Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 handeman

handeman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 24 October 2009 - 06:16 PM

My gateway laptop got the Security Tool malware.
I went online and tried to get it removed. It said to download the Malewarebytes software, but that won't run. I also booted to save mode, found the numbered folder and files in the All Users/Application Data and deleted them. I also scanned the registry for entries with the same numbers in them. I deleted them from the RUN key.
The first time I did this, I ran the restore function on BitDefender because it kept saying services were not available. This brought the Security Tool back. I went through safe mode and the registry again and remove BitDefender and reloaded. It came up and ran, scanned, and eliminated 3 or 4 virus/trogans. Security Tool came back again. I went through the safe mode and registry again. This time AdAware bubble popped up. Clicking on that brought Security Tool back.
All anti-spyware, anti-virus was uninstalled. The safe mode cleaning was done, the registry was searched. BitDefender will not run when installed. When opening IE, the Security Tool popups come up although I haven't gotten the application popup yet.


Here are the three files as requested.

Please help. I can reformat and reinstall xp but I've been trying to avoid that. I have a student version of Office 2007 I paid $50 for and can't download again because it's after 30 days. I really don't want to have to buy it again.

Thanks....



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-24.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/15/2007 2:28:49 PM
System Uptime: 10/24/2009 1:28:00 PM (5 hours ago)

Motherboard: Gateway | | MX6453
Processor: AMD Turion™ 64 X2 Mobile Technology TL-52 | Socket M2/S1G1 | 1596/200mhz
Processor: AMD Turion™ 64 X2 Mobile Technology TL-52 | Socket M2/S1G1 | 1595/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 93.802 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 3.237 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0001
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0001
Service: hamachi

==== System Restore Points ===================

RP623: 7/27/2009 9:30:07 AM - Software Distribution Service 3.0
RP624: 7/27/2009 3:39:54 PM - Removed Yugioh Virtual Dueling
RP625: 7/27/2009 3:50:54 PM - Installed Yugioh Virtual Dueling
RP626: 7/28/2009 9:23:02 PM - Software Distribution Service 3.0
RP627: 7/29/2009 11:13:37 AM - Software Distribution Service 3.0
RP628: 7/30/2009 10:43:38 AM - Software Distribution Service 3.0
RP629: 7/31/2009 10:09:48 AM - Software Distribution Service 3.0
RP630: 8/1/2009 11:06:50 AM - Software Distribution Service 3.0
RP631: 8/2/2009 9:48:06 AM - Software Distribution Service 3.0
RP632: 8/3/2009 11:15:12 AM - Software Distribution Service 3.0
RP633: 8/4/2009 9:34:59 AM - Software Distribution Service 3.0
RP634: 8/5/2009 10:00:20 AM - Software Distribution Service 3.0
RP635: 8/6/2009 9:17:53 AM - Software Distribution Service 3.0
RP636: 8/7/2009 9:11:16 AM - Software Distribution Service 3.0
RP637: 8/7/2009 10:59:38 PM - Software Distribution Service 3.0
RP638: 8/9/2009 10:25:54 AM - Software Distribution Service 3.0
RP639: 8/10/2009 10:22:48 AM - Software Distribution Service 3.0
RP640: 8/11/2009 9:01:56 AM - Software Distribution Service 3.0
RP641: 8/12/2009 11:03:18 AM - Software Distribution Service 3.0
RP642: 8/13/2009 10:05:51 AM - Software Distribution Service 3.0
RP643: 8/17/2009 8:10:33 PM - Software Distribution Service 3.0
RP644: 8/18/2009 10:41:22 AM - Software Distribution Service 3.0
RP645: 8/19/2009 9:22:21 AM - Software Distribution Service 3.0
RP646: 8/20/2009 8:35:00 AM - Software Distribution Service 3.0
RP647: 8/21/2009 10:03:24 AM - Software Distribution Service 3.0
RP648: 8/21/2009 10:23:27 PM - Installed Microsoft Office Ultimate 2007
RP649: 8/21/2009 10:39:51 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP650: 8/22/2009 8:36:55 AM - Software Distribution Service 3.0
RP651: 8/23/2009 9:50:07 AM - Software Distribution Service 3.0
RP652: 8/24/2009 6:22:52 AM - Software Distribution Service 3.0
RP653: 8/25/2009 9:09:35 AM - Software Distribution Service 3.0
RP654: 8/26/2009 8:15:28 AM - Software Distribution Service 3.0
RP655: 8/27/2009 8:34:57 AM - Software Distribution Service 3.0
RP656: 8/28/2009 10:00:01 AM - Software Distribution Service 3.0
RP657: 8/29/2009 3:00:35 AM - Software Distribution Service 3.0
RP658: 8/30/2009 10:38:29 AM - Software Distribution Service 3.0
RP659: 8/31/2009 7:08:03 AM - Software Distribution Service 3.0
RP660: 8/31/2009 11:14:25 PM - Software Distribution Service 3.0
RP661: 9/2/2009 8:05:12 AM - Software Distribution Service 3.0
RP662: 9/3/2009 8:05:03 AM - Software Distribution Service 3.0
RP663: 9/4/2009 10:16:54 AM - Software Distribution Service 3.0
RP664: 9/5/2009 10:13:33 AM - Software Distribution Service 3.0
RP665: 9/6/2009 9:39:13 AM - Software Distribution Service 3.0
RP666: 9/7/2009 11:16:02 AM - Software Distribution Service 3.0
RP667: 9/8/2009 9:49:28 PM - System Checkpoint
RP668: 9/9/2009 8:57:57 AM - Software Distribution Service 3.0
RP669: 9/10/2009 8:34:22 AM - Software Distribution Service 3.0
RP670: 9/11/2009 10:17:47 AM - Software Distribution Service 3.0
RP671: 9/12/2009 11:14:46 AM - Software Distribution Service 3.0
RP672: 9/13/2009 10:43:41 AM - Software Distribution Service 3.0
RP673: 9/14/2009 6:11:03 AM - Software Distribution Service 3.0
RP674: 9/14/2009 7:31:44 PM - Installed Java™ SE Development Kit 6 Update 11
RP675: 9/15/2009 8:42:50 AM - Software Distribution Service 3.0
RP676: 9/16/2009 8:58:09 AM - Software Distribution Service 3.0
RP677: 9/16/2009 6:42:25 PM - Software Distribution Service 3.0
RP678: 9/16/2009 7:10:21 PM - Software Distribution Service 3.0
RP679: 9/17/2009 9:14:17 AM - Software Distribution Service 3.0
RP680: 9/18/2009 10:47:23 AM - Software Distribution Service 3.0
RP681: 9/19/2009 8:09:18 AM - Software Distribution Service 3.0
RP682: 9/20/2009 10:12:28 AM - Software Distribution Service 3.0
RP683: 9/21/2009 7:07:54 AM - Software Distribution Service 3.0
RP684: 9/22/2009 8:07:31 AM - Software Distribution Service 3.0
RP685: 9/22/2009 8:47:18 AM - Unsigned driver install
RP686: 9/22/2009 9:11:50 AM - Unsigned driver install
RP687: 9/23/2009 8:24:05 AM - Software Distribution Service 3.0
RP688: 9/23/2009 2:08:31 PM - Installed Windows Media Player 11
RP689: 9/23/2009 2:12:14 PM - Installed Windows XP MSCompPackV1.
RP690: 9/23/2009 2:13:50 PM - Installed Windows XP KB926239.
RP691: 9/24/2009 8:39:45 AM - Software Distribution Service 3.0
RP692: 9/25/2009 10:17:08 AM - Software Distribution Service 3.0
RP693: 9/26/2009 10:18:28 AM - Software Distribution Service 3.0
RP694: 9/27/2009 10:56:44 AM - Software Distribution Service 3.0
RP695: 9/28/2009 7:10:20 AM - Software Distribution Service 3.0
RP696: 9/29/2009 8:37:06 AM - Software Distribution Service 3.0
RP697: 9/30/2009 8:41:42 AM - Software Distribution Service 3.0
RP698: 10/1/2009 10:58:54 AM - Software Distribution Service 3.0
RP699: 10/2/2009 7:01:05 PM - Software Distribution Service 3.0
RP700: 10/3/2009 9:47:59 AM - Software Distribution Service 3.0
RP701: 10/4/2009 3:00:27 AM - Software Distribution Service 3.0
RP702: 10/5/2009 7:10:52 AM - Software Distribution Service 3.0
RP703: 10/6/2009 8:48:22 AM - Software Distribution Service 3.0
RP704: 10/7/2009 8:50:08 AM - Software Distribution Service 3.0
RP705: 10/17/2009 8:16:10 PM - Removed BitDefender Antivirus 2009
RP706: 10/17/2009 8:32:35 PM - Installed BitDefender Antivirus 2009
RP707: 10/17/2009 10:14:25 PM - Installed Windows Defender
RP708: 10/20/2009 2:47:10 PM - System Checkpoint
RP709: 10/21/2009 4:13:53 PM - System Checkpoint
RP710: 10/22/2009 11:03:25 PM - Removed BitDefender Antivirus 2009
RP711: 10/22/2009 11:13:53 PM - Installed BitDefender Antivirus 2009
RP712: 10/24/2009 12:12:46 PM - Removed Windows Defender
RP713: 10/24/2009 12:20:51 PM - Removed BitDefender Antivirus 2009
RP714: 10/24/2009 1:05:07 PM - Installed BitDefender Antivirus 2009
RP715: 10/24/2009 1:18:39 PM - Removed BitDefender Antivirus 2009
RP716: 10/24/2009 1:25:20 PM - Installed BitDefender Antivirus 2009

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
AAC Decoder
Acoustica CD/DVD Label Maker
Action Replay Code Manager
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
America Online (Choose which version to remove)
AnalogX Capture
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Apple Software Update
Astro Gemini Screensaver Manager 1.2
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe 1.0
BigFix
Bink and Smacker
BitDefender Antivirus 2009
Blender (remove only)
BlueJ 2.5.2
Broadcom 802.11 Network Adapter
Browser Address Error Redirector
Choice Guard
Critical Update for Windows Media Player 11 (KB959772)
Deck Studio
Desktop XP Screensaver Manager 1.2
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Solution
Express Rip
getPlus®_ocx
GIMP 2.4.5
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Google Video Player
GTK+ 2.10.13 runtime environment
gtw_logo
H.264 Decoder
Hamachi 1.0.2.5
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB970653-v3)
Hoyle Puzzle Games 2003
J2SE Runtime Environment 5.0 Update 2
Java DB 10.4.1.3
Java™ 6 Update 11
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 11
Junk Mail filter update
Jurassic Park Operation Genesis
Kaiba Corp Virtual Duel System 1.4
Learning Essentials for Microsoft Office
Macromedia Shockwave Player
Magic Set Editor 2 - 0.3.8 beta
Malwarebytes' Anti-Malware
McAfee Uninstall Wizard
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Expression Blend 2
Microsoft Expression Design 2
Microsoft Expression Encoder 2
Microsoft Expression Media 2 SP2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Fighter Ace II
Microsoft Flight Simulator 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Student 2006 DVD
Microsoft Student Graphing Calculator
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MKV Splitter
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.14)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Napster
Napster Burn Engine
Napster for Windows Media Player
oggcodecs 0.71.0946
OpenOffice.org Installer 1.0
Pixillion Image Converter
Power2Go 4.0
PowerDVD
Prism Video Converter
Pure Networks Port Magic
QuickTime
RealPlayer
Recovery Software Suite Gateway
Rhapsody Player Engine
SCRABBLE
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SigmaTel Audio
Sonic Encoders
StepMania (remove only)
Sunbelt CounterSpy
Switch Sound File Converter
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Ultimate Writing & Creativity Center
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
WeatherBug
WeatherBug Browser Bar - powered by MyWebSearch
WebFldrs XP
Windows Backup Utility
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows Search 4.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Toolbar
Yugioh Virtual Dueling
Zuma Deluxe 1.0
Zumie Search 1.0 build 136

==== Event Viewer Messages From Past Week ========

10/24/2009 12:28:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sajdgops Tcpip
10/21/2009 11:22:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the BitDefender Virus Shield service to connect.
10/21/2009 11:22:25 AM, error: Service Control Manager [7000] - The BitDefender Virus Shield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2009 9:09:05 AM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 0014A5D0D9C3 has been denied by the DHCP server 192.168.1.2 (The DHCP Server sent a DHCPNACK message).
10/19/2009 9:04:49 PM, error: Dhcp [1002] - The IP address lease 10.3.31.43 for the Network Card with network address 0014A5D0D9C3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/19/2009 8:58:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sajdgops
10/19/2009 8:58:25 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
10/19/2009 8:58:20 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/19/2009 7:24:48 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.
10/19/2009 3:08:54 PM, error: Print [19] - Sharing printer failed + 1722, Printer Send To OneNote 2007 share name Printer.
10/18/2009 12:05:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
10/18/2009 12:05:36 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/18/2009 12:05:36 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/18/2009 12:04:50 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE.Manifest. Reference error message: The operation completed successfully. .
10/18/2009 10:26:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
10/18/2009 10:22:45 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
10/17/2009 9:51:32 PM, error: Service Control Manager [7034] - The Broadcom Wireless LAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
10/17/2009 9:51:32 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
10/17/2009 9:51:32 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/17/2009 8:12:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/17/2009 8:12:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/17/2009 8:05:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 bdftdif Fips IPSec NetBT RasAcd sajdgops Tcpip
10/17/2009 8:05:22 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2009 8:05:22 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2009 8:05:22 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2009 8:05:22 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2009 8:05:22 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2009 8:04:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/17/2009 7:22:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp sajdgops
10/17/2009 6:15:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 bdftdif Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sajdgops Tcpip
10/17/2009 3:56:29 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/17/2009 3:52:59 PM, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 240.49.70.102 to a request from a client. The data is the error code.
10/17/2009 3:52:59 PM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 5.0.0.1 on the same network as the interface with IP address 192.168.0.1. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
10/17/2009 3:51:25 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/17/2009 3:47:12 PM, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 172.48.70.102 to a request from a client. The data is the error code.
10/17/2009 3:37:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt Cdr4_xp CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sajdgops sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
10/17/2009 3:31:08 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/17/2009 3:01:57 PM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.168.168 on the same network as the interface with IP address 192.168.0.1. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
10/17/2009 2:37:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips sajdgops
10/17/2009 2:36:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/17/2009 2:36:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ALG with arguments "" in order to run the server: {D6015EC3-FA16-4813-9CA1-DA204574F5DA}

==== End Of File ===========================



DDS (Ver_09-10-24.03) - NTFSx86
Run by Owner at 18:43:10.31 on Sat 10/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/ig?hl=en
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: WeatherBug Browser Bar - powered by MyWebSearch: {8eab99c9-f9ec-4b64-a4ba-d9bcae8779c2} -
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [\\THE-SCREAMER\EPSON Stylus CX4600 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fati9aa.exe /p41 "\\the-screamer\EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [\\THE-SCREAMER\EPSON Stylus CX4600 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fati9aa.exe /p41 "\\the-screamer\EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
mRun: [ludobokas] Rundll32.exe "c:\windows\system32\vodarowo.dll",a
mRun: [BDWizReg] "c:\program files\bitdefender\bitdefender 2009\bdwizreg.exe" /complete
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\ma\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: kdbctp - c:\program files\windows media player\visualizations\kdbctp.dll
Notify: ljJYQKef - ljJYQKef.dll
AppInit_DLLs: s\system32\tegavipo.dll c:\windows\system32\difoyuro.dll c:\windows\system32\hupetetu.dll kenahapu.dll c:\windows\system32\sabewapo.dll c:\windows\system32\butazaji.dll c:\windows\system32\birizofu.dll c:\windows\system32\vodarowo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: jesibohez - {49782979-4598-4de1-afbb-2fc30f6cc121} -
SSODL: yikupijud - {68002c1a-2e82-4f78-a125-2a25bae166e7} -
SSODL: guhokazap - {58603acd-19d8-425a-bdbb-b6142427a28d} - c:\windows\system32\tegavipo.dll
SSODL: yarovilil - {ddfd92c2-6e62-43b1-8607-728c109743ad} - c:\windows\system32\difoyuro.dll
SSODL: juvetenov - {5f1995f5-20b7-4380-8e27-5f8e0e92d993} - c:\windows\system32\hupetetu.dll
SSODL: naranivon - {7019f9b8-83ad-4ce1-9a42-403b80267323} - c:\windows\system32\sabewapo.dll
SSODL: filupopaz - {cd438e10-5bb1-43e6-b3cf-66cc4952f640} - c:\windows\system32\butazaji.dll
SSODL: velohalos - {96b75210-9f6a-4be1-8d0f-c48ee9128c40} - c:\windows\system32\birizofu.dll
SSODL: nipuvizen - {1aa8a109-d456-463c-bf46-890fa7bd1ba6} - c:\windows\system32\vodarowo.dll
STS: {49782979-4598-4de1-afbb-2fc30f6cc121}: mujuzedij
STS: {68002c1a-2e82-4f78-a125-2a25bae166e7}: gahurihor
STS: kupuhivus: {58603acd-19d8-425a-bdbb-b6142427a28d} - c:\windows\system32\tegavipo.dll
STS: tokatiluy: {ddfd92c2-6e62-43b1-8607-728c109743ad} - c:\windows\system32\difoyuro.dll
STS: kupuhivus: {5f1995f5-20b7-4380-8e27-5f8e0e92d993} - c:\windows\system32\hupetetu.dll
STS: tokatiluy: {7019f9b8-83ad-4ce1-9a42-403b80267323} - c:\windows\system32\sabewapo.dll
STS: gahurihor: {cd438e10-5bb1-43e6-b3cf-66cc4952f640} - c:\windows\system32\butazaji.dll
STS: mujuzedij: {96b75210-9f6a-4be1-8d0f-c48ee9128c40} - c:\windows\system32\birizofu.dll
STS: gahurihor: {1aa8a109-d456-463c-bf46-890fa7bd1ba6} - c:\windows\system32\vodarowo.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = cecli scecli scecli scecli scecli sirifiwi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.jas\applic~1\mozilla\firefox\profiles\4ypg6fdo.jason\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gapg&hl=en
FF - component: c:\documents and settings\owner.jasonslaptop\application data\mozilla\firefox\profiles\4ypg6fdo.jason\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{635471BB-00C1-4781-B86C-06A9794B5B4B}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-24 22:35:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 22:35:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 22:35:50 0 d-----w- c:\program files\MA
2009-10-24 18:02:07 192512 ----a-w- c:\windows\system32\txmlutil.dll.upd
2009-10-24 17:26:07 0 d-----w- c:\docume~1\owner~1.jas\applic~1\BitDefender
2009-10-24 17:25:33 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-21 14:35:35 70 ----a-w- c:\windows\wininit.ini
2009-10-18 02:29:37 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-18 01:43:20 121 ----a-w- c:\windows\bdagent.INI
2009-10-17 18:49:02 0 d-----w- c:\program files\IObit
2009-10-17 18:49:02 0 d-----w- c:\docume~1\owner~1.jas\applic~1\IObit
2009-10-17 18:34:09 34360 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-10-05 22:50:39 0 d-----w- c:\documents and settings\owner.jasonslaptop\New Folder

==================== Find3M ====================

2009-10-24 18:02:07 242184 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-10-24 18:02:06 111112 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-10-21 15:20:52 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-22 14:17:12 38912 --sha-w- c:\windows\system32\bahezido.dll
2009-07-19 18:26:19 39424 --sha-w- c:\windows\system32\begakipu.dll
2009-07-17 23:49:55 1112371 --sha-w- c:\windows\system32\birayeki.exe
2009-02-10 19:35:48 53102 --sha-w- c:\windows\system32\dLRsttwa.ini2
2009-07-18 14:23:29 38400 --sha-w- c:\windows\system32\dobafigi.dll
2009-07-24 15:19:10 38400 --sha-w- c:\windows\system32\fapavifa.dll
2009-07-24 15:19:10 1011747 --sha-w- c:\windows\system32\gugatemi.exe
2009-07-23 14:17:37 1051682 --sha-w- c:\windows\system32\higubuli.exe
2009-07-24 02:18:05 38400 --sha-w- c:\windows\system32\jakiyodo.dll
2009-07-23 02:17:13 1050658 --sha-w- c:\windows\system32\jarugimo.exe
2009-07-20 15:35:48 1011600 --sha-w- c:\windows\system32\jinuyeju.exe
2009-07-21 14:18:25 52224 --sha-w- c:\windows\system32\kenahapu.dll
2009-07-21 14:17:38 38400 --sha-w- c:\windows\system32\kokemabo.dll
2009-07-17 23:49:55 51712 --sha-w- c:\windows\system32\lijuhidi.dll
2009-07-23 02:17:13 38912 --sha-w- c:\windows\system32\lowopami.dll
2009-07-08 02:54:38 1982 --sha-w- c:\windows\system32\nehokaki.dll
2009-07-18 14:23:28 1081890 --sha-w- c:\windows\system32\nemudodi.exe
2009-07-21 14:17:38 52224 --sha-w- c:\windows\system32\nizedage.dll
2009-07-23 14:17:37 37888 --sha-w- c:\windows\system32\pihuyeha.dll
2009-07-24 02:18:05 1051682 --sha-w- c:\windows\system32\pumegiji.exe
2009-07-20 15:35:40 38400 --sha-w- c:\windows\system32\rijikoyi.dll
2009-07-21 14:18:25 52224 --sha-w- c:\windows\system32\sirifiwi.dll
2009-07-22 14:17:12 1052194 --sha-w- c:\windows\system32\tajavota.exe
2009-07-19 02:22:45 38400 --sha-w- c:\windows\system32\tidadegi.dll
2009-07-21 14:17:38 1050658 --sha-w- c:\windows\system32\vetaweyo.exe
2009-07-24 15:19:10 89600 --sha-w- c:\windows\system32\vodarowo.dll
2009-07-22 02:17:17 38912 --sha-w- c:\windows\system32\vorosuka.dll
2009-07-21 14:18:25 52224 --sha-w- c:\windows\system32\wefeyubi.dll
2009-07-22 02:17:17 1051682 --sha-w- c:\windows\system32\yejimoya.exe
2009-07-19 18:26:19 1050658 --sha-w- c:\windows\system32\yevilido.exe
2009-07-17 23:49:55 38400 --sha-w- c:\windows\system32\zodavula.dll
2008-08-19 15:37:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 18:44:00.01 ===============




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/24 18:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE35F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "sbhr.sys" at address 0xbace8514

#: 041 Function Name: NtCreateKey
Status: Hooked by "sbhr.sys" at address 0xbace8552

#: 119 Function Name: NtOpenKey
Status: Hooked by "sbhr.sys" at address 0xbace84d0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sbhr.sys" at address 0xbace85a2

==EOF==

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:21 AM

Posted 01 November 2009 - 11:13 AM

Hello handeman

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 handeman

handeman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 01 November 2009 - 08:15 PM

Sorry for taking up your time. Found out we were given a three day window to re-download MS Office. Wiped the disk and reinstalled the OS and all programs. Original problems fixed.

thanks

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:21 AM

Posted 02 November 2009 - 07:49 AM

No problem and you are welcome :(


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users