
RP438: 10/6/2009 9:13:36 AM - System Checkpoint
RP439: 10/7/2009 8:17:16 AM - Avg8 Update
RP440: 10/8/2009 8:28:49 AM - System Checkpoint
RP441: 10/9/2009 8:29:52 AM - System Checkpoint
RP442: 10/10/2009 8:58:39 AM - System Checkpoint
RP443: 10/11/2009 9:58:37 AM - System Checkpoint
RP444: 10/12/2009 10:26:00 AM - System Checkpoint
RP445: 10/13/2009 11:35:46 AM - System Checkpoint
RP446: 10/16/2009 12:44:31 PM - System Checkpoint
RP447: 10/16/2009 12:53:41 PM - Installed Ralink Wireless LAN Card
RP448: 10/16/2009 2:17:32 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Reader 8.1.5
ADP Ras Diagnostic Tool
Audatex Estimating / Autosource
Audatex Estimating Vehicle Data
AVG 8.5
AXIS Media Control Embedded
Brother HL-2040
BurnInTest v2.3 Pro
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera TWAIN Driver
Canon Camera TWAIN Driver 6.4
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
ClientComm
Conexant SoftK56 Modem
Critical Update for Windows Media Player 11 (KB959772)
eJuster Transfer
FileHippo.com Update Checker
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
hp psc 2170 series
HPCarePackCore
HPCarePackProducts
HPSSupply
Intel® 536EP Modem
Intel® 536EP Modem Drivers and Utilities
Internet Explorer Q903235
IObit Security 360 1.0
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
KB408682
LightScribe 1.4.89.1
LogMeIn
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MovieEdit Task
Mozilla Firefox (3.0.14)
MrvlUsgTracking
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
PCI Audio Applications
PCI Audio Driver
Perfect Uninstaller v6.2.1
PerfectDisk
PhotoStitch
PrimoPDF
ProcessClaims
ProcessClaims Master
Ralink Wireless LAN Card
RAW Image Task 1.1
RealOne Player
RemoteCapture Task 1.0.3
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
Shoplink for Windows
Shoplink for Windows 6.2
Shoplink for Windows 6.25
SiS 900 PCI Fast Ethernet Adapter Driver
SlwApps
Spybot - Search & Destroy
TextPad
Tweak UI
Uniblue DriverScanner 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebEDU
WebEx Client Install
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows XP Uninstall
WinZip

==== Event Viewer Messages From Past Week ========

10/16/2009 12:58:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/16/2009 12:29:41 PM, error: Print [23] - Printer KONICA MINOLTA PagePro 1350W failed to initialize because a suitable KONICA MINOLTA PagePro 1350W driver could not be found.
10/16/2009 12:29:34 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.

==== End Of File ===========================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/16 15:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF26D0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BAC000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0CF6000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

Attached Files


Edited by Shapsplace, 16 October 2009 - 05:30 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:53 PM

Posted 28 October 2009 - 03:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:53 PM

Posted 02 November 2009 - 05:11 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users