Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible MBR rootkit - aka "Mebroot"????


  • This topic is locked This topic is locked
2 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:01 AM

Posted 16 October 2009 - 10:54 PM

I was directed to start a thread here by mod, description can be found here in AII

DDS logs:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Nick at 22:58:20.68 on Fri 10/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.149 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [UIUCU] c:\docume~1\nick\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-10 335240]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-10-9 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-10-9 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-10-9 29776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-10 297752]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-10-9 1244360]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-10-9 3184328]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

=============== Created Last 30 ================

2009-10-16 21:11 139,264 a------- c:\windows\system32\igfxres.dll
2009-10-16 18:01 --d----- c:\docume~1\alluse~1\applic~1\PC-Doctor
2009-10-16 18:00 --d----- c:\docume~1\alluse~1\applic~1\PCDr
2009-10-16 17:59 --d----- c:\program files\Dell Support Center
2009-10-16 17:59 --d----- c:\program files\common files\supportsoft
2009-10-15 05:17 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-10-15 05:17 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-10-15 05:17 --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-10-15 01:37 --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Spyware
2009-10-14 13:27 5 a------- c:\windows\system32\drivers\DELL_INS_2200.MRK
2009-10-14 13:27 5 a------- c:\windows\system32\drivers\1028_DELL_INS_2200.MRK
2009-10-14 13:26 666 a------- c:\windows\speed.reg
2009-10-13 21:01 --d----- c:\docume~1\nick\applic~1\Blitware
2009-10-13 19:53 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-10-13 19:53 253,952 a------- c:\windows\system32\bcmwlu00.exe
2009-10-13 19:53 86,016 a------- c:\windows\system32\preflib.dll
2009-10-13 19:53 44,032 a------- c:\windows\system32\wltrynt.dll
2009-10-13 19:53 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-10-13 19:53 3,395,584 a------- c:\windows\system32\BCMWLCPL.CPL
2009-10-13 19:53 1,392,640 a------- c:\windows\system32\WLTRAY.EXE
2009-10-13 12:54 --d----- c:\windows\system32\Dell
2009-10-13 11:48 --d----- C:\Intel
2009-10-13 06:06 --d----- c:\program files\SystemRequirementsLab
2009-10-12 17:29 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-10-12 12:09 --d----- c:\program files\Dell 720
2009-10-12 12:08 --d----- C:\Dell720
2009-10-12 09:44 --d----- c:\windows\system32\wbem\Repository
2009-10-11 19:06 --d----- C:\$AVG8.VAULT$
2009-10-11 16:57 --d----- c:\program files\Belarc
2009-10-10 20:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-10 20:11 --d----- c:\windows\system32\drivers\Avg
2009-10-10 20:10 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-10 20:10 --d----- c:\program files\AVG
2009-10-10 20:10 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-10-10 19:42 --d----- c:\docume~1\nick\applic~1\AVG8
2009-10-10 04:08 157,712 a------- c:\windows\system32\drivers\tmcomm.sys
2009-10-09 00:31 --d----- c:\docume~1\nick\applic~1\OnlineArmor
2009-10-09 00:31 --d----- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-10-09 00:29 200,784 a------- c:\windows\system32\drivers\OADriver.sys
2009-10-09 00:29 29,776 a------- c:\windows\system32\drivers\OAnet.sys
2009-10-09 00:29 24,656 a------- c:\windows\system32\drivers\OAmon.sys
2009-10-09 00:29 --d----- c:\program files\Tall Emu
2009-10-08 17:46 --d----- c:\program files\Secunia
2009-10-08 07:40 --d----- c:\program files\Driver-Soft
2009-10-07 23:00 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-10-07 22:57 --d----- c:\windows\ERUNT
2009-10-07 22:47 --d----- C:\SDFix
2009-10-07 08:06 --ds---- C:\Combo-Fix
2009-10-07 04:52 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-10-07 04:52 --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-10-07 04:50 --d----- c:\program files\Microsoft
2009-10-07 04:50 --d----- c:\program files\Windows Live SkyDrive
2009-10-07 04:41 --d----- c:\program files\common files\Windows Live
2009-10-07 01:58 --d----- c:\windows\system32\scripting
2009-10-07 01:58 --d----- c:\windows\l2schemas
2009-10-07 01:57 --d----- c:\windows\system32\en
2009-10-07 01:57 --d----- c:\windows\system32\bits
2009-10-07 01:18 --d----- c:\windows\EHome
2009-10-07 00:08 69,120 -------- c:\windows\system32\wlanapi.dll
2009-10-07 00:06 20,992 -------- c:\windows\system32\spupdwxp.exe
2009-10-07 00:05 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-07 00:05 32,768 -------- c:\windows\system32\setupn.exe
2009-10-07 00:05 397,056 -------- c:\windows\system32\s3gnb.dll
2009-10-07 00:05 166,912 -------- c:\windows\system32\drivers\s3gnbm.sys
2009-10-07 00:05 30,592 -------- c:\windows\system32\drivers\rndismpx.sys
2009-10-07 00:05 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-10-07 00:05 59,136 -------- c:\windows\system32\drivers\rfcomm.sys
2009-10-07 00:05 13,776 -------- c:\windows\system32\drivers\recagent.sys
2009-10-07 00:05 61,952 -------- c:\windows\system32\rasqec.dll
2009-10-07 00:05 76,800 -------- c:\windows\system32\qutil.dll
2009-10-07 00:05 62,464 -------- c:\windows\system32\qcliprov.dll
2009-10-07 00:05 291,328 -------- c:\windows\system32\qagentrt.dll
2009-10-07 00:04 150,528 -------- c:\windows\system32\qagent.dll
2009-10-07 00:04 144,384 -------- c:\windows\system32\onex.dll
2009-10-07 00:04 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys
2009-10-07 00:01 33,792 -------- c:\windows\system32\mmcperf.exe
2009-10-07 00:01 106,496 -------- c:\windows\system32\mmcfxcommon.dll
2009-10-07 00:01 397,312 -------- c:\windows\system32\mmcex.dll
2009-10-07 00:01 184,320 -------- c:\windows\system32\microsoft.managementconsole.dll
2009-10-06 23:59 37,376 -------- c:\windows\system32\l2gpstore.dll
2009-10-06 23:59 61,440 -------- c:\windows\system32\kmsvc.dll
2009-10-06 23:59 6,144 -------- c:\windows\system32\kbdpash.dll
2009-10-06 23:59 6,144 -------- c:\windows\system32\kbdnepr.dll
2009-10-06 23:59 6,144 -------- c:\windows\system32\kbdiultn.dll
2009-10-06 23:59 6,144 -------- c:\windows\system32\kbdbhc.dll
2009-10-06 23:59 81,920 -------- c:\windows\system32\ieencode.dll
2009-10-06 23:59 1,261 -------- c:\windows\system32\pid.inf
2009-10-06 23:59 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-10-06 23:59 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-10-06 23:59 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-10-06 23:59 32,285 -------- c:\windows\system32\hsfcisp2.dll
2009-10-06 23:57 650,752 -------- c:\windows\system32\dot3ui.dll
2009-10-06 23:57 132,096 -------- c:\windows\system32\dot3svc.dll
2009-10-06 23:57 56,320 -------- c:\windows\system32\dot3msm.dll
2009-10-06 23:57 9,216 -------- c:\windows\system32\dot3dlg.dll
2009-10-06 23:57 57,856 -------- c:\windows\system32\dot3cfg.dll
2009-10-06 23:57 39,936 -------- c:\windows\system32\dot3gpclnt.dll
2009-10-06 23:57 26,112 -------- c:\windows\system32\dot3api.dll
2009-10-06 23:57 39,936 -------- c:\windows\system32\dimsroam.dll
2009-10-06 23:57 19,456 -------- c:\windows\system32\dimsntfy.dll
2009-10-06 23:57 48,640 -------- c:\windows\system32\dhcpqec.dll
2009-10-06 23:57 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-10-06 23:57 12,800 -------- c:\windows\system32\credssp.dll
2009-10-06 23:57 15,423 -------- c:\windows\system32\drivers\ch7xxnt5.dll
2009-10-06 23:55 136,192 -------- c:\windows\system32\aaclient.dll
2009-10-06 21:34 --d----- C:\Lop SD
2009-10-06 20:22 --d----- c:\docume~1\nick\applic~1\Foxit
2009-10-06 20:19 --d----- c:\program files\Foxit Software
2009-10-06 03:42 --d----- c:\program files\COMODO
2009-10-06 00:51 --d----- c:\program files\PCPitstop
2009-10-05 09:17 --d----- c:\program files\SpywareBlaster
2009-10-05 06:54 --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-10-05 04:59 81,984 a------- c:\windows\system32\bdod.bin
2009-10-05 04:34 --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-05 03:33 --d----- c:\program files\CA Yahoo! Anti-Spy
2009-10-05 02:53 --d----- c:\program files\Sonic(3)
2009-10-05 01:16 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-10-04 18:00 --d----- C:\CompChecker
2009-10-04 15:59 --d----- c:\windows\system32\Adobe
2009-10-04 15:49 --d----- c:\program files\Microsoft Calculator Plus
2009-10-04 10:05 --d----- c:\program files\Windows Desktop Search
2009-10-04 10:05 --d----- c:\windows\system32\GroupPolicy
2009-10-04 10:04 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2009-10-04 10:04 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2009-10-04 10:01 2,129,920 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-10-04 10:01 757,760 a------- c:\windows\system32\bcm1xsup.dll
2009-10-03 22:24 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-10-03 20:37 --d----- C:\704b402f06b2fdcf60
2009-10-03 19:28 --d----- C:\12247a022bbc64db5a49de
2009-10-03 17:55 --d----- c:\windows\system32\XPSViewer
2009-10-03 17:49 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-03 17:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-10-03 17:49 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-03 17:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-10-03 17:49 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-03 17:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-10-03 17:49 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-03 17:49 --d----- C:\b41ce4753af1ad03da50fe9e17
2009-10-03 17:35 --d----- C:\bfa107d40d6435033c370a5eb7549a9c
2009-10-03 17:25 --d----- C:\659579abfa336cf57203a3d640c7
2009-10-03 17:15 307,200 a------- c:\windows\system32\BMAPI.dll
2009-10-03 16:58 --d----- c:\documents and settings\nick\SecurityScans
2009-10-03 14:58 --d----- c:\program files\ACW
2009-10-03 09:04 --d----- c:\program files\Sonic(2)
2009-10-03 08:50 --d----- c:\program files\MSXML 6.0
2009-10-03 08:00 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-03 05:45 5,672,032 a------- c:\windows\system32\drivers\igxpmp32.sys
2009-10-03 05:45 2,482,688 a------- c:\windows\system32\igxpdx32.dll
2009-10-03 05:45 1,563,776 a------- c:\windows\system32\igxpdv32.dll
2009-10-03 05:45 204,800 a------- c:\windows\system32\igfxCoIn_v4764.dll
2009-10-03 05:45 149,504 a------- c:\windows\system32\igxpgd32.dll
2009-10-03 05:45 57,344 a------- c:\windows\system32\igxprd32.dll
2009-10-03 05:01 --d----- c:\docume~1\alluse~1\applic~1\Innovative Solutions
2009-10-03 02:27 --d----- C:\AutoRuns
2009-10-02 23:35 3,712 a------- c:\windows\system32\dllcache\ctljystk.sys
2009-10-02 23:34 272,640 a------- c:\windows\system32\dllcache\cinemclc.sys
2009-10-02 23:33 74,240 a------- c:\windows\system32\dllcache\camexo20.dll
2009-10-02 23:32 15,360 a------- c:\windows\system32\dllcache\brmfbidi.dll
2009-10-02 23:31 28,672 a------- c:\windows\system32\dllcache\atinsnxx.sys
2009-10-02 23:30 5,632 a------- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-10-02 23:28 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll

==================== Find3M ====================

2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 10:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 22:48 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:25 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 17:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-31 02:22 15 a------- c:\documents and settings\nick\settings.dat
2009-08-28 06:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2009-08-07 04:48 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 11:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 10:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.DLL

============= FINISH: 22:59:45.51 ===============

[attachment=33750:Attach.txt]
[attachment=33751:ark.txt]

I should add that I received the following error message prior to RR. Is this relevant?
[attachment=33752:Root_Repeal_Error.JPG]

Thank you for all you do!

Edit to Add: BSOD upon booting up this AM related to this entry:

mRun: [UIUCU] c:\docume~1\nick\locals~1\temp\UIUCU.EXE -CLEAN_UP -S

Prior to posting this topic and running requested scans, I had updated several drivers from the Dell Support site. The UIUCU.EXE refers to "Dell 32 Bit Diagnostics (Graphical User Interface version) Utility released 1/17/06, and does not apply to this machine's Chipset. I mistakenly downloaded and the PC "installed" it anyway, with no error notification or dialog box pop-up??? (Screenshots attached) I uninstalled this update using Revo, and have booted-shut down-re-booted...etc several times. Seems ok. (WHEW!)

[attachment=33797:UICI_32_bit_etc.JPG]
[attachment=33798:Dell_Upd..._Chipset.JPG]

Edited by I'mlosthere, 17 October 2009 - 12:30 PM.


BC AdBot (Login to Remove)

 


#2 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:01 AM

Posted 21 October 2009 - 04:14 PM

Mods, please close this topic. Thank you.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:01 AM

Posted 23 October 2009 - 08:02 PM

Closed as requested. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users