Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Trojan and RUNDLL error popup (c:\windows\system32\fohiyute.dll) on startup


  • This topic is locked This topic is locked
9 replies to this topic

#1 dky

dky

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 31 October 2009 - 12:03 AM

I've been receiving a Run DLL error message upon starting up my computer. This started earlier today after I received a vundo trojan notice from my ad-aware program. I've tried to use malwarebytes and superantispyware both of which I already had installed on the computer however both will not start anymore. Furthermore the Malwarebytes shortcut was automatically deleted/disabled upon receiving this notification.

I have tried to start up my system in safe-mode but something is preventing me from doing so. When trying I noticed after having to start normally some boot cleaning process started up before the windows desktop appeared.

I have since downloaded spyware doctor from the google pack and ran scans that showed the trojan among other things which I performed the remove and quarantine process. After that I downloaded spy bot search and destroy and ran the scan and it showed my computer to be clear. However I am still receiving the Run DLL error as well as not being able to run Malwarebytes or Super Anti Spyware or start my system in safe mode.

This particular problem started today however in the past week and a half I have had 2 trojan problems stop my ability to run Malwarebytes (in particular) and start my computer in Safe-mode. I was able to solve the 2 prior problems myself by downloading Super Anti Spyware to remove the "blocker" and then run Malwarebytes to remove what ever was left. It seems that I may have not gotten everything. The two prior instances were also Trojans but I don't recall the names. Also I have noticed an increase in CPU usage (looking at the task manager) though this could be due to the active spyware doctor and spybot protection. Don't know if this is relevant but of the prior trojan problems one prevented me from opening the task manager and would make my desktop go blank (remove all icons and start bar leaving only the background image), however I don't have that problem anymore after using superantispyware followed by Malwarebytes.

Hope this helps I am not too versed with all of this. I would greatly appreciate any help.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Dan Yap at 22:58:19.76 on Fri 10/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.965 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\AsScrPro.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Dan Yap\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Dan Yap\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6a4c0783-b3a4-44e7-a389-1dc8a3413066} - wabifawo.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dan yap\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EEESplendidAR] c:\program files\asus\epc\eeesplendid\AutoRun.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [banawifep] Rundll32.exe "c:\windows\system32\fohiyute.dll",a
mRun: [vavinadase] Rundll32.exe "fasamifo.dll",s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links using BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\aibelive\voicec~1\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: zedisubo.dll c:\windows\system32\molafabo.dll lovebudo.dll c:\windows\system32\zefizapu.dll c:\windows\system32\fohiyute.dll,puraviyu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: peyijodes - {877e72bd-de97-437a-8261-e62d1a6968be} - c:\windows\system32\zefizapu.dll
SSODL: dotarofom - {59d7f10d-cfa9-43d3-8024-e24a3ae3dcfc} - c:\windows\system32\fohiyute.dll
STS: mujuzedij: {877e72bd-de97-437a-8261-e62d1a6968be} - c:\windows\system32\zefizapu.dll
STS: jugezatag: {59d7f10d-cfa9-43d3-8024-e24a3ae3dcfc} - c:\windows\system32\fohiyute.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli masoyefa.dll kalomawu.dll fasamifo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\danyap~1\applic~1\mozilla\firefox\profiles\dszvpxtl.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\dan yap\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\dan yap\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dan yap\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-16 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-30 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-16 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-16 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-16 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-16 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-22 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-30 358600]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2009-6-22 10752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 39424]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\dan yap\my documents\downloads\sabkutil.sys --> c:\documents and settings\dan yap\my documents\downloads\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-17 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-10-31 02:50:11 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-31 02:50:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-30 23:42:25 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-30 23:42:25 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-30 23:41:55 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-30 23:41:55 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-30 23:41:55 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-30 23:41:55 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-30 23:41:36 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-30 23:41:36 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-30 23:41:03 0 d-----w- c:\program files\common files\PC Tools
2009-10-30 23:41:02 0 d-----w- c:\program files\Spyware Doctor
2009-10-30 23:41:02 0 d-----w- c:\docume~1\danyap~1\applic~1\PC Tools
2009-10-30 23:41:02 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-30 23:31:05 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-10-30 23:31:05 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-10-30 23:30:53 0 d-----w- c:\windows\system32\IOSUBSYS
2009-10-29 05:15:33 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-26 07:29:04 0 d-----w- c:\program files\SpywareBlaster
2009-10-21 01:42:02 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-21 01:40:07 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-21 01:40:07 0 d-----w- c:\docume~1\danyap~1\applic~1\SUPERAntiSpyware.com
2009-10-21 01:39:22 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-19 05:10:38 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-16 23:59:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-16 23:59:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 22:38:16 76712 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-07 03:35:59 0 d-----w- c:\docume~1\danyap~1\applic~1\Runtime Revolution
2009-10-01 06:40:24 0 d-----w- c:\program files\iPod
2009-10-01 06:40:17 0 d-----w- c:\program files\iTunes
2009-10-01 06:40:17 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-10-29 05:15:22 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-23 12:55:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 08:19:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-07 00:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-30 22:20:19 52224 --sha-w- c:\windows\system32\fasamifo.dll
2009-07-30 22:19:42 52224 --sha-w- c:\windows\system32\hujutowo.dll
2009-07-30 22:19:42 91136 --sha-w- c:\windows\system32\mojebeji.dll
2009-07-30 22:20:19 52224 --sha-w- c:\windows\system32\puraviyu.dll
2009-07-30 22:20:19 52224 --sha-w- c:\windows\system32\wabifawo.dll
2009-07-17 10:27:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009071720090718\index.dat
2009-07-17 10:27:18 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-17 10:27:18 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-17 10:27:18 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 23:00:24.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:50 AM

Posted 31 October 2009 - 06:53 AM

Hi dky,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do.
    • Run Spybot-S&D
    • Go to the Mode menu, and make sure Advanced Mode is selected
    • On the left hand side, choose Tools -> Resident
    • Uncheck Resident TeaTimer and OK any prompts
    • Restart your computer.
    Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

    Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either AVG or Spyware Doctor.

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#3 dky

dky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 01 November 2009 - 06:21 AM

Hi Farbar thank you for the quick response however the problem seems to have taken a turn for the worse right now.

First off I think it's appropriate to tell you I am at this moment replying using my friend's computer which I have borrowed for in the mean time. This is because after my initial post I shut down my computer (which is an asus eee pc 1005ha by the way netbook). Upon trying to turn it back on the next morning to see if I got a response from you my computer doesn't allow me to boot back into windows at all! When I turn it on i reach a screen stating:

"We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this.
If your computer stopped responding, restarted unexpectedly, or was automatically shut down to protect your files and folders, choose Last Known Good Configuration to revert to the most recent settings that worked.
If previous startup attempt was interrupted due to a power failure of because the Power of Reset button was pressed, or if you aren't sure what caused the problem, choose Start Windows Normally.
(choices:)
Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt
Last Known Good Configuration
Start Windows Normally"

I have tried all the choices however what happens after I choose any of them is that some fast script will scroll down the screen, then a blue screen will flash for about 1 second, and finally it brings me back to the same message screen with the same choices. I cannot progress in anyway beyond this menu screen.

I have tried to boot up my recovery partition by pressing F9 when starting the computer but it won't let me, I end up at the same menu. I have also tried to boot up my bios F2 but it won't let me do that either, I end up at the same menu. I have a recovery DVD as well but don't know how much good that will do if I can't get past the menu at all. Furthermore I don't have a optical drive on the netbook or an external optical drive at my disposal.

Please help in anyway. I literally posted the other night on the forum and shut down my computer without touching or doing anything else and now I can't boot up my computer at all. I am wondering if my only option now is to take it to a computer repair shop to physically wipe out my hard drive and try to restore back to factory settings. I wouldn't mind losing the data and having to restore back to factory (which I tried to do pressing F9) since I have my data backed up. But if my only option is to take it to a shop it will cost $90 to do that. My computer only cost $380. That's a quarter of the cost! Please help thank you for your time.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:50 AM

Posted 01 November 2009 - 09:01 AM

It seems without an optical drive there is not much to do. Just for a last attempt disconnect the notebook from the power. Use it until the battery is empty. Hold done the power/reset button after that until the internal battery is also empty hoping it will cause the BIOS to be reset to the factory default. Then connect it to the power and restart, check if the F2 or F9 key work.

#5 dky

dky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 01 November 2009 - 07:20 PM

It seems without an optical drive there is not much to do. Just for a last attempt disconnect the notebook from the power. Use it until the battery is empty. Hold done the power/reset button after that until the internal battery is also empty hoping it will cause the BIOS to be reset to the factory default. Then connect it to the power and restart, check if the F2 or F9 key work.


OMG! It worked! I did exactly what you said and now my netbook has reset to factory settings after doing the F9 system restore! Thank you so much!

I did have an additional question. Now that my PC has reset to it's factory settings is it safe to assume anything that was affecting the computer should have been wiped out. After hitting F9 I had to go through the initial windows XP startup process (selecting time zone, Location, Language, Keyboard layout, etc.). Am I in the clear now or should I immediately download software such as Malwarebytes to do additional cleaning. I plan to download it anyway but is my computer still infected with stuff after the restore?

What are my next steps? Thank you!

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:50 AM

Posted 02 November 2009 - 01:20 AM

Great. :(

When the BIOS is reset and you restore the OS it should usually be safe. But to make sure we will check it.
  • Please perform the following scan:
    • Download DDS by sUBs from the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run. When done it will open two logs:
      • DDS.txt
      • Attach.txt
    • Copy and paste the logs to your reply.
  • Download RootRepeal.exe from one of these download locations and save it to your desktop:
    http://download.bleepingcomputer.com/rootr.../RootRepeal.exe
    http://ad13.geekstogo.com/RootRepeal.exe
    http://rootrepeal.psikotick.com/RootRepeal.exe
    • Open Posted Image on your desktop.
    • Click the Posted Image tab.
    • Click the Posted Image button.
    • Check all seven boxes: Posted Image
    • Click Ok.
    • Check the box for your main system drive (Usually C:), and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


#7 dky

dky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 02 November 2009 - 06:23 AM

Alright here are the posted txt of the scans.

I probably should inform you that upon doing my initial setup of windows after the recovery I did do a windows update for the security packs and etc. and also updated back to the asus eee pc 1005ha bios that I had running on the computer before the attacks (which is ever since I bought the computer this past summer). I hope that doesn't interferre. If so I will gladly do another restore to factory and re-do the scans. Please let me know.

Here are the txt.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Dan Yap at 5:10:20.29 on Sun 11/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1523 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\AsScrPro.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Dan Yap\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257066756578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257066748859
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\aibelive\voicec~1\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-22 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2009-6-22 10752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-11-01 20:03:12 524288 ----a-w- c:\windows\1005HA-ASUS-0601.ROM
2009-11-01 19:03:13 524288 ---ha-w- C:\1005HA.ROM
2009-11-01 19:02:25 394656 ----a-w- c:\windows\1005HA-ASUS-0601.zip
2009-11-01 16:02:30 0 d-sh--w- c:\documents and settings\dan yap\PrivacIE
2009-11-01 10:08:39 0 d-sh--w- c:\documents and settings\dan yap\IETldCache
2009-11-01 10:01:15 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-01 10:01:02 0 d-----w- c:\windows\ie8updates
2009-11-01 10:00:54 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-01 10:00:54 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-01 10:00:21 0 dc-h--w- c:\windows\ie8
2009-11-01 09:22:44 0 d-----w- c:\windows\system32\XPSViewer
2009-11-01 09:22:16 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-01 09:22:16 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-01 09:22:16 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-01 09:22:16 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-01 09:22:16 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-01 09:22:16 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-01 09:22:16 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-01 09:22:15 0 d-----w- C:\b6545f58b080ad54c6acd4bd2d4ad6
2009-11-01 09:16:03 0 d-----w- c:\windows\system32\PreInstall
2009-11-01 09:12:53 23576 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-11-01 09:00:55 0 d-----w- c:\program files\EASEUS
2009-11-01 08:08:03 8192 ----a-w- c:\windows\REGLOCS.OLD

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 5:10:52.71 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/1/2009 3:12:26 AM
System Uptime: 11/1/2009 6:05:33 AM (-1 hours ago)

Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel® Atom™ CPU N280 @ 1.66GHz | PBGA 437 | 1666/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 134.7 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.417 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 11/1/2009 3:12:30 AM - System Checkpoint
RP2: 11/1/2009 4:15:56 AM - Software Distribution Service 3.0
RP3: 11/1/2009 4:19:08 AM - Software Distribution Service 3.0
RP4: 11/1/2009 4:45:05 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Asus ACPI Driver
ASUS VIBE
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Choice Guard
Compatibility Pack for the 2007 Office system
Data Sync
Eee Docking 1.3.4.0
Eee PC_1005HA Screen Saver
Eee Storage
EeeSplendid
EzMessenger
FontResizer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB970653-v3)
Intel® Graphics Media Accelerator Driver
Junk Mail filter update
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSVCRT
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype™ 3.6
Super Hybrid Engine
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
Voice Command EN Trial Version
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11

==== Event Viewer Messages From Past Week ========

11/1/2009 4:06:41 AM, error: PlugPlayManager [11] - The device Root\LEGACY_EUGDIDRV\0000 disappeared from the system without first being prepared for removal.
11/1/2009 3:55:25 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57597 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|207.229.176.99:123->207.46.197.32:123) is working properly.
11/1/2009 3:55:05 AM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 0026185EB21F has been denied by the DHCP server 216.80.19.59 (The DHCP Server sent a DHCPNACK message).
11/1/2009 3:54:50 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/1/2009 11:01:19 AM, error: Dhcp [1002] - The IP address lease 207.229.176.99 for the Network Card with network address 0026185EB21F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/01 05:12
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x971FF000 Size: 892928 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA188000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\dan yap\local settings\temp\~df751b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\dan yap\local settings\temp\~df8720.tmp
Status: Allocation size mismatch (API: 65536, Raw: 16384)

Path: c:\documents and settings\dan yap\local settings\temp\~dfe862.tmp
Status: Allocation size mismatch (API: 98304, Raw: 16384)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\spellcheck[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\rte-align-center[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\rte-code-button[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\rte-indent[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\whistling[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\mellow[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\attach_logo[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\attach_wait[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\icon12[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\icon6[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\icon8[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\1HK5J1B6\index[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\hysterical[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\icon14[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\icon2[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\icon5[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\index[2].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\ips_attach[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\dry[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\stat_gzip[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\rte-align-left[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\rte-align-right[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\rte-email-button[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\rte-quote-button[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\8LS71VE4\rte-toggle-options[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\in_love[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\thumbup[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\attach_ok[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\rte-bbcode-help-sm[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\rte-dd-bg[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\rte-outdent[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\mad[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\icon10[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\icon11[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\icon3[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\icon7[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\icon9[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\crazy[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\O4MRWX47\rte_tile[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\stat_load[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\stat_sql[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\stat_time[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\icon13[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\icon1[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\icon4[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\thumbup2[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\dance[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\wacko[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\rte-emoticon[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\rte-image-button[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\rte-ipd-tag[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\rte-link-button[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\rte-list-numbered[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Dan Yap\Local Settings\Temporary Internet Files\Content.IE5\T11MZI3O\rte-list[1].gif
Status: Could not get file information (Error 0xc0000008)

==EOF==

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:50 AM

Posted 02 November 2009 - 12:23 PM

Updating Windows and the rest were very important and necessary. :(

Everything looks good.

What you need to install as fast as possible is an antivirus and an antimalware/antispyware.

Either you can install AVG 9 or Avira (but never two antiviruses at the same time)

Also install Malwarbytes and keep it updated.

I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is. If you installed AVG you don't need this any more as it has a Link Scanner that does the same thing.

I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.

If you have no question I wish you happy surfing. :(

#9 dky

dky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 02 November 2009 - 02:24 PM

Thank you so much Farbar! :(

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:50 AM

Posted 02 November 2009 - 02:33 PM

You are most welcome, glad I could help. :(

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users