Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/trojan and rkill.com not working


  • This topic is locked This topic is locked
10 replies to this topic

#1 compnoob3

compnoob3

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 28 November 2010 - 06:44 PM

Hello,

Here are the logs you requested:


DDS (Ver_10-11-26.01) - NTFSx86
Run by Josh at 20:55:14.57 on Fri 11/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.628 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\dds.scr
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80058
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80058
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {8a32e8dd-ee22-4e60-a38d-dbf6f51e3139} - c:\program files\dallas cowboys\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
uWinlogon: Shell=c:\documents and settings\josh\application data\hotfix.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Dallas Cowboys BHO: {69ce821f-3668-475a-b66f-94719b322de3} - c:\program files\dallas cowboys\Toolbar.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files\common files\homepage protection\HomepageProtection.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Dallas Cowboys: {27e7f580-724e-46eb-846f-96c2396d23ed} - c:\program files\dallas cowboys\Toolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6]
uRun: [Windows Dumper Host] rundll32.exe "c:\docume~1\josh\locals~1\temp\winbdm.dll", RepCmd
uRun: [drvxslek32k] c:\documents and settings\josh\application data\drvxslek32k\drvxslek57k.exe
uRun: [kheedaaudio] rundll32.exe "cbyyyx.dll",s
uRun: [fcyaayaudio] rundll32.exe "awtroo.dll",s
uRun: [ljifcdaudio] rundll32.exe "tuspqo.dll",s
uRun: [tusqonaudio] rundll32.exe "tuvsqo.dll",s
uRun: [ssrrrsaudio] rundll32.exe "ursrqn.dll",s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SearchSettings] c:\program files\dealio toolbar\SearchSettings.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTF Products Updater] rundll32.exe "c:\docume~1\josh\locals~1\temp\winbdm.dll", RepCmd
mRun: [bywvvvaudio] rundll32.exe "cbyyyx.dll",s
mRun: [ljkklmaudio] rundll32.exe "awtroo.dll",s
mRun: [rqropnaudio] rundll32.exe "ursrqn.dll",s
mRun: [rqpnnlaudio] rundll32.exe "tuspqo.dll",s
mRun: [ljijifaudio] rundll32.exe "ljggff.dll",s
mRun: [xxvurqaudio] rundll32.exe "tuvwtt.dll",s
mRun: [hgdbbxsys] rundll32.exe "yaxuvv.dll",s
mRun: [hgdaxyaudio] rundll32.exe "tuvsqo.dll",s
dRun: [xxvvwtaudio] rundll32.exe "cbyyyx.dll",s
dRun: [fccbxxaudio] rundll32.exe "awtroo.dll",s
dRun: [urpmmjaudio] rundll32.exe "ursrqn.dll",s
dRun: [ssqqppaudio] rundll32.exe "ljggff.dll",s
dRun: [khgeefaudio] rundll32.exe "tuvwtt.dll",s
dRun: [urrstrsys] rundll32.exe "yaxuvv.dll",s
dRun: [tuspqpaudio] rundll32.exe "tuvsqo.dll",s
dRun: [vtrpppaudio] rundll32.exe "tuspqo.dll",s
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\josh\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\winphost.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 yaxuvv.dll

============= SERVICES / DRIVERS ===============

R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-23 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-8-23 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-11-21 19:00:42 -------- d--h--w- c:\windows\PIF
2010-11-21 18:59:50 11802408 ----a-w- C:\SAS_022C36E.COM
2010-11-20 21:07:08 122368 ---ha-w- c:\windows\system32\tuvsqo.dll
2010-11-20 20:30:00 111104 ---ha-w- c:\windows\system32\yaxuvv.dll
2010-11-15 17:31:45 121344 ---ha-w- c:\windows\system32\tuvwtt.dll
2010-11-15 17:02:47 121344 ---ha-w- c:\windows\system32\ljggff.dll
2010-11-15 03:30:05 126976 ---ha-w- c:\windows\system32\tuspqo.dll
2010-11-15 03:20:30 564736 ----a-w- c:\docume~1\josh\applic~1\hotfix.exe
2010-11-15 03:20:30 220 ----a-w- c:\docume~1\josh\applic~1\sdghzxfg.bat
2010-11-14 13:32:26 118784 ---ha-w- c:\windows\system32\ursrqn.dll
2010-11-14 03:18:46 118784 ---ha-w- c:\windows\system32\awtroo.dll
2010-11-12 00:14:16 116224 ---ha-w- c:\windows\system32\cbyyyx.dll
2010-11-12 00:09:33 -------- d-----w- c:\docume~1\josh\applic~1\drvxslek32k
2010-11-12 00:09:17 717685 ----a-w- c:\documents and settings\josh\drvxslek57k.exe
2010-11-12 00:09:17 39936 ----a-w- c:\windows\system32\winphost.dll
2010-11-12 00:09:17 39936 ----a-w- c:\windows\system32\b_ctfmn.dll
2010-11-12 00:09:17 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-11-12 00:09:07 -------- d-----w- c:\program files\Simply Software
2010-11-09 03:11:29 -------- d-----w- c:\program files\iPod
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-11-09 03:09:09 -------- d-----w- c:\program files\Bonjour
2010-11-08 03:59:46 -------- d-----w- c:\program files\Conduit
2010-11-08 03:59:46 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\Conduit
2010-11-08 03:59:44 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\BitTorrentBar
2010-11-08 03:59:34 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\ConduitEngine
2010-11-08 03:59:33 -------- d-----w- c:\program files\ConduitEngine
2010-11-08 03:59:31 -------- d-----w- c:\program files\BitTorrentBar
2010-11-08 03:59:31 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\Temp
2010-11-08 03:59:28 -------- d-----w- C:\extensions
2010-11-08 03:59:11 -------- d-----w- c:\program files\BitTorrent
2010-11-08 03:58:02 -------- d-----w- c:\docume~1\josh\applic~1\BitTorrent

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_ rev.FG01 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x863C8446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863ce504]; MOV EAX, [0x863ce580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86DC5030]
3 CLASSPNP[0xF7608FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86D14860]
\Driver\iaStor[0x86D78C98] -> IRP_MJ_CREATE -> 0x863C8446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK1655GSX_______________________FG011C__#4&9cf173c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x863C8292
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 20:58:13.04 ===============

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:11 PM

Posted 05 December 2010 - 05:32 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

Edited by B-boy/StyLe/, 05 December 2010 - 05:34 AM.

cXfZ4wS.png


#3 compnoob3

compnoob3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 06 December 2010 - 02:58 PM

hello. i will run a dds log soon, but this forum post link should get you a description of my problem as it has developed: http://www.bleepingcomputer.com/forums/topic360726.html/page__p__2035969__fromsearch__1#entry2035969.

i will update once i run the dds.

thanks. josh

#4 compnoob3

compnoob3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 06 December 2010 - 03:07 PM

could not attach logs so here they are copy and pasted

DDS LOG:

DDS (Ver_10-12-05.01) - NTFSx86
Run by Josh at 14:59:12.32 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.553 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Josh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80058
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80058
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {8a32e8dd-ee22-4e60-a38d-dbf6f51e3139} - c:\program files\dallas cowboys\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
uWinlogon: Shell=c:\documents and settings\josh\application data\hotfix.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Dallas Cowboys BHO: {69ce821f-3668-475a-b66f-94719b322de3} - c:\program files\dallas cowboys\Toolbar.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files\common files\homepage protection\HomepageProtection.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Dallas Cowboys: {27e7f580-724e-46eb-846f-96c2396d23ed} - c:\program files\dallas cowboys\Toolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6]
uRun: [Windows Dumper Host] rundll32.exe "c:\docume~1\josh\locals~1\temp\winbdm.dll", RepCmd
uRun: [drvxslek32k] c:\documents and settings\josh\application data\drvxslek32k\drvxslek57k.exe
uRun: [kheedaaudio] rundll32.exe "cbyyyx.dll",s
uRun: [fcyaayaudio] rundll32.exe "awtroo.dll",s
uRun: [ljifcdaudio] rundll32.exe "tuspqo.dll",s
uRun: [tusqonaudio] rundll32.exe "tuvsqo.dll",s
uRun: [ssrrrsaudio] rundll32.exe "ursrqn.dll",s
uRun: [{D5543E6E-2750-6075-E7E8-C57DDA006CFD}] "c:\documents and settings\josh\application data\abysi\xucau.exe"
uRun: [qonmkjaudio] rundll32.exe "ljggff.dll",s
uRun: [rqpmjhaudio] rundll32.exe "ljgfff.dll",s
uRun: [qopnklaudio] rundll32.exe "ljgfcb.dll",s
uRun: [iihebcaudio] rundll32.exe "tuvwtt.dll",s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SearchSettings] c:\program files\dealio toolbar\SearchSettings.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTF Products Updater] rundll32.exe "c:\docume~1\josh\locals~1\temp\winbdm.dll", RepCmd
mRun: [bywvvvaudio] rundll32.exe "cbyyyx.dll",s
mRun: [ljkklmaudio] rundll32.exe "awtroo.dll",s
mRun: [rqropnaudio] rundll32.exe "ursrqn.dll",s
mRun: [rqpnnlaudio] rundll32.exe "tuspqo.dll",s
mRun: [ljijifaudio] rundll32.exe "ljggff.dll",s
mRun: [xxvurqaudio] rundll32.exe "tuvwtt.dll",s
mRun: [hgdbbxsys] rundll32.exe "yaxuvv.dll",s
mRun: [hgdaxyaudio] rundll32.exe "tuvsqo.dll",s
mRun: [qonlkkaudio] rundll32.exe "ljgfff.dll",s
mRun: [xxvsspaudio] rundll32.exe "ljgfcb.dll",s
dRun: [xxvvwtaudio] rundll32.exe "cbyyyx.dll",s
dRun: [fccbxxaudio] rundll32.exe "awtroo.dll",s
dRun: [urpmmjaudio] rundll32.exe "ursrqn.dll",s
dRun: [ssqqppaudio] rundll32.exe "ljggff.dll",s
dRun: [khgeefaudio] rundll32.exe "tuvwtt.dll",s
dRun: [urrstrsys] rundll32.exe "yaxuvv.dll",s
dRun: [tuspqpaudio] rundll32.exe "tuvsqo.dll",s
dRun: [vtrpppaudio] rundll32.exe "tuspqo.dll",s
dRun: [ljklkiaudio] rundll32.exe "ljgfff.dll",s
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\josh\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\winphost.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 yaxuvv.dll

============= SERVICES / DRIVERS ===============

R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-23 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-8-23 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-11-28 23:41:28 124416 ---ha-w- c:\windows\system32\ljgfcb.dll
2010-11-28 18:03:40 124416 ---ha-w- c:\windows\system32\ljgfff.dll
2010-11-27 13:50:39 -------- d-----w- c:\docume~1\josh\applic~1\Axovfu
2010-11-27 13:50:39 -------- d-----w- c:\docume~1\josh\applic~1\Abysi
2010-11-21 19:00:42 -------- d--h--w- c:\windows\PIF
2010-11-21 18:59:50 11802408 ----a-w- C:\SAS_022C36E.COM
2010-11-20 21:07:08 122368 ---ha-w- c:\windows\system32\tuvsqo.dll
2010-11-20 20:30:00 111104 ---ha-w- c:\windows\system32\yaxuvv.dll
2010-11-15 17:31:45 121344 ---ha-w- c:\windows\system32\tuvwtt.dll
2010-11-15 17:02:47 121344 ---ha-w- c:\windows\system32\ljggff.dll
2010-11-15 03:30:05 126976 ---ha-w- c:\windows\system32\tuspqo.dll
2010-11-15 03:20:30 564736 ----a-w- c:\docume~1\josh\applic~1\hotfix.exe
2010-11-15 03:20:30 220 ----a-w- c:\docume~1\josh\applic~1\sdghzxfg.bat
2010-11-14 13:32:26 118784 ---ha-w- c:\windows\system32\ursrqn.dll
2010-11-14 03:18:46 118784 ---ha-w- c:\windows\system32\awtroo.dll
2010-11-12 00:14:16 116224 ---ha-w- c:\windows\system32\cbyyyx.dll
2010-11-12 00:09:33 -------- d-----w- c:\docume~1\josh\applic~1\drvxslek32k
2010-11-12 00:09:17 717685 ----a-w- c:\documents and settings\josh\drvxslek57k.exe
2010-11-12 00:09:17 39936 ----a-w- c:\windows\system32\winphost.dll
2010-11-12 00:09:17 39936 ----a-w- c:\windows\system32\b_ctfmn.dll
2010-11-12 00:09:17 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-11-12 00:09:07 -------- d-----w- c:\program files\Simply Software
2010-11-09 03:11:29 -------- d-----w- c:\program files\iPod
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-11-09 03:10:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-11-09 03:09:09 -------- d-----w- c:\program files\Bonjour
2010-11-08 03:59:46 -------- d-----w- c:\program files\Conduit
2010-11-08 03:59:46 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\Conduit
2010-11-08 03:59:44 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\BitTorrentBar
2010-11-08 03:59:34 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\ConduitEngine
2010-11-08 03:59:33 -------- d-----w- c:\program files\ConduitEngine
2010-11-08 03:59:31 -------- d-----w- c:\program files\BitTorrentBar
2010-11-08 03:59:31 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\Temp
2010-11-08 03:59:28 -------- d-----w- C:\extensions
2010-11-08 03:59:11 -------- d-----w- c:\program files\BitTorrent
2010-11-08 03:58:02 -------- d-----w- c:\docume~1\josh\applic~1\BitTorrent

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_ rev.FG01 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x863EB446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863f1504]; MOV EAX, [0x863f1580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86D75AB8]
3 CLASSPNP[0xF7608FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x863A9960]
\Driver\iaStor[0x86D68840] -> IRP_MJ_CREATE -> 0x863EB446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK1655GSX_______________________FG011C__#4&9cf173c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x863EB292
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 15:02:14.42 ===============

attatch log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2009 8:19:28 PM
System Uptime: 12/6/2010 2:51:57 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 308F
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 118.941 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1 MUI
AiO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Bejeweled 2 Deluxe
BitTorrent
BitTorrentBar Toolbar
Bonjour
Compatibility Pack for the 2007 Office system
Conduit Engine
Dallas Cowboys
Dealio Toolbar v4.0.2
Homepage Protection
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 2.10 A2
HP Games
HP Help and Support
HP Instant Web
HP PSC & OfficeJet 5.3.B
HP QuickSync
HP User Guides 0165
HP Webcam-50
HP Wireless Assistant
HpSdpAppCoreApp
IDT Audio
Inbox Toolbar
Intel® Graphics Media Accelerator Driver
iTunes
Java™ 6 Update 14
LG USB Modem driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSXML 6.0 Parser
QFolder
QuickTime
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Simply Invoice V2
Synaptics Pointing Device Driver
The Weather Channel Desktop 6
The Weather Channel Toolbar
TouchCopy 09
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
WebFldrs XP
WildTangent Games
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinZip 15.0

==== Event Viewer Messages From Past Week ========

12/6/2010 9:24:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the hpqwmiex service to connect.
12/6/2010 9:24:44 AM, error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 9:24:44 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
12/6/2010 9:23:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DeviceVM Meta Data Export Service service to connect.
12/6/2010 9:23:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Updater service to connect.
12/6/2010 9:23:35 AM, error: Service Control Manager [7000] - The DeviceVM Meta Data Export Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Edited by compnoob3, 06 December 2010 - 03:35 PM.


#5 compnoob3

compnoob3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 06 December 2010 - 04:16 PM

GMER Log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-06 16:15:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.FG01
Running: gmer.exe; Driver: C:\DOCUME~1\Josh\LOCALS~1\Temp\awrdapod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Josh\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[488] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007E000A
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007D000C
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0269000A
.text C:\WINDOWS\System32\svchost.exe[1176] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F5000A
.text C:\WINDOWS\explorer.exe[1272] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D2000A
.text C:\WINDOWS\explorer.exe[1272] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\explorer.exe[1272] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C8000C
.text C:\WINDOWS\system32\wscntfy.exe[1812] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D946A6
.text C:\WINDOWS\system32\wscntfy.exe[1812] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D9488C
.text C:\WINDOWS\system32\wscntfy.exe[1812] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D9492E
.text C:\WINDOWS\system32\wscntfy.exe[1812] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D92E9A
.text C:\WINDOWS\system32\wscntfy.exe[1812] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D93007
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00D92800
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00D928B5
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00D927BD
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00D92889
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00D925DD
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00D92631
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00D9283F
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 00D92721
.text C:\WINDOWS\system32\wscntfy.exe[1812] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 00D92685
.text C:\WINDOWS\system32\wscntfy.exe[1812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D8392A
.text C:\WINDOWS\system32\wscntfy.exe[1812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D83962
.text C:\WINDOWS\system32\wscntfy.exe[1812] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D83983
.text C:\WINDOWS\system32\wscntfy.exe[1812] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D92B34
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 015346A6
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0153488C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 0153492E
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01532E9A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01533007
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01532800
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 015328B5
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 015327BD
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01532889
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 015325DD
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01532631
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0153283F
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 01532721
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 01532685
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0152392A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01523962
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01523983
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01532B34
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 010D46A6
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 010D488C
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 010D492E
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 010D2E9A
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 010D3007
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 010D2800
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 010D28B5
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 010D27BD
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 010D2889
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 010D25DD
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 010D2631
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 010D283F
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 010D2721
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 010D2685
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010C392A
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010C3962
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010C3983
.text C:\Documents and Settings\Josh\Desktop\Defogger.exe[2028] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 010D2B34
.text C:\Program Files\IDT\WDM\sttray.exe[2052] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 010646A6
.text C:\Program Files\IDT\WDM\sttray.exe[2052] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0106488C
.text C:\Program Files\IDT\WDM\sttray.exe[2052] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 0106492E
.text C:\Program Files\IDT\WDM\sttray.exe[2052] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01062E9A
.text C:\Program Files\IDT\WDM\sttray.exe[2052] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01063007
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01062800
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 010628B5
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 010627BD
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01062889
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 010625DD
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01062631
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0106283F
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 01062721
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 01062685
.text C:\Program Files\IDT\WDM\sttray.exe[2052] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01062B34
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0105392A
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01053962
.text C:\Program Files\IDT\WDM\sttray.exe[2052] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01053983
.text C:\WINDOWS\system32\AESTFltr.exe[2064] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 010E46A6
.text C:\WINDOWS\system32\AESTFltr.exe[2064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 010E488C
.text C:\WINDOWS\system32\AESTFltr.exe[2064] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 010E492E
.text C:\WINDOWS\system32\AESTFltr.exe[2064] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 010E2E9A
.text C:\WINDOWS\system32\AESTFltr.exe[2064] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 010E3007
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 010E2800
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 010E28B5
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 010E27BD
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 010E2889
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 010E25DD
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 010E2631
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 010E283F
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 010E2721
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 010E2685
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010D392A
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010D3962
.text C:\WINDOWS\system32\AESTFltr.exe[2064] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010D3983
.text C:\WINDOWS\system32\AESTFltr.exe[2064] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 010E2B34
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 015B46A6
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 015B488C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 015B492E
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 015B2E9A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 015B3007
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 015B2B34
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 015B2800
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 015B28B5
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 015B27BD
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 015B2889
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 015B25DD
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 015B2631
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 015B283F
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 015B2721
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 015B2685
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015A392A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015A3962
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2108] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015A3983
.text C:\WINDOWS\system32\rundll32.exe[2208] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00A746A6
.text C:\WINDOWS\system32\rundll32.exe[2208] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7488C
.text C:\WINDOWS\system32\rundll32.exe[2208] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00A7492E
.text C:\WINDOWS\system32\rundll32.exe[2208] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00A72E9A
.text C:\WINDOWS\system32\rundll32.exe[2208] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00A73007
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00A72800
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00A728B5
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00A727BD
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00A72889
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00A725DD
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00A72631
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00A7283F
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 00A72721
.text C:\WINDOWS\system32\rundll32.exe[2208] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 00A72685
.text C:\WINDOWS\system32\rundll32.exe[2208] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A6392A
.text C:\WINDOWS\system32\rundll32.exe[2208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A63962
.text C:\WINDOWS\system32\rundll32.exe[2208] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A63983
.text C:\WINDOWS\system32\rundll32.exe[2208] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00A72B34
.text C:\WINDOWS\system32\ctfmon.exe[2472] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D346A6
.text C:\WINDOWS\system32\ctfmon.exe[2472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D3488C
.text C:\WINDOWS\system32\ctfmon.exe[2472] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D3492E
.text C:\WINDOWS\system32\ctfmon.exe[2472] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D32E9A
.text C:\WINDOWS\system32\ctfmon.exe[2472] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D33007
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00D32800
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00D328B5
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00D327BD
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00D32889
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00D325DD
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00D32631
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00D3283F
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 00D32721
.text C:\WINDOWS\system32\ctfmon.exe[2472] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 00D32685
.text C:\WINDOWS\system32\ctfmon.exe[2472] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D2392A
.text C:\WINDOWS\system32\ctfmon.exe[2472] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D23962
.text C:\WINDOWS\system32\ctfmon.exe[2472] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D23983
.text C:\WINDOWS\system32\ctfmon.exe[2472] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D32B34
.text C:\WINDOWS\system32\rundll32.exe[2488] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00CF46A6
.text C:\WINDOWS\system32\rundll32.exe[2488] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CF488C
.text C:\WINDOWS\system32\rundll32.exe[2488] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00CF492E
.text C:\WINDOWS\system32\rundll32.exe[2488] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00CF2E9A
.text C:\WINDOWS\system32\rundll32.exe[2488] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00CF3007
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00CF2800
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00CF28B5
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00CF27BD
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00CF2889
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00CF25DD
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00CF2631
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00CF283F
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 00CF2721
.text C:\WINDOWS\system32\rundll32.exe[2488] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 00CF2685
.text C:\WINDOWS\system32\rundll32.exe[2488] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CE392A
.text C:\WINDOWS\system32\rundll32.exe[2488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CE3962
.text C:\WINDOWS\system32\rundll32.exe[2488] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CE3983
.text C:\WINDOWS\system32\rundll32.exe[2488] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00CF2B34
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01A446A6
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A4488C
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01A4492E
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01A3392A
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01A33962
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01A33983
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01A42E9A
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01A43007
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01A42800
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01A428B5
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01A427BD
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01A42889
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01A425DD
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01A42631
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01A4283F
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 01A42721
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 01A42685
.text C:\Documents and Settings\Josh\Application Data\drvxslek32k\drvxslek57k.exe[2504] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01A42B34
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E846A6
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00E8488C
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00E8492E
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00E82E9A
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00E83007
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00E82800
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00E828B5
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00E827BD
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00E82889
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00E825DD
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00E82631
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00E8283F
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 00E82721
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 00E82685
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E7392A
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E73962
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E73983
.text C:\Documents and Settings\Josh\Desktop\gmer.exe[2596] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00E82B34
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EE000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 03024EE0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03025060 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03024660 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 030247C0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3052] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 029246A6
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes JMP 0292488C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] ntdll.dll!LdrLoadDll + 4 7C9163C7 1 Byte [86]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 0292492E
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 02922E9A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 02923007
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02922800
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 029228B5
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 029227BD
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 02922889
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 029225DD
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02922631
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0292283F
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 02922721
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 02922685
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 02922B34
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0291392A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] ws2_32.dll!send 71AB4C27 5 Bytes JMP 02913962
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3212] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02913983
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00EF46A6
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00EF488C
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00EF492E
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00EF2E9A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00EF3007
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00EF2800
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00EF28B5
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00EF27BD
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00EF2889
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00EF25DD
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00EF2631
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00EF283F
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 00EF2721
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 00EF2685
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EE392A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EE3962
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EE3983
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3280] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00EF2B34
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0117000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0118000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0116000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EE000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 03344EE0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03345060 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03344660 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 033447C0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 863EB292
Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK1655GSX_______________________FG011C__#4&9cf173c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 54: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\system@mevio[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@scorecardresearch[2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M7L47GMT\en_US[2] 0 bytes

---- EOF - GMER 1.0.15 ----

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:11 AM

Posted 06 December 2010 - 07:10 PM

Hi compnoob3 welcome to Bleeping Computer.


One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following


===================
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
========
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 compnoob3

compnoob3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 08 December 2010 - 10:50 PM

Hello, thank you for the quick response. I think I'd like to look into "reformatting and reinstalling my OS". I could use some help with backing up my important info and then perfoming the reformat/reinstall. This os being done on a netbook w/o a cd-rom drive. Thanks again for all your help, Josh.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:11 AM

Posted 09 December 2010 - 07:22 AM

Ok first let's clean it then you can safely copy your data to removable media then use the built in recovery to reinstall Windows.
Follow my previous instructions for now.
Also tell me what kind of netbook it is so I can give you instructions to recover it.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 compnoob3

compnoob3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 09 December 2010 - 06:40 PM

Ok. I will clean the computer as per your instructions. It is an HP Mini 110. Thank you for all your help, Josh.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:11 AM

Posted 10 December 2010 - 07:09 AM

Ok post those logs when they are done and you are welcome :)
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:11 AM

Posted 19 December 2010 - 10:23 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users