Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Update Windows Security Essentials or Windows Update + Popups


  • This topic is locked This topic is locked
7 replies to this topic

#1 grrArgh

grrArgh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 12 December 2010 - 11:23 PM

I recently used malwarebytes to remove a fake anti-virus program and some other issues. The fake anti-virus appears to be gone, however I can only update Windows Security Essentials manually (Error Code 0x80072ee7), and the windows update site (windowsupdate.microsoft.com) gives me a "Page Cannot be Displayed" error message. Other sites appear to work fine.

Also, after having Firefox or IE open for a few minutes, a new tab gets opened telling me I've won some sort of prize.

Below are the results from running GMER and DDS

Any help would be greatly appreciated.

GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-12 15:42:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHV2080AT_PL rev.000000A0
Running: i7dzgu79.exe; Driver: C:\DOCUME~1\OWNER~2.YOU\LOCALS~1\Temp\kgqyqpog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8631039B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8631039B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8631039B

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2080AT_PL____________________000000A0#5&13fc9bc8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


DDS:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 15:50:20.31 on Sun 12/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.514 [GMT -6:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.YOUR-CF50FBD8E0\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:43902
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266329261260
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~2.you\applic~1\mozilla\firefox\profiles\518o21je.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {43D5C503-5662-40F3-B9BC-5C3975EF0AEF} - c:\documents and settings\owner.your-cf50fbd8e0\local settings\application data\{43D5C503-5662-40F3-B9BC-5C3975EF0AEF}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Low Quality Flash: low_quality_flash@pie2k.com - %profile%\extensions\low_quality_flash@pie2k.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2010-2-15 200576]
S0 cbkywqjj;cbkywqjj;c:\windows\system32\drivers\gkbbiful.sys --> c:\windows\system32\drivers\gkbbiful.sys [?]
S0 nlbgys;nlbgys;c:\windows\system32\drivers\tvlme.sys --> c:\windows\system32\drivers\tvlme.sys [?]
S0 ydwjocoq;ydwjocoq;c:\windows\system32\drivers\cicms.sys --> c:\windows\system32\drivers\cicms.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-2-15 30192]

=============== Created Last 30 ================

2010-12-12 21:43:41 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7dd6647c-d409-4562-afed-b193d1a96711}\mpengine.dll
2010-12-12 02:53:26 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-12 02:19:09 -------- d-----w- c:\docume~1\owner~2.you\locals~1\applic~1\AskToolbar
2010-12-12 02:04:13 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-10 18:31:53 -------- d-----w- c:\program files\Ask.com
2010-12-10 18:31:35 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-12-10 18:29:57 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-12-09 15:29:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-09 15:28:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 15:05:20 3116 ----a-w- c:\windows\efevupoq.dll
2010-12-09 00:01:15 3116 ----a-w- c:\windows\exewuyana.dll
2010-12-08 23:12:40 3116 ----a-w- c:\windows\oqifapititefe.dll
2010-12-08 23:12:34 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-08 23:09:27 -------- d-----w- C:\90b294acef11d2538f
2010-12-06 00:15:44 -------- d-----w- C:\f8e818a7f4b1508f34
2010-12-06 00:06:08 -------- d-----w- C:\6238228700be1640fc4939
2010-12-06 00:05:12 3116 ----a-w- c:\windows\acagunewucobuh.dll
2010-12-05 03:28:12 3116 ----a-w- c:\windows\atikokupujaxa.dll
2010-12-05 03:08:45 3116 ----a-w- c:\windows\oladigipamepo.dll
2010-12-05 02:49:05 -------- d-----w- c:\docume~1\owner~2.you\locals~1\applic~1\{43D5C503-5662-40F3-B9BC-5C3975EF0AEF}
2010-11-12 23:45:52 -------- d-----w- C:\Temp

==================== Find3M ====================

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080AT_PL rev.000000A0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86310555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863167b0]; MOV EAX, [0x8631682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8631E590]
3 CLASSPNP[0xF7752FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000009f[0x863909E8]
5 ACPI[0xF7549620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8638F940]
\Driver\atapi[0x86340500] -> IRP_MJ_CREATE -> 0x86310555
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2080AT_PL____________________000000A0#5&13fc9bc8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8631039B
user & kernel MBR OK
copy of MBR has been found in sector 156280320
Warning: possible TDL3 rootkit infection !

============= FINISH: 15:52:30.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:28 PM

Posted 22 December 2010 - 04:39 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

cXfZ4wS.png


#3 grrArgh

grrArgh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 22 December 2010 - 04:57 PM

Thanks for getting back to me.

I ultimately ended up performing a "destructive restore" and reloading the OS from the recovery partition. I actually ended up doing it twice because I was still getting pop ups after I did it the first time (I guess it's possible I chose the non-destructive restore).

In any case, I can now connect to windows update and I believe the pop up issue has been resolved. Below are the latest log files, can you please take a look and let me know if any further action is required.

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/22/2010 1:34:34 AM
System Uptime: 12/22/2010 1:13:48 PM (1 hours ago)

Motherboard: Gateway | |
Processor: AMD Turion™ 64 Mobile Technology ML-40 | Socket 754 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 54.168 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 3.547 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/22/2010 1:34:39 AM - System Checkpoint
RP2: 12/22/2010 8:10:15 AM - Software Distribution Service 3.0
RP3: 12/22/2010 8:28:57 AM - Software Distribution Service 3.0
RP4: 12/22/2010 9:57:41 AM - Software Distribution Service 3.0
RP5: 12/22/2010 10:07:57 AM - Software Distribution Service 3.0
RP6: 12/22/2010 11:02:05 AM - Software Distribution Service 3.0
RP7: 12/22/2010 11:44:28 AM - Software Distribution Service 3.0
RP8: 12/22/2010 11:57:59 AM - Software Distribution Service 3.0
RP9: 12/22/2010 1:18:00 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Reader 7.0
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Broadcom 802.11 Network Adapter
Browser Address Error Redirector
Conexant AC-Link Audio
Diner Dash
DVD Solution
FATE
Gateway Game Console
Google Desktop
Google Toolbar for Internet Explorer
gtw_logo
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Napster
Napster Burn Engine
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Recovery Software Suite Gateway
SCRABBLE
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Tradewinds
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB914548
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

12/22/2010 9:13:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
12/22/2010 9:05:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB975713).
12/22/2010 8:34:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB920213).
12/22/2010 1:16:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/22/2010 1:16:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: YOUR-C633F2255B\Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/22/2010 1:16:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: YOUR-C633F2255B\Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/22/2010 1:16:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: YOUR-C633F2255B\Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/22/2010 1:16:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: YOUR-C633F2255B\Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

==== End Of File ===========================


dds.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 14:01:51.98 on Wed 12/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.524 [GMT -6:00]

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\129300~1\EE\AOLHOS~1.EXE
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\COMMON~1\AOL\129300~1\EE\AOLServiceHost.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.YOUR-C633F2255B\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
uStart Page = hxxp://www.google.com/
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HostManager] c:\program files\common files\aol\1293000721\ee\AOLHostManager.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2010-12-22 200576]

=============== Created Last 30 ================

2010-12-22 19:43:29 -------- d-----w- c:\docume~1\owner~1.you\applic~1\Malwarebytes
2010-12-22 19:43:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 19:43:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 19:43:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 19:43:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-22 19:18:13 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{edae1b0c-d8eb-46ba-9e5b-558ccddf2976}\mpengine.dll
2010-12-22 19:18:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-22 19:15:42 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-22 17:57:18 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-22 17:56:49 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-22 17:56:02 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-22 17:56:02 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-12-22 17:56:02 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-22 17:55:35 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-22 17:20:48 -------- d-----w- c:\windows\system32\scripting
2010-12-22 17:20:48 -------- d-----w- c:\windows\l2schemas
2010-12-22 17:20:47 -------- d-----w- c:\windows\system32\en
2010-12-22 17:20:47 -------- d-----w- c:\windows\system32\bits
2010-12-22 17:13:41 -------- d-----w- c:\windows\network diagnostic
2010-12-22 16:19:31 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-22 16:19:01 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-22 16:18:50 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-22 16:18:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-22 16:18:50 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-22 16:18:50 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-22 16:18:50 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-22 16:18:50 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-22 16:18:49 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-22 16:18:49 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-22 16:18:49 -------- d-----w- C:\874eb61c46acbc86d7a0ccdf7a86929a
2010-12-22 16:15:19 69120 ------w- c:\windows\system32\wlanapi.dll
2010-12-22 16:15:08 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-12-22 16:15:08 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-12-22 16:15:08 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-12-22 16:15:08 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-12-22 16:15:08 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-12-22 16:15:08 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-12-22 16:15:07 14208 ------w- c:\windows\system32\drivers\wacompen.sys
2010-12-22 16:15:05 28672 ------w- c:\windows\system32\vidcap.ax
2010-12-22 16:15:04 11325 ------w- c:\windows\system32\drivers\vchnt5.dll
2010-12-22 16:15:01 121984 ------w- c:\windows\system32\drivers\usbvideo.sys
2010-12-22 16:13:59 397056 ------w- c:\windows\system32\s3gnb.dll
2010-12-22 16:12:53 76800 ------w- c:\windows\system32\msshavmsg.dll
2010-12-22 16:12:53 155136 ------w- c:\windows\system32\mssha.dll
2010-12-22 16:11:53 33792 ------w- c:\windows\system32\mmcperf.exe
2010-12-22 16:11:52 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2010-12-22 16:11:51 397312 ------w- c:\windows\system32\mmcex.dll
2010-12-22 16:11:51 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2010-12-22 16:11:36 -------- d-----w- c:\program files\MSXML 6.0
2010-12-22 16:11:09 37376 ------w- c:\windows\system32\l2gpstore.dll
2010-12-22 16:11:07 61440 ------w- c:\windows\system32\kmsvc.dll
2010-12-22 16:11:05 6144 ------w- c:\windows\system32\kbdpash.dll
2010-12-22 16:11:05 6144 ------w- c:\windows\system32\kbdnepr.dll
2010-12-22 16:11:05 6144 ------w- c:\windows\system32\kbdiultn.dll
2010-12-22 16:11:04 6144 ------w- c:\windows\system32\kbdbhc.dll
2010-12-22 16:10:28 10752 ------w- c:\windows\system32\smtpapi.dll
2010-12-22 16:10:25 9728 ------w- c:\windows\system32\rwnh.dll
2010-12-22 16:10:13 9728 ------w- c:\windows\system32\comsdupd.exe
2010-12-22 16:10:02 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-12-22 16:10:01 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-12-22 16:10:01 32285 ------w- c:\windows\system32\hsfcisp2.dll
2010-12-22 16:10:01 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-12-22 16:08:45 15423 ------w- c:\windows\system32\drivers\ch7xxnt5.dll
2010-12-22 16:07:57 136192 ------w- c:\windows\system32\aaclient.dll
2010-12-22 15:40:55 -------- d-sh--w- c:\documents and settings\owner.your-c633f2255b\PrivacIE
2010-12-22 15:35:07 -------- d-----w- c:\docume~1\owner~1.you\applic~1\McAfee.com Personal Firewall
2010-12-22 15:32:51 -------- d-sh--w- c:\documents and settings\owner.your-c633f2255b\IETldCache
2010-12-22 15:09:24 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2010-12-22 15:02:55 -------- d-----w- c:\program files\MSXML 4.0
2010-12-22 14:59:39 -------- d-----w- c:\windows\ie8updates
2010-12-22 14:59:27 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-22 14:59:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-22 14:59:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-22 14:59:27 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-22 14:59:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-22 14:59:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-22 14:59:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-22 14:57:30 -------- dc-h--w- c:\windows\ie8
2010-12-22 14:42:49 -------- d-----w- c:\windows\ServicePackFiles
2010-12-22 14:28:32 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-22 14:26:07 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-12-22 14:26:02 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-12-22 14:25:48 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-12-22 14:24:46 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-12-22 14:24:46 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-12-22 14:24:33 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-12-22 14:22:34 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-12-22 14:21:41 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-12-22 14:19:20 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-12-22 14:19:16 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-12-22 14:19:12 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-12-22 14:18:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-12-22 14:18:23 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-12-22 14:18:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-12-22 14:10:57 -------- d-----w- c:\windows\system32\PreInstall
2010-12-22 14:08:00 -------- d-sh--w- c:\documents and settings\owner.your-c633f2255b\UserData
2010-12-22 14:07:48 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-12-22 07:12:34 -------- d-----w- c:\program files\McAfee
2010-12-22 07:12:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall
2010-12-22 07:11:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com
2010-12-22 07:06:46 23552 ----a-w- c:\windows\system32\jesterss.dll
2010-12-22 07:06:45 1239209 ----a-w- c:\windows\system32\gtw_logo.scr
2010-12-22 07:06:45 -------- d-----w- c:\program files\gtw_logo
2010-12-22 07:02:28 230912 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2010-12-22 07:02:28 -------- d-----w- c:\windows\oemdrvrs
2010-12-22 06:57:39 -------- d-----w- c:\windows\tiinst
2010-12-22 06:56:36 -------- d-----w- c:\program files\ATI Technologies
2010-12-22 06:56:24 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2010-12-22 06:52:59 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-12-22 06:51:59 -------- d-----w- c:\program files\common files\aolshare
2010-12-22 06:50:30 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-12-22 06:50:23 89088 ----a-r- c:\windows\system32\atl71.dll
2010-12-22 06:50:23 57344 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-12-22 06:48:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\WildTangent
2010-12-22 06:48:04 -------- d-----w- c:\windows\wt
2010-12-22 06:48:02 -------- d-----w- c:\program files\WildTangent
2010-12-22 06:47:52 -------- d-----w- c:\program files\Gateway Games
2010-12-22 06:47:19 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-12-22 06:46:17 90202 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-12-22 06:46:17 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-12-22 06:46:17 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-12-22 06:46:17 185824 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-12-22 06:46:16 77917 ----a-w- c:\windows\system32\SynCOM.dll
2010-12-22 06:46:16 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-12-22 06:46:16 -------- d-----w- c:\program files\Synaptics
2010-12-22 06:46:13 94208 ----a-w- c:\windows\system32\bae.dll
2010-12-22 06:46:04 13352 ----a-w- c:\windows\BigFixClientOverride.dll
2010-12-22 06:46:03 -------- d-----w- c:\program files\BigFix
2010-12-22 06:45:53 25840 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2010-12-22 06:45:53 24816 ----a-w- c:\windows\system32\mdimon.dll
2010-12-22 06:45:27 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-12-22 06:45:03 -------- d-----w- c:\windows\SHELLNEW
2010-12-22 06:43:01 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-12-22 06:43:01 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-12-22 06:43:01 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2010-12-22 06:43:01 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-12-22 06:42:57 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-12-22 06:33:52 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-12-22 06:33:51 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-12-22 06:33:49 20480 ----a-w- c:\windows\system32\Marker32.exe
2010-12-22 06:30:39 -------- d-----w- c:\program files\CONEXANT
2010-12-22 06:30:32 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-12-22 06:20:49 -------- d-----w- c:\windows\creator
2010-12-22 06:19:14 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-12-22 06:19:14 295168 ----a-w- c:\windows\system32\drivers\rtl8185.sys
2010-12-22 06:19:14 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-12-22 06:19:13 703616 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-12-22 06:19:13 42858 ----a-w- c:\windows\system32\hsfci014.dll
2010-12-22 06:19:13 200576 ----a-w- c:\windows\system32\drivers\HSFHWATI.sys
2010-12-22 06:19:13 1038208 ----a-w- c:\windows\system32\drivers\HSF_DPV.sys
2010-12-22 06:19:12 -------- d-----w- c:\windows\SMINST
2010-12-22 06:19:06 -------- d-----w- c:\windows\I386
2010-12-22 06:17:59 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2010-12-22 06:16:58 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2010-12-22 06:15:56 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2010-12-22 01:31:57 -------- d-----w- C:\My Backup -- 10-12-21 0631PM

==================== Find3M ====================

2010-12-22 06:52:56 24576 ----a-w- c:\windows\system32\prefscpl.cpl
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 14:03:00.26 ===============

gmer.log
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-22 15:33:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080AT_PL rev.000000A0
Running: i7dzgu79.exe; Driver: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\fwnoapob.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6F31EBF]
? C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\TMP000062F12B2D61A86B26221A 524288 bytes

---- EOF - GMER 1.0.15 ----



Thanks again for all your help.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 AM

Posted 22 December 2010 - 08:19 PM

Hello grrArgh

Welcome to BleepingComputer :)
========================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==========
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 grrArgh

grrArgh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 23 December 2010 - 12:40 AM

The malwarebytes log is below. I didn't get an "Export to text file" option when the ESET scan finished. However, it said there were 0 infected files and 0 cleaned files. I took a screen shot and can upload that if necessary.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5380

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/22/2010 8:29:11 PM
mbam-log-2010-12-22 (20-29-11).txt

Scan type: Quick scan
Objects scanned: 143146
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 AM

Posted 23 December 2010 - 07:04 AM

That is fine it wasn't an option because no threats were found.

Please go here > http://get.adobe.com/reader/ and download and install the latest version of adobe reader.
It will uninstall the older version in the process.


===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
======================Clear out infected System Restore points======================
Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.


After that your all set.


===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...



===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware
superantispyware

===Free antivirus links===

This is antivirus and antispyware.
Microsoft Security Essentials
This is free antispyware protection and Antivirus protection.
AVG free
This is just antivirus protection.
Antivir
This is antivirus and antispyware protection.
Avast
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 grrArgh

grrArgh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 23 December 2010 - 09:51 AM

Thanks again for all your help!

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 AM

Posted 23 December 2010 - 10:46 AM

You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users