Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HDD rescue removal


  • This topic is locked This topic is locked
11 replies to this topic

#1 nzrebel

nzrebel

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 13 December 2010 - 06:41 PM

Got an infection of HDD rescue yesterday, all the messages seen in your "Virus removal" description of HDD rescue were present, too many to list. I followed the removel procedure in your removal section, downloaded Rkill and ran it, downloaded pro version of Malwarebytes and ran it. Malwarebytes found 11 infections and all were removed. Rebooted and HDD rescue was still there, minor messages at first then full blown again. Rebooted to safe mode, reran rkill and Malwarebytes. Malwarebytes found nothing this time.

Followed your instructions "preparations for posting and ran DDS and GMER. Here are the logs for these. They were a real effort to get around HDD Rescue and copy them here. It seems to be getting worse.

Thanks for being here. I'm a total noob.

First, here's the log for Malwarebytes, followed by the other three

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5301

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/12/2010 9:23:51 PM
mbam-log-2010-12-12 (21-23-51).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 395176
Time elapsed: 2 hour(s), 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvrWsc (Trojan.Oficla) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectX\MSA (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectX\MSB (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVRWSC (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\117948593 (Trojan.SCTool.Gen) -> Value: 117948593 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\svrwsc.exe (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\AE0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP509\A0083530.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sruitiqd.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\temp\117948593.exe (Trojan.SCTool.Gen) -> Quarantined and deleted successfully.



DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 12:09:07.14 on Mon 12/13/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.107 [GMT -5:00]

AV: Verizon Internet Security Suite Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Verizon\VSP\ServicepointService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\1161884756\ee\AOLSoftware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1161884756\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\bnxmGmWGqq.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\EAD1B.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\1691906.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.stuff.co.nz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO:  - No File
BHO: @B8E7B-F9F5-4846-97E9-9B5FA4A68E26} - No File
BHO: 8@BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
BHO: orer - No File
BHO: rsion - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
BHO: è@J - No File
BHO: ˆ@3C7B7-FF09-4919-ABAD-01CC1D7FCB6F} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SRS WOW HD for ViewSonic] "c:\program files\srs labs\wow hd for viewsonic\SRSViewSonic_Win32.exe" /hideme
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [bnxmGmWGqq.exe] c:\docume~1\hp_adm~1\locals~1\temp\bnxmGmWGqq.exe
uRun: [1691906] c:\docume~1\hp_adm~1\locals~1\temp\1691906.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HostManager] c:\program files\common files\aol\1161884756\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\katie\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: trymedia.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151453590859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://70.91.79.226:8888/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\iqibz24u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.stuff.co.nz/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\iqibz24u.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\iqibz24u.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: English (Australian) Dictionary: en-AU@dictionaries.addons.mozilla.org - %profile%\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Ext: United States English Dictionary: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {00BC7D72-DC5E-4AFA-8BF5-5335E6AC791A} - c:\documents and settings\hp_administrator\local settings\application data\{00BC7D72-DC5E-4AFA-8BF5-5335E6AC791A}
FF - Ext: My.Freeze.com NetAssistant: {03ED094E-6546-4294-96BD-7714E87DA888} - c:\documents and settings\hp_administrator\application data\My.Freeze.com NetAssistant

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2008-11-29 112144]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-11-29 196368]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-30 363344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-12-10 689392]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-7 1247600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-30 20952]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-3-7 468768]
S2 gupdate1c9c76fd0338c4a;Google Update Service (gupdate1c9c76fd0338c4a);c:\program files\google\update\GoogleUpdate.exe [2009-4-27 133104]
S3 CIF USB CAMERA Service;CIF USB CAMERA;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\pfc027.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;c:\windows\system32\drivers\SRS_ViewSonic_i386.sys [2008-7-26 39296]

=============== Created Last 30 ================

2010-12-10 16:44:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2010-12-08 01:44:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-12-07 20:35:55 -------- d-----w- c:\windows\hpoj6500e709
2010-12-07 20:35:02 314880 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp082.dll
2010-12-07 20:35:02 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2010-12-07 20:34:42 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2010-12-07 20:34:42 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2010-12-07 20:34:42 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-12-07 20:34:42 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-12-07 20:34:42 294912 ----a-r- c:\windows\system32\hpovst11.dll
2010-11-22 20:57:19 -------- d-----w- c:\program files\Bonjour
2010-11-22 20:45:25 -------- d-----w- c:\program files\My RingTone Maker

==================== Find3M ====================

2010-11-09 18:29:33 19657194 ----a-w- c:\docume~1\alluse~1\applic~1\vlc-1.1.4-win32.exe
2010-10-15 20:25:37 0 ----a-w- c:\windows\Xqayaheqime.bin
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll

============= FINISH: 12:11:31.53 ===============


DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2006 11:35:39 PM
System Uptime: 12/13/2010 8:57:13 AM (4 hours ago)

Motherboard: MSI | | AMETHYST-M
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | Socket 939 | 984/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 68.783 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.461 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP479: 9/13/2010 12:52:21 AM - System Checkpoint
RP480: 9/14/2010 6:07:06 AM - System Checkpoint
RP481: 9/15/2010 1:37:18 PM - System Checkpoint
RP482: 9/16/2010 3:00:48 AM - Software Distribution Service 3.0
RP483: 9/17/2010 9:33:19 AM - System Checkpoint
RP484: 9/18/2010 3:57:24 PM - System Checkpoint
RP485: 9/19/2010 8:13:17 PM - System Checkpoint
RP486: 9/21/2010 3:50:40 AM - System Checkpoint
RP487: 9/22/2010 9:51:22 AM - System Checkpoint
RP488: 9/23/2010 6:47:19 PM - System Checkpoint
RP489: 9/25/2010 12:36:59 AM - System Checkpoint
RP490: 9/26/2010 10:09:27 AM - System Checkpoint
RP491: 9/27/2010 12:36:44 PM - System Checkpoint
RP492: 9/28/2010 7:30:03 PM - System Checkpoint
RP493: 9/30/2010 12:39:40 AM - System Checkpoint
RP494: 9/30/2010 3:00:23 AM - Software Distribution Service 3.0
RP495: 10/1/2010 6:36:59 AM - System Checkpoint
RP496: 10/2/2010 1:03:19 PM - System Checkpoint
RP497: 10/3/2010 7:43:36 PM - System Checkpoint
RP498: 10/4/2010 8:19:08 PM - System Checkpoint
RP499: 10/6/2010 5:00:05 AM - System Checkpoint
RP500: 10/7/2010 3:02:05 AM - Software Distribution Service 3.0
RP501: 10/8/2010 3:00:50 AM - Software Distribution Service 3.0
RP502: 10/9/2010 5:47:00 AM - System Checkpoint
RP503: 10/10/2010 11:38:13 AM - System Checkpoint
RP504: 10/11/2010 1:11:01 PM - System Checkpoint
RP505: 10/12/2010 3:46:44 PM - System Checkpoint
RP506: 10/13/2010 8:13:05 PM - System Checkpoint
RP507: 10/14/2010 3:00:42 AM - Software Distribution Service 3.0
RP508: 10/15/2010 9:36:12 AM - System Checkpoint
RP509: 10/16/2010 5:53:41 PM - System Checkpoint
RP510: 10/19/2010 9:27:21 PM - System Checkpoint
RP511: 10/21/2010 12:29:36 AM - System Checkpoint
RP512: 10/22/2010 6:06:40 AM - System Checkpoint
RP513: 10/23/2010 12:06:45 PM - System Checkpoint
RP514: 10/24/2010 6:19:50 PM - Installed The Sims 3
RP515: 10/25/2010 3:00:27 AM - Software Distribution Service 3.0
RP516: 10/26/2010 10:06:56 AM - System Checkpoint
RP517: 10/27/2010 4:06:57 PM - System Checkpoint
RP518: 10/28/2010 10:04:28 PM - System Checkpoint
RP519: 10/30/2010 9:04:01 AM - System Checkpoint
RP520: 11/3/2010 3:37:31 PM - System Checkpoint
RP521: 11/5/2010 1:19:53 AM - System Checkpoint
RP522: 11/6/2010 7:44:24 AM - System Checkpoint
RP523: 11/7/2010 12:38:24 PM - System Checkpoint
RP524: 11/10/2010 3:00:37 AM - Software Distribution Service 3.0
RP525: 11/11/2010 7:18:48 PM - System Checkpoint
RP526: 11/13/2010 12:35:59 AM - System Checkpoint
RP527: 11/15/2010 3:45:22 AM - System Checkpoint
RP528: 11/16/2010 12:23:49 PM - System Checkpoint
RP529: 11/17/2010 2:47:47 PM - System Checkpoint
RP530: 11/19/2010 6:07:15 AM - System Checkpoint
RP531: 11/20/2010 3:10:12 PM - System Checkpoint
RP532: 11/21/2010 11:10:57 PM - System Checkpoint
RP533: 11/22/2010 4:02:11 PM - Installed iTunes
RP534: 11/23/2010 9:54:51 PM - System Checkpoint
RP535: 11/25/2010 3:54:48 AM - System Checkpoint
RP536: 11/26/2010 9:54:45 AM - System Checkpoint
RP537: 11/27/2010 3:54:45 PM - System Checkpoint
RP538: 11/29/2010 9:06:46 AM - System Checkpoint
RP539: 11/30/2010 2:07:24 PM - System Checkpoint
RP540: 12/1/2010 2:22:15 PM - System Checkpoint
RP541: 12/2/2010 9:32:50 PM - System Checkpoint
RP542: 12/4/2010 1:45:46 AM - System Checkpoint
RP543: 12/5/2010 7:33:44 AM - System Checkpoint
RP544: 12/6/2010 6:04:43 PM - System Checkpoint
RP545: 12/7/2010 3:43:28 PM - Printer Driver HP Officejet 6500 E709a Series fax Installed
RP546: 12/8/2010 9:17:27 PM - System Checkpoint
RP547: 12/10/2010 10:44:51 AM - System Checkpoint
RP548: 12/11/2010 12:05:11 PM - System Checkpoint
RP549: 12/13/2010 9:13:20 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
6300
6300_Help
6300Trb
6500_E709_eDocs
6500_E709_Help
6500_E709a
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AOL Instant Messenger
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
BN eReader
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
BurnAware Free 2.4.2
CameraDrivers
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon EOS 5D WIA Driver
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Cheetah DVD Burner
Compatibility Pack for the 2007 Office system
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Customer Experience Enhancement
Definition update for Microsoft Office 2010 (KB982726)
Destination Component
DeviceDiscovery
DeviceFunctionQFolder
DeviceManagementQFolder
DISCover
DocMgr
DocProc
DocumentViewer
DocumentViewerQFolder
Download Updater (AOL LLC)
DraftDominator Version 11.0e
EA Download Manager
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax
Fax_CDA
ffdshow [rev 3128] [2009-11-08]
GdiplusUpgrade
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.5.0.457
GPBaseService2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 12.0
HP Deskjet Printer Preload
HP Document Manager 2.0
HP Document Viewer 5.3
HP DVD Play 1.0
HP Game Console and games
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HP Web Helper
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
HydraIRC
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
Jasc Animation Shop 3
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
LightScribe 1.4.62.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer unPlugged 1.2
My.Freeze.com NetAssistant
My.Freeze.com NetAssistant for Firefox
Network
NewCopy
NewCopy_CDA
NOOKstudy
OCR Software by I.R.I.S. 12.0
OptionalContentQFolder
PanoStandAlone
PC-Doctor 5 for Windows
PerfectDisk
PokerStars
ProductContext
ProductContextNPI
PS2
PSPrinters08
PSTAPlugin
Pure Networks Port Magic
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quick View Plus
Quicken 2006
QuickTime
Readme
RealPlayer
Rhapsody Player Engine
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS Backup
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Safari
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shooting Stars Pool from HP Media Center (remove only)
Shop for HP Supplies
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware Professional
Symantec KB-DocID:2003093015493306
The Sims 2
The Sims 2 Open For Business
The Sims™ 3
Toolbox
TrayApp
TV Player Pro v0.7
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Veetle TV 0.9.18
Verizon Internet Security Suite
Verizon Online Help and Support
Verizon Servicepoint 3.5.18
Viewpoint Media Player
VLC media player 0.9.2
Vuze
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Family Pack 4

==== Event Viewer Messages From Past Week ========

12/9/2010 4:08:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/9/2010 4:08:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/9/2010 4:00:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eeCtrl Fips ftsata2 IPSec KL1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL StarOpen Tcpip
12/9/2010 4:00:10 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2010 4:00:10 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2010 4:00:10 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2010 4:00:10 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2010 4:00:10 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2010 4:00:10 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/7/2010 3:28:02 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1.
12/7/2010 3:27:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
12/7/2010 3:13:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
12/7/2010 3:13:54 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
12/7/2010 3:13:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Security Center Service service to connect.
12/12/2010 9:28:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde ViaIde
12/12/2010 12:22:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 eeCtrl Fips ftsata2 KL1 KLIF SASDIFSV SASKUTIL StarOpen

==== End Of File ===========================





GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-13 17:32:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500JS-60NCB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xF0BA72A0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xF0BA534E]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xF0BA6FD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xF0BA7140]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xF0BA7E10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF0BA78AE]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xF0BA87D0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xF0BA7450]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xF0BA4EA0]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xF71F2030]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xF0BA6DC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xF0BA7C3E]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF0BA8436]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xF0BA5930]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xF0BA8740]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xF0BA8B00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xF0BA90C0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xF0BA3AF0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xF0BA7A90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xF0BA86F0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xF0BA51B0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF0D010B0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xF0BA7310]

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP F0BA9520 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP F0BA9A20 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[768] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 025117C0 C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\TMGlpRhxXq.dll (FLR/FLR)
.text C:\WINDOWS\Explorer.EXE[768] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 02511A10 C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\TMGlpRhxXq.dll (FLR/FLR)
.text C:\WINDOWS\Explorer.EXE[768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02511C10 C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\TMGlpRhxXq.dll (FLR/FLR)
.text C:\WINDOWS\Explorer.EXE[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02511F00 C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\TMGlpRhxXq.dll (FLR/FLR)
.text C:\WINDOWS\Explorer.EXE[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02511D60 C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\TMGlpRhxXq.dll (FLR/FLR)
.text C:\WINDOWS\Explorer.EXE[768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02511C70 C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\TMGlpRhxXq.dll (FLR/FLR)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3740] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib@ {29D67D3C-509A-4544-903F-C8C1B8236554}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib@Version 1.0

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:45 PM

Posted 22 December 2010 - 09:54 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 nzrebel

nzrebel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 22 December 2010 - 10:53 PM

Thanks Mole, I'm here.

In the time that has passed Malwarebytes found some stuff it didn't like and it was quarantined and deleted (this happened on it's first scan after I wrote this forum). I haven't had problems since then, but I'm worried it still might be buried in there somewhere. Let me know what you want to look at

Thanks

Dave

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:45 PM

Posted 23 December 2010 - 05:08 AM

Please open MBAM, click the Logs tab and copy and paste the contents of the logs that show what it found and removed.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:45 PM

Posted 26 December 2010 - 09:42 PM

Hi,

I have not had a reply from you for 4 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 nzrebel

nzrebel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 27 December 2010 - 09:15 AM

Sorry m0le, xmas got in the way.

Here are the two logs that detected malware at the time of my problems. The problem re-emerged after the first scan. I did a second scan in safe mode immediately but nothing was detected (log not posted). The second posted log from an auto scan 2 days later seemed to take care of the problem.

Thanks again for your help. My question would be has it gone now, or will it possibly re-emerge again?

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5301

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/12/2010 9:23:51 PM
mbam-log-2010-12-12 (21-23-51).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 395176
Time elapsed: 2 hour(s), 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvrWsc (Trojan.Oficla) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectX\MSA (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectX\MSB (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVRWSC (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\117948593 (Trojan.SCTool.Gen) -> Value: 117948593 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\svrwsc.exe (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\AE0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP509\A0083530.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sruitiqd.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\local settings\temp\117948593.exe (Trojan.SCTool.Gen) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5309

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/14/2010 12:16:48 AM
mbam-log-2010-12-14 (00-16-48).txt

Scan type: Quick scan
Objects scanned: 233585
Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bnxmGmWGqq.exe (Trojan.Agent) -> Value: bnxmGmWGqq.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1691906 (Rogue.HDDScan) -> Value: 1691906 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\HP_Administrator\Local Settings\temp\tmglprhxxq.dll (Trojan.Crypt) -> Delete on reboot.
c:\Documents and Settings\HP_Administrator\Local Settings\temp\bnxmgmwgqq.exe (Trojan.Agent) -> Delete on reboot.
c:\Documents and Settings\HP_Administrator\Local Settings\temp\1691906.exe (Rogue.HDDScan) -> Delete on reboot.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:45 PM

Posted 27 December 2010 - 06:37 PM

Thought Christmas might have been the reason. :)

There doesn't look to be anything that MBAM won't eventually remove completely.

I would like to see a new MBAM scan please. It would be interesting to see what there is on the log now.
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:45 PM

Posted 29 December 2010 - 09:04 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 nzrebel

nzrebel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 29 December 2010 - 10:39 PM

Hi mOle

Thanks for your patience, and your help.

Here is the latest log from last night. I am running daily quick scans and weekly full scans. This is a full scan.

Everything looks good, or at least nothing has been detected. If you think I'm good to go, then thanks for your help and I'll make sure to donate to the cause.

Dave

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5406

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/28/2010 5:04:27 PM
mbam-log-2010-12-28 (17-04-27).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 397708
Time elapsed: 2 hour(s), 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:45 PM

Posted 30 December 2010 - 06:06 AM

It looks like MBAM has worked its way through the malware here. If you haven't experienced anything further then we're probably done here. One more scan, looking for bits and pieces, and we can complete this fix.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:45 PM

Posted 02 January 2011 - 05:14 AM

nzrebel, are you still there?
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:45 PM

Posted 03 January 2011 - 08:46 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users