Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


False browser and media player history

  • This topic is locked This topic is locked
2 replies to this topic

#1 jlukomski


  • Members
  • 1 posts
  • Local time:04:07 AM

Posted 19 April 2010 - 11:06 PM

I am having a problem with unknown and unwanted histories showing up in explorer and media player. I first notice this several months ago after installing some freeware for creating mp3 files

DDS (Ver_10-03-17.01) - NTFSx86
Run by Joeski at 23:25:34.18 on Mon 04/19/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.1127 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Palm\Hotsync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinLIP.EXE
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinLIP.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IEPro\MiniDM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [rpitsp] c:\windows\rpitsp.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\joeski\appdata\roaming\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\network usb hub control center\Connect.exe
StartupFolder: c:\users\joeski\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\WinLIP.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-23 162768]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-23 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-23 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-17 40384]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2009-11-23 62464]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-17 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-17 40384]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-27 233472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 PTDLBus;PANTECH UM175AL Composite Device Driver;c:\windows\system32\drivers\PTDLBus.sys [2009-11-24 32256]
S3 PTDLMdm;PANTECH UM175AL Drivers;c:\windows\system32\drivers\PTDLMdm.sys [2009-11-24 41344]
S3 PTDLVsp;PANTECH UM175AL Diagnostic Port;c:\windows\system32\drivers\PTDLVsp.sys [2009-11-24 39936]
S3 PTDLWWAN;PANTECH UM175AL WWAN Driver;c:\windows\system32\drivers\PTDLWWAN.sys [2009-11-24 59776]
S3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\drivers\ser2rs.sys [2009-11-24 76288]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]

=============== Created Last 30 ================

2010-04-20 02:56:29 0 d-----w- c:\program files\Trend Micro
2010-04-15 02:47:14 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL
2010-04-15 02:47:14 143360 ----a-w- c:\windows\system32\CNMNPUI.DLL
2010-04-14 21:02:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 21:02:31 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 21:02:30 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 21:02:18 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 21:02:16 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 21:02:09 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 21:02:09 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 21:02:09 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-03 23:17:48 0 ----a-w- c:\users\joeski\jagex__preferences3.dat
2010-04-03 23:17:47 69 ----a-w- c:\users\joeski\jagex_runescape_preferences2.dat
2010-04-03 23:16:42 41 ----a-w- c:\users\joeski\jagex_runescape_preferences.dat
2010-03-31 23:22:11 977920 ----a-w- c:\windows\system32\wininet.dll

==================== Find3M ====================

2010-04-14 16:31:23 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-13 02:59:11 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-13 00:16:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-11 05:08:54 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-02-11 05:08:50 268312 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-02-11 05:08:50 141848 ----a-w- c:\windows\system32\igfxtray.exe
2010-02-11 05:08:48 167448 ----a-w- c:\windows\system32\igfxpers.exe
2010-02-11 05:08:46 178200 ----a-w- c:\windows\system32\igfxext.exe
2010-02-11 05:08:44 175640 ----a-w- c:\windows\system32\hkcmd.exe
2010-02-11 05:08:42 3126808 ----a-w- c:\windows\system32\GfxUI.exe
2010-02-11 04:59:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2082.dll
2010-02-11 04:50:18 4502016 ----a-w- c:\windows\system32\igdumd32.dll
2010-02-11 04:45:32 550912 ----a-w- c:\windows\system32\igdumdx32.dll
2010-02-11 04:41:56 3890688 ----a-w- c:\windows\system32\igd10umd32.dll
2010-02-11 04:33:08 4079616 ----a-w- c:\windows\system32\ig4dev32.dll
2010-02-11 04:32:52 6061568 ----a-w- c:\windows\system32\ig4icd32.dll
2010-02-11 04:16:20 59392 ----a-w- c:\windows\system32\oemdspif.dll
2010-02-11 04:16:12 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-02-11 04:16:08 260096 ----a-w- c:\windows\system32\igfxTMM.dll
2010-02-11 04:16:08 200704 ----a-w- c:\windows\system32\igfxpph.dll
2010-02-11 04:15:38 56832 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-02-11 04:15:16 130560 ----a-w- c:\windows\system32\igfxdo.dll
2010-02-11 04:15:06 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-02-11 04:14:54 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-02-11 04:14:52 9030656 ----a-w- c:\windows\system32\igfxress.dll
2010-02-11 04:14:52 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-02-11 04:14:52 225792 ----a-w- c:\windows\system32\igfxdev.dll
2010-02-10 20:17:00 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-02-10 20:16:26 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-w- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:26:11.50 ===============

there isn't an attach option so here is the attach.txt content


DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/23/2009 6:13:53 PM
System Uptime: 4/19/2010 2:53:57 AM (21 hours ago)

Motherboard: Wistron | | 3612
Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 138 GiB total, 80.845 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 5.589 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000A\7&1A9BE52E&0&002557EBFE43_C00000000
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000A\7&1A9BE52E&0&002557EBFE43_C00000000

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000A\7&1A9BE52E&0&002557EBFE43_C00000000
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000A\7&1A9BE52E&0&002557EBFE43_C00000000

==== System Restore Points ===================

RP83: 3/31/2010 7:22:16 PM - Windows Update
RP84: 4/1/2010 9:01:46 PM - Windows Update
RP85: 4/6/2010 7:01:28 PM - Windows Update
RP86: 4/9/2010 3:15:18 AM - Windows Update
RP87: 4/14/2010 5:02:36 PM - Windows Update
RP88: 4/18/2010 11:43:45 PM - Windows Update
RP89: 4/19/2010 7:45:37 PM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Apple Application Support
Apple Software Update
avast! Free Antivirus
Belkin Network USB Hub Control Center
BitComet 1.16
BlackBerry Desktop Software 5.0.1
BlackBerry USB Drivers
BlackBerry® Media Sync
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 2.1
Canon MX860 series MP Drivers
Canon MX860 series User Registration
Cisco Network Magic
CNET TechTracker
Conexant HD Audio
FrostWire 4.18.6
HanDBase Professional for Blackberry v4.0
Handmark® MobileDB™ for Palm OS
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Internet Password Lock
Java Auto Updater
Java™ 6 Update 18
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Single Image 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# 2.0 Redistributable Package
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
OpenOffice.org 3.2
Palm Desktop by ACCESS
Pando Media Booster
Pure Networks Platform
QuickLink Mobile
RadioShack USB to Serial Driver
Revo Uninstaller 1.83
Roxio Media Manager
Sacred Gold
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Smart Defrag
SolidWorks eDrawings 2010
Supreme Commander - Forged Alliance
Synaptics Pointing Device Driver
Tag&Rename 3.5.4
TextMaker Viewer
TomTom HOME Visual Studio Merge Modules
VC 9.0 Runtime
VZAccess Manager
WinRAR archiver
WinZip 14.0

==== Event Viewer Messages From Past Week ========

4/19/2010 8:52:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/19/2010 7:16:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
4/19/2010 2:23:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DREASKI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EF2A49C5-1C2E-49E6-B3DF-A062758. The master browser is stopping or an election is being forced.
4/18/2010 3:08:32 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address with the system having network

The ark file is to large to post here

Edited by Orange Blossom, 22 April 2010 - 09:54 PM.
Move to log forum. ~ OB

BC AdBot (Login to Remove)


#2 schrauber



  • Malware Response Team
  • 24,794 posts
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:07 AM

Posted 25 April 2010 - 04:14 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber



  • Malware Response Team
  • 24,794 posts
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:07 AM

Posted 30 April 2010 - 11:06 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users