Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan worm (I think)


  • This topic is locked This topic is locked
2 replies to this topic

#1 olberto

olberto

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 January 2011 - 12:26 AM

Thank you for your help. Below are the DDS and GMER logs as requested. Unfortunately the ark.txt file is 1.8mb and therefore too large to attach. The attach.txt file is attached. Please let me know if you need any further information.
Most sincerely,
Olberto

=======
DDS.txt
=======



DDS (Ver_10-12-12.02) - NTFSx86
Run by Robert at 19:32:24.89 on Wed 01/12/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2014.654 [GMT -4.5:30]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\iiii\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
D:\iiii\Desktop New\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.google.com/
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\users\robert\desktop\install\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\users\robert\desktop\install\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [JP595IR86O] c:\users\robert\appdata\local\temp\Shl.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast5] "c:\program files\avast5\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\users\robert\desktop\install\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\users\robert\appdata\roaming\mozilla\firefox\profiles\nrvz6jq7.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\robert\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-11-2 208896]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-6 293968]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-18 13744]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-6 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2011-1-6 40384]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-7-10 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-20 21504]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-1-6 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-1-6 11104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-22 24652]

=============== Created Last 30 ================

2011-01-12 19:39:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-12 19:39:30 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-12 19:35:58 -------- d-----w- c:\program files\SpywareBlaster
2011-01-12 09:02:18 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 09:02:18 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 09:02:17 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 09:02:17 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 09:02:17 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 09:02:17 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 09:02:10 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-11 06:11:01 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{364e93db-d33d-4fa2-b7c8-ac28535c27f9}\mpengine.dll
2011-01-10 23:50:30 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-10 23:50:08 -------- d-----w- c:\program files\Lavasoft
2011-01-08 18:34:21 -------- d-----w- c:\program files\Audacity
2011-01-08 12:36:09 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-08 12:36:09 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-07 21:43:01 -------- d-----w- c:\users\robert\appdata\roaming\Sony Creative Software
2011-01-07 01:27:29 -------- d-----w- c:\program files\NCH Software
2011-01-07 01:27:23 -------- d-----w- c:\users\robert\appdata\roaming\NCH Software
2011-01-07 00:17:41 -------- d-----w- c:\users\robert\appdata\roaming\Acapela Group
2011-01-07 00:17:36 -------- d-----w- c:\users\robert\appdata\local\Xtranormal
2011-01-07 00:15:55 -------- d-----w- c:\program files\Xtranormal
2011-01-07 00:14:30 -------- d-----w- c:\users\robert\appdata\roaming\Xtranormal
2011-01-07 00:05:10 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-07 00:05:01 38848 ----a-w- c:\windows\avastSS.scr
2011-01-07 00:04:56 -------- d-----w- c:\program files\Avast5
2011-01-06 22:58:35 725064 ----a-w- c:\windows\system32\pwNative.exe
2011-01-06 22:58:34 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-01-06 22:58:08 11104 ------w- c:\windows\system32\pwdspio.sys
2011-01-06 13:12:58 -------- d-----w- c:\users\robert\appdata\local\Sony
2011-01-06 12:16:26 -------- d-----w- c:\users\robert\appdata\local\Apple Computer
2011-01-06 12:14:36 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-06 12:12:56 -------- d-----w- c:\users\robert\appdata\local\Apple
2011-01-06 12:06:25 -------- d-----w- c:\users\robert\appdata\local\Research In Motion
2011-01-06 12:06:23 -------- d-----w- c:\users\robert\appdata\roaming\Research In Motion
2011-01-06 12:04:39 27136 ------w- c:\windows\system32\drivers\RimSerial.sys
2011-01-06 12:03:59 -------- d-----w- c:\progra~2\Research In Motion
2011-01-06 12:03:43 -------- d-----w- c:\program files\Research In Motion
2011-01-06 12:03:43 -------- d-----w- c:\program files\common files\Research In Motion
2011-01-06 03:26:22 2691584 ------w- c:\program files\mozilla firefox\sony.vegas.pro.v10.0b.build.467.x86.keygen-patch-di\Keygen.exe
2011-01-06 03:26:22 200277800 ------w- c:\program files\mozilla firefox\sony.vegas.pro.v10.0b.build.467.x86.keygen-patch-di\vegaspro100b_32bit.exe
2011-01-06 02:51:15 -------- d-----r- c:\program files\Skype
2011-01-06 01:50:11 168448 ------w- c:\windows\system32\unrar.dll
2011-01-06 01:50:09 839680 ------w- c:\windows\system32\lameACM.acm
2011-01-06 01:50:08 795648 ------w- c:\windows\system32\xvidcore.dll
2011-01-06 01:50:08 217088 ------w- c:\windows\system32\yv12vfw.dll
2011-01-06 01:50:08 118784 ------w- c:\windows\system32\ac3acm.acm
2011-01-06 01:50:07 86016 ------w- c:\windows\system32\dpl100.dll
2011-01-06 01:50:07 3596288 ------w- c:\windows\system32\qt-dx331.dll
2011-01-06 01:50:07 130048 ------w- c:\windows\system32\xvidvfw.dll
2011-01-06 01:50:06 684032 ------w- c:\windows\system32\divx.dll
2011-01-06 01:50:04 67584 ------w- c:\windows\system32\ff_vfw.dll
2011-01-06 01:50:02 60273 ------w- c:\windows\system32\pthreadGC2.dll
2011-01-06 01:50:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-01-05 21:43:32 -------- d-----w- c:\progra~2\Macrium
2011-01-05 20:31:09 -------- d-----w- c:\program files\Windows Portable Devices
2011-01-05 20:28:42 81920 ------w- c:\windows\system32\wpdbusenum.dll
2011-01-05 20:27:08 4096 ------w- c:\windows\system32\oleaccrc.dll
2011-01-05 20:27:07 555520 ------w- c:\windows\system32\UIAutomationCore.dll
2011-01-05 20:27:07 234496 ------w- c:\windows\system32\oleacc.dll
2011-01-05 20:05:16 231424 ------w- c:\windows\system32\msshsq.dll
2011-01-05 19:54:34 719832 ------w- c:\program files\mozilla firefox\mozcpp19.dll
2011-01-05 19:54:34 16856 ------w- c:\program files\mozilla firefox\plugin-container.exe
2011-01-05 19:09:50 -------- d-----w- c:\windows\system32\eu-ES
2011-01-05 19:09:50 -------- d-----w- c:\windows\system32\ca-ES
2011-01-05 19:09:49 -------- d-----w- c:\windows\system32\vi-VN
2011-01-05 18:58:10 -------- d-----w- c:\windows\system32\SPReview
2011-01-05 18:41:35 928768 ------w- c:\windows\system32\scavenge.dll
2011-01-05 18:41:27 57856 ------w- c:\windows\system32\compcln.exe
2011-01-05 18:39:59 876032 ------w- c:\windows\system32\wer.dll
2011-01-05 18:38:18 -------- d-----w- c:\windows\system32\EventProviders
2011-01-05 17:15:06 -------- d-----w- c:\users\robert\appdata\roaming\Tor
2011-01-05 17:15:00 -------- d-----w- c:\program files\Vidalia Bundle
2011-01-05 17:14:54 125952 ------w- c:\windows\system32\srvsvc.dll
2011-01-05 17:14:53 304128 ------w- c:\windows\system32\drivers\srv.sys
2011-01-05 17:14:53 17920 ------w- c:\windows\system32\netevent.dll
2011-01-05 17:14:53 145408 ------w- c:\windows\system32\drivers\srv2.sys
2011-01-05 17:14:53 102400 ------w- c:\windows\system32\drivers\srvnet.sys
2011-01-05 17:14:21 377344 ------w- c:\windows\system32\winhttp.dll
2011-01-05 17:14:19 7680 ------w- c:\program files\internet explorer\iecompat.dll
2011-01-05 17:14:18 420352 ------w- c:\windows\system32\vbscript.dll
2011-01-05 16:44:36 -------- d-----w- c:\program files\CCleaner
2011-01-05 14:53:37 -------- d-----w- c:\program files\Defraggler
2011-01-05 13:19:03 -------- d-----w- c:\progra~2\Alwil Software
2011-01-05 12:48:57 99176 ------w- c:\windows\system32\PresentationHostProxy.dll
2011-01-05 12:48:57 49472 ------w- c:\windows\system32\netfxperf.dll
2011-01-05 12:48:57 297808 ------w- c:\windows\system32\mscoree.dll
2011-01-05 12:48:57 295264 ------w- c:\windows\system32\PresentationHost.exe
2011-01-05 12:48:57 1130824 ------w- c:\windows\system32\dfshim.dll
2011-01-05 02:48:34 18904 ------w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-01-05 02:04:44 24064 ------w- c:\windows\system32\nshhttp.dll
2011-01-05 02:04:43 411648 ------w- c:\windows\system32\drivers\http.sys
2011-01-05 02:04:43 30720 ------w- c:\windows\system32\httpapi.dll
2011-01-05 01:52:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-05 01:46:28 526336 ------w- c:\windows\system32\RMActivate_isv.exe
2011-01-05 01:46:28 518144 ------w- c:\windows\system32\RMActivate.exe
2011-01-05 01:46:28 471552 ------w- c:\windows\system32\secproc_isv.dll
2011-01-05 01:46:27 471552 ------w- c:\windows\system32\secproc.dll
2011-01-05 01:46:27 347136 ------w- c:\windows\system32\RMActivate_ssp.exe
2011-01-05 01:46:27 346624 ------w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-01-05 01:46:27 332288 ------w- c:\windows\system32\msdrm.dll
2011-01-05 01:46:26 152576 ------w- c:\windows\system32\secproc_ssp_isv.dll
2011-01-05 01:46:26 152064 ------w- c:\windows\system32\secproc_ssp.dll
2011-01-05 01:44:57 2409784 ------w- c:\program files\windows mail\OESpamFilter.dat
2011-01-05 01:40:29 28672 ------w- c:\windows\system32\Apphlpdm.dll
2011-01-05 01:40:29 1696256 ------w- c:\windows\system32\gameux.dll
2011-01-05 01:40:28 4240384 ------w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-01-05 01:25:25 499712 ------w- c:\windows\system32\kerberos.dll
2011-01-05 01:25:25 175104 ------w- c:\windows\system32\wdigest.dll
2011-01-05 01:25:25 1259008 ------w- c:\windows\system32\lsasrv.dll
2011-01-05 01:25:24 9728 ------w- c:\windows\system32\lsass.exe
2011-01-05 01:25:24 72704 ------w- c:\windows\system32\secur32.dll
2011-01-05 01:25:24 439864 ------w- c:\windows\system32\drivers\ksecdd.sys
2011-01-05 01:15:59 218624 ------w- c:\windows\system32\msv1_0.dll
2011-01-05 01:11:58 53248 ------w- c:\windows\system32\tsgqec.dll
2011-01-05 01:11:58 2066432 ------w- c:\windows\system32\mstscax.dll
2011-01-05 01:11:58 136192 ------w- c:\windows\system32\aaclient.dll
2011-01-05 01:09:47 313344 ------w- c:\windows\system32\wmpdxm.dll
2011-01-05 01:09:46 43520 ------w- c:\windows\system32\msdxm.tlb
2011-01-05 01:09:46 18432 ------w- c:\windows\system32\amcompat.tlb
2011-01-05 01:08:26 954752 ------w- c:\windows\system32\mfc40.dll
2011-01-05 01:08:25 954288 ------w- c:\windows\system32\mfc40u.dll
2011-01-05 01:08:15 8147456 ------w- c:\windows\system32\wmploc.DLL
2011-01-05 01:08:15 7680 ------w- c:\windows\system32\spwmp.dll
2011-01-05 01:08:15 4096 ------w- c:\windows\system32\msdxm.ocx
2011-01-05 01:08:15 4096 ------w- c:\windows\system32\dxmasf.dll
2011-01-05 01:08:15 168960 ------w- c:\program files\windows media player\wmplayer.exe
2011-01-05 01:08:15 107520 ------w- c:\program files\windows media player\wmpshare.exe
2011-01-05 01:08:15 107520 ------w- c:\program files\windows media player\wmpconfig.exe
2011-01-05 01:05:52 310784 ------w- c:\windows\system32\unregmp2.exe
2011-01-05 01:05:52 1418752 ------w- c:\program files\windows media player\setup_wm.exe
2011-01-05 01:04:34 2868224 ------w- c:\windows\system32\mf.dll
2011-01-05 01:04:33 98816 ------w- c:\windows\system32\mfps.dll
2011-01-05 01:04:33 53248 ------w- c:\windows\system32\rrinstaller.exe
2011-01-05 01:04:33 24576 ------w- c:\windows\system32\mfpmp.exe
2011-01-05 01:04:33 2048 ------w- c:\windows\system32\mferror.dll
2011-01-05 01:04:22 3600768 ------w- c:\windows\system32\ntkrnlpa.exe
2011-01-05 01:04:21 3548040 ------w- c:\windows\system32\ntoskrnl.exe
2011-01-05 01:01:36 79360 ------w- c:\windows\system32\drivers\mrxsmb20.sys
2011-01-05 01:01:36 212992 ------w- c:\windows\system32\drivers\mrxsmb10.sys
2011-01-05 01:01:36 106496 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-05 01:01:34 243712 ------w- c:\windows\system32\rastls.dll
2011-01-05 01:00:57 2038272 ------w- c:\windows\system32\win32k.sys
2011-01-05 00:56:11 1401856 ------w- c:\windows\system32\msxml6.dll
2011-01-05 00:55:47 172032 ------w- c:\windows\system32\wintrust.dll
2011-01-05 00:55:43 531968 ------w- c:\windows\system32\comctl32.dll
2011-01-05 00:55:17 339968 ------w- c:\program files\windows nt\accessories\wordpad.exe
2011-01-05 00:55:17 1316864 ------w- c:\windows\system32\ole32.dll
2011-01-05 00:55:01 355328 ------w- c:\windows\system32\WSDApi.dll
2011-01-05 00:54:34 604672 ------w- c:\windows\system32\WMSPDMOD.DLL
2011-01-05 00:54:31 1616384 ------w- c:\program files\windows mail\msoe.dll
2011-01-05 00:54:24 601600 ------w- c:\windows\system32\schedsvc.dll
2011-01-05 00:54:24 352768 ------w- c:\windows\system32\taskschd.dll
2011-01-05 00:54:23 345600 ------w- c:\windows\system32\wmicmiplugin.dll
2011-01-05 00:54:23 270336 ------w- c:\windows\system32\taskcomp.dll
2011-01-05 00:54:23 171520 ------w- c:\windows\system32\taskeng.exe
2011-01-05 00:53:05 1248768 ------w- c:\windows\system32\msxml3.dll
2011-01-05 00:52:15 623616 ------w- c:\windows\system32\localspl.dll
2011-01-05 00:49:54 68096 ------w- c:\windows\system32\wlanhlp.dll
2011-01-05 00:49:54 65024 ------w- c:\windows\system32\wlanapi.dll
2011-01-05 00:49:54 513536 ------w- c:\windows\system32\wlansvc.dll
2011-01-05 00:49:54 302592 ------w- c:\windows\system32\wlansec.dll
2011-01-05 00:49:54 293376 ------w- c:\windows\system32\wlanmsm.dll
2011-01-05 00:49:54 127488 ------w- c:\windows\system32\L2SecHC.dll
2011-01-05 00:49:52 157184 ------w- c:\windows\system32\t2embed.dll
2011-01-05 00:49:06 784896 ------w- c:\windows\system32\rpcrt4.dll
2011-01-05 00:49:05 905088 ------w- c:\windows\system32\drivers\tcpip.sys
2011-01-05 00:49:05 30720 ------w- c:\windows\system32\drivers\tcpipreg.sys
2011-01-05 00:49:01 62464 ------w- c:\windows\system32\l3codeca.acm
2011-01-05 00:49:01 220672 ------w- c:\windows\system32\l3codecp.acm
2011-01-05 00:47:42 60928 ------w- c:\windows\system32\msasn1.dll
2011-01-05 00:47:39 502272 ------w- c:\windows\system32\usp10.dll
2011-01-05 00:47:37 317952 ------w- c:\windows\system32\MP4SDECD.DLL
2011-01-05 00:47:36 81920 ------w- c:\windows\system32\consent.exe
2011-01-05 00:47:35 160256 ------w- c:\windows\system32\wkssvc.dll
2011-01-05 00:47:34 128000 ------w- c:\windows\system32\spoolsv.exe
2011-01-05 00:47:33 867328 ------w- c:\windows\system32\wmpmde.dll
2011-01-05 00:47:32 81920 ------w- c:\windows\system32\iccvid.dll
2011-01-05 00:47:22 36864 ------w- c:\windows\system32\rtutils.dll
2011-01-05 00:47:21 714240 ------w- c:\windows\system32\timedate.cpl
2011-01-05 00:47:18 67072 ------w- c:\windows\system32\asycfilt.dll
2011-01-05 00:46:52 98304 ------w- c:\windows\system32\cabview.dll
2011-01-05 00:46:51 71680 ------w- c:\windows\system32\atl.dll
2011-01-04 21:47:32 472808 ------w- c:\windows\system32\deployJava1.dll
2011-01-04 21:47:32 472808 ------w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-04 20:40:54 -------- d-----w- c:\progra~2\Ezprint
2011-01-04 19:57:42 2421760 ------w- c:\windows\system32\wucltux.dll
2011-01-04 19:57:31 87552 ------w- c:\windows\system32\wudriver.dll
2011-01-04 19:57:27 33792 ------w- c:\windows\system32\wuapp.exe
2011-01-04 19:57:27 171608 ------w- c:\windows\system32\wuwebv.dll

==================== Find3M ====================

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 22:08:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:08:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-02 06:01:54 916480 ------w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ------w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ------w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ------w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ------w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ------w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ------w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ------w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ------w- c:\windows\system32\tzres.dll

============= FINISH: 19:34:22.70 ===============



=======
Attach.txt
=======



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/2/2007 1:39:03 PM
System Uptime: 1/12/2011 4:59:02 PM (3 hours ago)

Motherboard: LENOVO | | 7742CTO
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | None | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 49 GiB total, 9.143 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 25.764 GiB free.
E: is CDROM ()
G: is CDROM (UDF)
H: is FIXED (NTFS) - 698 GiB total, 169.151 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 3.2
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Free Antivirus
BlackBerry Desktop Software 6.0.1
Bonjour
CCleaner
CDex extraction audio
Client Security Solution
Defraggler
ERUNT 1.1j
Google Chrome
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel® PRO Network Connections Drivers
Intel® Turbo Memory and Intel® Matrix Storage Manager
IrfanView (remove only)
iTunes
Java Auto Updater
Java™ 6 Update 23
K-Lite Codec Pack 4.7.0 (Full)
Lenovo System Interface Driver
Maintenance Manager
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT Redists
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
On Screen Display
PDF Settings
Picasa 3
Polipo 1.0.4.1
Prism Video File Converter
Productivity Center Supplement for ThinkPad
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Roxio Easy Media Creator 8 Content
Roxio Easy Media Creator 8 Suite
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shockwave
Skype™ 5.0
Sonic Foundry Sound Forge 6.0a
Sonic Icons for Lenovo
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.4
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Toolbox
Tor 0.2.1.28
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Pro 9.0
Vidalia 0.2.10
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
Windows Media Player Firefox Plugin
WinRAR archiver
Xtranormal State
Xtranormal State - Showpak-Colorz
Xtranormal State - Showpak-Playgoz-Preview
Xtranormal State - Showpak-STA1
Xtranormal State - Showpak-THN
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-English-UK-Daniel
Xtranormal State - Voicepack-English-UK-Serena
Xtranormal State - Voicepack-English-US-Samantha
Xtranormal State - Voicepack-English-US-Tom

==== Event Viewer Messages From Past Week ========

1/9/2011 8:56:07 AM, Error: TPM [13] - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
1/9/2011 8:56:07 AM, Error: Microsoft-Windows-TBS [516] - An error occurred while communicating with the TPM. The driver returned 0x8007045d.
1/7/2011 3:25:40 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/6/2011 9:16:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
1/6/2011 9:16:42 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2011 6:47:41 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon Inkjet PIXMA iP5000 with shared resource name canonmf4100. Error 2114. The printer cannot be used by others on the network.
1/6/2011 1:33:15 PM, Error: EventLog [6008] - The previous system shutdown at 1:13:31 PM on 1/6/2011 was unexpected.
1/12/2011 5:01:12 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/12/2011 5:00:05 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1057] - The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state. .
1/12/2011 2:44:49 PM, Error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 1:05:41 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
1/10/2011 10:21:19 AM, Error: Service Control Manager [7022] - The Diagnostic Policy Service service hung on starting.

==== End Of File ===========================



=======
ark.txt
=======


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-13 00:42:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST910021 rev.4.06
Running: gmer.exe; Driver: C:\Users\Robert\AppData\Local\Temp\kxliipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x825EEE37]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x8245F315]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x82627211]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x82461060]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x8261EE11]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x82514F26]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x826D3DE1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x826D3E2A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x825EF001]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x826E9756]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddDriverEntry [0x826EA9FA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x8262760C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x826242B2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x826C707D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x8263FEB5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x825F5563]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x826B87AB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x825D5A18]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x8267C01B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcAcceptConnectPort [0x8261E3E3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCancelMessage [0x825E8811]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcConnectPort [0x8261E4E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePort [0x825EE91F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePortSection [0x826109FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateResourceReserve [0x825E421F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSectionView [0x826107CD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSecurityContext [0x8261862F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeletePortSection [0x82610B97]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteResourceReserve [0x826B402D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSectionView [0x8262911B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSecurityContext [0x82627E45]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDisconnectPort [0x826262B8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcImpersonateClientOfPort [0x8262B12F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderProcess [0x825EF71A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderThread [0x825F12DC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformation [0x8260D9F6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformationMessage [0x8262C5DF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcRevokeSecurityContext [0x826B4150]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSendWaitReceivePort [0x826714DB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSetInformation [0x8260CF98]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwApphelpCacheControl [0x826021DF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x826B4EE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x825F1AEF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x824E12FC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x8269CA6E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x825E5645]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x824586CB]



<<<CUT>>>

=======
The ark.txt file made the post too long to submit and I have cut it here. Please let me know if there is another way to get you the full ark.txt file.
=======

Please let me know if you need anything additional. Thank you for your help. This is very frustrating.
Sincerely (again),
Olberto

###

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 AM

Posted 18 January 2011 - 10:41 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:12 AM

Posted 27 January 2011 - 06:48 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users