Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with malware infection


  • This topic is locked This topic is locked
6 replies to this topic

#1 VeeMike

VeeMike

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 11 August 2010 - 04:03 PM

Split from this thread in AII forum.


Unless someone here suggests a fix or workaround, I will have to copy/paste my DDS log and upload my GMER logs to a thumb drive then logon and submit from another PC.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-10 15:25:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\veemike\LOCALS~1\Temp\pfldypoc.sys


---- System - GMER 1.0.15 ----

SSDT 8959DD60 ZwCreateKey
SSDT 8959EF00 ZwCreateMutant
SSDT 8959D260 ZwCreateProcess
SSDT 8959D520 ZwCreateProcessEx
SSDT 8959EBC0 ZwCreateThread
SSDT 8959E2E0 ZwDeleteKey
SSDT 8959E5A0 ZwDeleteValueKey
SSDT 8959ED60 ZwLoadDriver
SSDT 8959D7E0 ZwOpenProcess
SSDT 8959F0A0 ZwSetSystemInformation
SSDT 8959E020 ZwSetValueKey
SSDT 8959DAA0 ZwTerminateProcess
SSDT 8959EA20 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 3024 805048C0 4 Bytes JMP 4AF48959
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99E0000, 0x1C5D38, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008A000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1496] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008B000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1496] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0080000C
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\System32\svchost.exe[1504] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F9000A
.text C:\WINDOWS\system32\SearchIndexer.exe[2052] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\Explorer.EXE[3976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat AB4B7D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/14/2010 1:03:04 PM
System Uptime: 8/10/2010 4:54:26 PM (1 hours ago)

Motherboard: Dell Inc. | | 0GM819
Processor: Intel® Core™2 Duo CPU E6850 @ 3.00GHz | CPU | 2992/1333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 47.819 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 620 GiB total, 619.335 GiB free.
F: is FIXED (NTFS) - 74 GiB total, 41.408 GiB free.
G: is NetworkDisk (NTFS) - 115 GiB total, 27.162 GiB free.
H: is Removable
K: is NetworkDisk (NTFS) - 115 GiB total, 27.162 GiB free.
M: is NetworkDisk (NTFS) - 115 GiB total, 27.162 GiB free.
Z: is NetworkDisk (NTFS) - 115 GiB total, 27.162 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/14/2010 1:08:04 PM - System Checkpoint
RP2: 6/14/2010 1:22:34 PM - Installed Dell Resource CD.
RP3: 6/14/2010 1:29:29 PM - Installed SoundMAX
RP4: 6/14/2010 1:29:48 PM - Installed SoundMAX
RP5: 6/14/2010 1:34:19 PM - Configured SoundMAX
RP6: 6/14/2010 1:43:10 PM - Installed ST Microelectronics TPM Driver Installer.
RP7: 6/14/2010 1:44:23 PM - Installed 32 bit Windows Card Reader Driver
RP8: 6/14/2010 1:46:20 PM - Installed Intel® PRO Alerting Agent
RP9: 6/14/2010 1:49:25 PM - Installed Intel® PRO Network Connections
RP10: 6/14/2010 1:58:03 PM - Installed Desktop System Software
RP11: 6/14/2010 1:59:54 PM - Installed EMBASSY Trust Suite by Wave Systems
RP12: 6/14/2010 2:00:04 PM - Installed EMBASSY Trust Suite by Wave Systems
RP13: 6/14/2010 2:01:22 PM - Installed NTRU TCG Software Stack
RP14: 6/14/2010 2:02:18 PM - Installed Wave Support Software
RP15: 6/14/2010 2:06:41 PM - Installed EMBASSY Security Center
RP16: 6/14/2010 2:06:51 PM - Installed Document Manager Lite
RP17: 6/14/2010 2:07:00 PM - Installed Private Information Manager
RP18: 6/14/2010 2:07:06 PM - Installed Security Wizards
RP19: 6/14/2010 2:07:11 PM - Installed Secure Update
RP20: 6/14/2010 2:07:44 PM - Installed ESC Home Page Plugin
RP21: 6/14/2010 2:07:49 PM - Installed EMBASSY Security Setup
RP22: 6/14/2010 2:13:24 PM - Configured SoundMAX
RP23: 6/14/2010 3:35:22 PM - Installed Microsoft Office Small Business 2007
RP24: 6/14/2010 3:53:12 PM - Software Distribution Service 3.0
RP25: 6/14/2010 4:02:35 PM - Software Distribution Service 3.0
RP26: 6/14/2010 4:13:46 PM - Installed Windows XP WgaNotify.
RP27: 6/14/2010 4:16:18 PM - Software Distribution Service 3.0
RP28: 6/14/2010 4:26:48 PM - Software Distribution Service 3.0
RP29: 6/14/2010 4:40:27 PM - Software Distribution Service 3.0
RP30: 6/14/2010 5:10:52 PM - Installed Creative MediaSource 5
RP31: 6/14/2010 5:11:30 PM - Installed WaveStudio 7
RP32: 6/15/2010 2:09:01 PM - Installed Windows Media Player 11
RP33: 6/15/2010 2:09:16 PM - Installed Windows XP Wudf01000.
RP34: 6/15/2010 2:10:28 PM - Installed Windows XP MSCompPackV1.
RP35: 6/15/2010 2:35:37 PM - Installed Windows XP KB915800-v4.
RP36: 6/15/2010 2:35:49 PM - Installed Windows XP Windows Search 4.0.
RP37: 6/15/2010 2:41:41 PM - Installed GoToMyPC
RP38: 6/15/2010 2:41:45 PM - Printer Driver GoToMyPC UPD Driver Installed
RP39: 6/15/2010 2:50:28 PM - Installed GoToMyPC
RP40: 6/15/2010 2:51:13 PM - Printer Driver GoToMyPC UPD Driver Installed
RP41: 6/15/2010 2:52:21 PM - Removed GoToMyPC
RP42: 6/15/2010 2:53:56 PM - Installed GoToMyPC
RP43: 6/15/2010 2:54:20 PM - Printer Driver GoToMyPC UPD Driver Installed
RP44: 6/15/2010 3:03:38 PM - Installed Windows XP KB915800-v4.
RP45: 6/15/2010 3:03:47 PM - Installed Windows XP Windows Search 4.0.
RP46: 6/15/2010 3:25:58 PM - Installed Adobe Acrobat 8 Professional
RP47: 6/16/2010 11:51:29 AM - Installed CyberPower PowerPanel Personal Edition
RP48: 6/16/2010 11:58:04 AM - Installed ScanSoft OmniPage 15.0
RP49: 6/16/2010 1:03:11 PM - Software Distribution Service 3.0
RP50: 6/16/2010 5:44:12 PM - Configured SoundMAX
RP51: 6/16/2010 5:44:23 PM - Installed SoundMAX
RP52: 6/16/2010 6:29:12 PM - Installed ATI Catalyst Control Center
RP53: 6/17/2010 9:52:09 AM - Installed Device Control
RP54: 6/17/2010 9:52:26 AM - Installed Creative EAX Settings
RP55: 6/17/2010 9:52:52 AM - Installed Speaker Settings
RP56: 6/18/2010 10:37:19 AM - System Checkpoint
RP57: 6/18/2010 2:36:24 PM - Installed BlackBerry Desktop Software 5.0.
RP58: 6/18/2010 2:46:37 PM - Installed BlackBerry Desktop Software 5.0.1.
RP59: 6/18/2010 2:47:57 PM - Removed BlackBerry Desktop Software 5.0.
RP60: 6/20/2010 4:13:26 PM - System Checkpoint
RP61: 6/21/2010 5:39:43 PM - System Checkpoint
RP62: 6/22/2010 6:20:28 PM - System Checkpoint
RP63: 6/23/2010 10:14:41 AM - Installed Lizardtech DjVu Control
RP64: 6/24/2010 1:12:45 PM - System Checkpoint
RP65: 6/25/2010 1:56:35 PM - System Checkpoint
RP66: 6/26/2010 2:30:44 PM - System Checkpoint
RP67: 6/27/2010 3:30:46 PM - System Checkpoint
RP68: 6/28/2010 4:04:46 PM - System Checkpoint
RP69: 6/29/2010 12:06:00 PM - Installed Dragon NaturallySpeaking 9
RP70: 6/29/2010 12:18:24 PM - Installed Dragon NaturallySpeaking 9 Service Pack 1
RP71: 6/30/2010 2:20:46 PM - System Checkpoint
RP72: 7/1/2010 3:07:14 PM - System Checkpoint
RP73: 7/2/2010 3:07:16 PM - System Checkpoint
RP74: 7/3/2010 4:07:37 PM - System Checkpoint
RP75: 7/4/2010 5:07:19 PM - System Checkpoint
RP76: 7/5/2010 6:07:20 PM - System Checkpoint
RP77: 7/6/2010 6:33:13 PM - System Checkpoint
RP78: 7/7/2010 7:33:14 PM - System Checkpoint
RP79: 7/8/2010 5:12:31 PM - Software Distribution Service 3.0
RP80: 7/9/2010 5:27:13 PM - System Checkpoint
RP81: 7/10/2010 6:26:16 PM - System Checkpoint
RP82: 7/11/2010 6:27:15 PM - System Checkpoint
RP83: 7/12/2010 7:27:16 PM - System Checkpoint
RP84: 7/13/2010 7:58:08 PM - System Checkpoint
RP85: 7/14/2010 8:58:09 PM - System Checkpoint
RP86: 7/15/2010 9:46:44 PM - System Checkpoint
RP87: 7/16/2010 11:12:23 AM - Installed WinZip 14.5
RP88: 7/17/2010 11:46:46 AM - System Checkpoint
RP89: 7/18/2010 12:46:46 PM - System Checkpoint
RP90: 7/19/2010 1:58:58 PM - System Checkpoint
RP91: 7/20/2010 3:04:12 PM - System Checkpoint
RP92: 7/21/2010 3:12:38 PM - System Checkpoint
RP93: 7/22/2010 4:39:30 PM - System Checkpoint
RP94: 7/23/2010 5:13:44 PM - Installed Windows XP KB915800-v4.
RP95: 7/23/2010 5:13:55 PM - Installed Windows XP Windows Search 4.0.
RP96: 7/23/2010 5:19:20 PM - Software Distribution Service 3.0
RP97: 7/24/2010 5:28:41 PM - System Checkpoint
RP98: 7/25/2010 6:28:42 PM - System Checkpoint
RP99: 7/26/2010 7:28:43 PM - System Checkpoint
RP100: 7/27/2010 10:03:30 AM - Software Distribution Service 3.0
RP101: 7/28/2010 11:11:25 AM - System Checkpoint
RP102: 7/29/2010 1:28:08 PM - System Checkpoint
RP103: 7/30/2010 4:34:53 PM - System Checkpoint
RP104: 8/1/2010 1:20:11 PM - System Checkpoint
RP105: 8/2/2010 3:55:07 PM - System Checkpoint
RP106: 8/3/2010 5:55:41 PM - System Checkpoint
RP107: 8/4/2010 6:39:19 PM - System Checkpoint
RP108: 8/6/2010 11:35:10 AM - Installed Sophos Windows Shortcut Exploit Protection Tool.
RP109: 8/8/2010 10:34:18 AM - System Checkpoint
RP110: 8/9/2010 8:42:43 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
32 bit Windows Card Reader Driver
Adobe Acrobat 8 Professional
Adobe Acrobat 8.2.3 - CPSID_83708
Adobe Acrobat 8.2.3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AuthenTec Fingerprint Sensor Minimum Install
Belarc Advisor 8.1
biolsp patch
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
BufferChm
Business Contact Manager for Outlook 2007 SP2
C309g-m
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CollectMaxWin - Workstation
Coupon Printer for Windows
Creative EAX Settings
Creative MediaSource 5
Creative Speaker Settings
Creative WaveStudio 7
Crystal Reports Client
CyberPower PowerPanel Personal Edition
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Resource CD
Destinations
Device Control
DeviceDiscovery
Document Manager Lite
Dragon NaturallySpeaking 9
eBahn® Reader
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Gemalto
GemSafe Standard Edition 5.1
GoToMyPC
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
Intel® PRO Alerting Agent
Intel® PRO Network Connections 12.1.12.4
Intel® Active Management Technology
Intel® Management Engine Interface
Lizardtech DjVu Control
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Network
NTRU TCG Software Stack
OGA Notifier 2.0.0048.0
PC Wizard 2010.1.94
Preboot Manager
Private Information Manager
Privoxy (remove only)
PS_AIO_06_C309g-m_SW_Min
QuickTransfer
Scan
ScanSoft OmniPage 15.0
Secure Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Security Wizards
Skins
SmartWebPrinting
SolutionCenter
Sophos Windows Shortcut Exploit Protection Tool
SoundMAX
ST Microelectronics TPM Driver Installer
Status
SUPERAntiSpyware
Timeslips 2006 Local
Toolbox
TrayApp
Trend Micro Client/Server Security Agent
Trusted Drive Manager
tsp patch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
Wave Infrastructure Installer
Wave Support Software
WebEx
WebFldrs XP
WebReg
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinZip 14.5

==== Event Viewer Messages From Past Week ========

8/10/2010 3:08:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip tmtdi
8/10/2010 3:08:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2010 3:08:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2010 3:08:24 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2010 3:08:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/10/2010 3:00:49 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/10/2010 3:00:49 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

Edited by quietman7, 12 August 2010 - 06:55 AM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:57 PM

Posted 19 August 2010 - 06:23 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:57 PM

Posted 31 August 2010 - 02:01 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:57 PM

Posted 03 September 2010 - 03:00 PM

Opened at request of user.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 04 September 2010 - 01:38 AM

hello

I am going to take this over for suebaby


If you are having trouble posting the requested logs please upload them here - http://www.mediafire.com/ - and post the links here

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 07 September 2010 - 01:50 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:57 PM

Posted 10 September 2010 - 01:39 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users