Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with virus of some sort not sure what kind it is?


  • This topic is locked This topic is locked
2 replies to this topic

#1 sincere

sincere

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 06 April 2010 - 11:16 AM

I made a log with hijackthis. I tried to use the gmer program as well as ddr. However whenever i try to start the program my computer screen turns blue and displays a fatal error and restarts.

Also i have tried to install and use antispyware malware programs, however it denies me access to update the database because of a proxy server error.Also when i browse the internet a get a redirect to a fake google site,and online scan, or a box that says you cannot access the page unless you allow the software by microsoft browser tool to be installed.

I also have added my DDS results. I tried to use Combofix however when i try it just restarts my computer and i get this error:

PXE-E61:Media test fail,check cable
PXE-MOF:Exit Broadcom,PXE ROM
Cardbus NIC bootfail
No bootable devices F1 to reboot,F2 for setup utility

I am using a dell inspirion laptop with windows 7 ultimate os. 512mb with 40gb.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:58 AM, on 4/6/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AusLogics BoostSpeed\BoostSpeed.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\WINDOWS.OLD\PROGRAM FILES\A-SQUARED FREE\a2service.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6108 bytes







DDS (Ver_10-03-17.01) - NTFSx86
Run by steve dye at 17:01:51.46 on Tue 04/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.511.146 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\steve dye\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Auslogics BoostSpeed 4] c:\program files\auslogics boostspeed\boostspeed.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-4-5 583640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [2009-7-13 242176]
S2 a2free;a-squared Free Service;"c:\windows.old\program files\a-squared free\a2service.exe" --> c:\windows.old\program files\a-squared free\a2service.exe [?]
S2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-6 303952]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-6 20824]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-3-1 27192]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]

=============== Created Last 30 ================

2010-04-06 21:00:38 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-06 19:50:18 0 d-s---w- C:\ComboFix
2010-04-06 18:53:53 98816 ----a-w- c:\windows\sed.exe
2010-04-06 18:53:53 77312 ----a-w- c:\windows\MBR.exe
2010-04-06 18:53:53 261632 ----a-w- c:\windows\PEV.exe
2010-04-06 18:53:53 161792 ----a-w- c:\windows\SWREG.exe
2010-04-06 14:35:53 125333962 ----a-w- c:\windows\MEMORY.DMP
2010-04-06 13:20:53 0 d-----w- c:\program files\Trend Micro
2010-04-06 12:30:16 0 d-----w- c:\windows\system32\Wat
2010-04-06 12:10:56 0 d-----w- c:\users\steved~1\appdata\roaming\Auslogics
2010-04-06 12:03:19 0 d-----w- c:\users\steved~1\appdata\roaming\Malwarebytes
2010-04-06 12:02:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 12:02:47 0 d-----w- c:\programdata\Malwarebytes
2010-04-06 12:02:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 12:02:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 05:42:35 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-06 05:42:34 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-06 05:39:39 0 d-----w- c:\programdata\Kaspersky Lab
2010-04-06 05:39:39 0 d-----w- c:\program files\Kaspersky Lab
2010-04-06 05:30:32 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-04-06 05:03:02 0 d-----w- c:\programdata\Sun
2010-04-06 05:02:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-06 04:16:13 52 ----a-w- c:\windows\system32\ashttpstats.csv
2010-04-06 03:28:30 0 d---a-w- c:\programdata\TEMP
2010-04-06 03:27:37 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-04-06 03:27:36 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-04-06 03:27:36 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-04-06 03:27:35 506368 ----a-w- c:\windows\system32\msxml.dll
2010-04-06 03:27:33 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-04-06 03:27:04 0 d-----w- c:\program files\common files\PC Tools
2010-04-06 03:18:42 0 d-----w- c:\users\steved~1\appdata\roaming\uTorrent
2010-04-06 03:08:36 0 d-----w- c:\users\steved~1\appdata\roaming\WinPatrol
2010-04-06 02:45:10 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-04-06 02:45:10 16 ----a-w- c:\windows\system32\asdict.dat
2010-04-06 02:40:24 0 d-----w- c:\windows\Panther
2010-04-06 02:26:38 0 d-----w- c:\users\steved~1\appdata\roaming\BitDefender
2010-04-06 02:26:38 0 d-----w- c:\programdata\BitDefender
2010-04-06 02:26:38 0 d-----w- c:\program files\BitDefender
2010-04-06 01:53:09 0 d-----w- c:\program files\common files\BitDefender
2010-04-06 01:46:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-06 01:34:10 0 d-----w- c:\programdata\Yahoo! Companion
2010-04-06 01:33:26 0 d-----w- c:\programdata\Yahoo!
2010-04-06 01:26:39 0 d-----w- c:\windows\system32\Adobe
2010-04-06 01:18:09 0 d-----w- c:\programdata\Adobe
2010-04-06 01:16:00 0 d-----w- c:\programdata\NOS
2010-04-06 00:51:29 264440 ----a-w- c:\windows\system32\drivers\stac97.sys
2010-04-06 00:51:29 102481 ----a-w- c:\windows\system32\stac97.cpl
2010-04-06 00:51:29 0 d-----w- c:\program files\SigmaTel
2010-04-06 00:50:15 0 d-sh--w- c:\windows\Installer
2010-04-06 00:18:14 0 d-----w- c:\users\steve dye\New folder
2010-04-06 00:17:27 0 d-----w- c:\users\steve dye\Dell Files
2010-04-05 23:08:37 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-04-05 23:07:57 0 d-----w- c:\windows\system32\wbem\Performance
2010-04-05 20:23:54 2 ----a-w- c:\windows\$UpgDrv$
2010-04-05 20:16:16 0 d-----w- C:\$UPGRADE.~OS
2010-03-31 09:30:34 0 d-----w- C:\Incomplete
2010-03-08 02:39:00 0 d-----w- c:\program files\AusLogics BoostSpeed

==================== Find3M ====================

2010-04-06 12:32:51 13824 ----a-w- c:\windows\system32\slwga.dll
2010-04-06 12:32:48 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-06 12:32:21 811520 ----a-w- c:\windows\system32\user32.dll
2010-01-12 05:48:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 05:48:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:02:56.53 ===============






My GMER Report

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-06 17:29:31
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\STEVED~1\AppData\Local\Temp\uwryqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x87B14C02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x87B1655E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x87B167B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x87B16A2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x87B15482]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x87B15B64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x87B15F6E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x87B1562A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x87B15E46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x87B14808]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x87B15D02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x87B149C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x87B160A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x87B17CE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x87B15120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x87B15220]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x87B15DA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x87B176D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x87B186A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x87B15784]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x87B17766]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x87B17D96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x87B16010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x87B15504]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x87B15EDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x87B14E08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x87B17D0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x87B16142]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x87B14D2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x87B16C70]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x87B180AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x87B179FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x87B164CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x87B16392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x87B17474]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x87B18586]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x87B1589E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x87B1533E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x87B16D24]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x87B17860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x87B181EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x87B182D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x87B183FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x87B17600]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x87B14F80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x87B14ED6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x87B17F64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x87B15060]

INT 0x30 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C30CA4
INT 0x38 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C21C6C

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 828548E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 828743B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1397 8287B624 4 Bytes [02, 4C, B1, 87] {ADD CL, [ECX+ESI*4-0x79]}
.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 8287B64C 8 Bytes [5E, 65, B1, 87, B4, 67, B1, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 1403 8287B690 4 Bytes [2E, 6A, B1, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 142F 8287B6BC 4 Bytes [82, 54, B1, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 1453 8287B6E0 4 Bytes [64, 5B, B1, 87]
.text ...
.text peauth.sys 90F01C9D 28 Bytes [44, EB, D3, AF, 1E, 3E, 92, ...]
.text peauth.sys 90F01CC1 28 Bytes [44, EB, D3, AF, 1E, 3E, 92, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751E5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1632] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751E5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751E5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1632] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751E5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1632] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [751E5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1632] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [751E5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3136] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000048 halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{111B72E3-1773-4E98-878E-49DEE154F17A}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111B72E3-1773-4E98-878E-49DEE154F17A}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111B72E3-1773-4E98-878E-49DEE154F17A}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111B72E3-1773-4E98-878E-49DEE154F17A}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111B72E3-1773-4E98-878E-49DEE154F17A}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {111B72E3-1773-4E98-878E-49DEE154F17A}

Attached Files


Edited by sincere, 06 April 2010 - 04:58 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:42 PM

Posted 09 April 2010 - 07:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:42 PM

Posted 15 April 2010 - 04:19 AM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users