Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud


  • This topic is locked This topic is locked
2 replies to this topic

#1 Gomez Adams

Gomez Adams

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 26 May 2011 - 05:53 PM

Special thanks to BOOPME for all the help,

Referred from here: http://www.bleepingcomputer.com/forums/topic399579.html ~ OB

I was strickened with the XP antispy/antivirus Maleware
i have tried everything, Spybot Malewarebytes, Superantispy ect.
after performing all tasks auto updates would still not work,

Also i just finished running GMER i clicked ON OK and that caused the screen to dissappear, So i ran it again upon doing so in the middle of the scan , My pc shuts off, Now this is after i completed all the steps 6-9 in the preperation guide, After rebooting from the unexpected shutdown, a sreen came up sayingThe System has
recovered from a serious error.

ERROR REPORT CONTENTS

c:\DOCUME`1\Owner\Locals`1\Temp\WER9c64.dir00\Mini052611.01.dmp
c:\DOCUME`1\Owner\Locals`1\Temp\WER9c64.dir00\sysdata.xml

So i ran the GMER a third time,


Also i was informed by another Tech That i could get my auto updates to work BYRe-register the Windows Update DLL with the commands below:

•Click the Start button
•choose Run
•type cmd and then click OK.

Type the following commands. Press ENTER after each command.

regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb.dll

I followed these instructions and was able to turn the updates
back on, But i know i still have a problem and Smitfraud is
hiding somewhere waiting to strike again, Thanks for all the
help, Gomez

Here are the log files.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 16:18:06 on 2011-05-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.259 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\UPS\WSTD\PolicyMgr\NA1Msgr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\113876~1\EE\AOLHOS~1.EXE
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\COMMON~1\AOL\113876~1\EE\AOLServiceHost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\UPS\WSTD\Messages\WSTDMessaging.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T6532
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CHotkey] zHotkey.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [HostManager] c:\program files\common files\aol\1138765954\ee\AOLHostManager.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NA1Messenger] c:\ups\wstd\policymgr\NA1Msgr.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~2.lnk - c:\ups\wstd\messages\WSTDMessaging.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\docume~1\owner\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sshipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlservr.exe -sSHIPWORKS [?]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-4-30 14424]
S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.exe -i shipworks --> c:\program files\microsoft sql server\mssql$shipworks\binn\sqlagent.EXE -i SHIPWORKS [?]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -i upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -i UPSWSDBSERVER [?]
.
=============== Created Last 30 ================
.
2011-05-26 02:49:39 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{3a9bfbdc-28ac-42d2-a13d-93350096e6cb}\mpengine.dll
2011-05-24 06:16:05 6144 ----a-w- c:\windows\~DF75A8.tmp
2011-05-24 06:15:56 6144 ----a-w- c:\windows\~DF635A.tmp
2011-05-12 07:13:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip
2011-05-11 18:36:28 7071056 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-05-11 17:37:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-11 07:24:42 4822 ----a-w- c:\windows\system32\tmp.reg
2011-05-11 04:30:32 -------- d-----w- c:\documents and settings\owner\application data\IObit
2011-05-11 04:30:31 -------- d-----w- c:\program files\IObit
2011-05-11 02:37:50 -------- d-----w- c:\program files\Trend Micro
2011-05-11 00:16:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 06:38:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-10 06:38:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-05-10 05:00:13 -------- d-----w- c:\documents and settings\owner\application data\AVG10
2011-05-10 04:58:30 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-05-10 04:56:16 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-05-10 04:55:24 -------- d-----w- c:\program files\AVG
2011-05-10 04:50:46 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-05-09 23:10:01 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-05-09 23:09:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 23:09:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-09 23:09:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-09 23:09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-09 22:55:22 -------- d-----w- c:\documents and settings\owner\application data\licenses
2011-05-09 22:55:19 -------- d-----w- c:\documents and settings\owner\application data\PCMM2009
2011-05-09 22:55:15 -------- d-----w- c:\documents and settings\owner\application data\PCMM2011
2011-05-09 22:54:54 -------- d-----w- c:\program files\PC MightyMax 2011
2011-05-09 19:14:28 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-05-09 19:14:28 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-09 05:15:56 -------- d-----w- c:\documents and settings\owner\application data\GetRightToGo
2011-05-06 16:00:47 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-06 16:00:39 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-05-06 16:00:01 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-06 15:44:10 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-05 17:56:07 -------- d-----w- c:\windows\system32\scripting
2011-05-05 17:56:06 -------- d-----w- c:\windows\system32\en
2011-05-05 17:56:06 -------- d-----w- c:\windows\system32\bits
2011-05-05 17:56:06 -------- d-----w- c:\windows\l2schemas
2011-05-05 17:51:25 -------- d-----w- c:\windows\network diagnostic
2011-05-05 03:41:42 -------- d-----w- c:\documents and settings\all users\application data\Wondershare
2011-05-05 03:26:22 892928 ----a-w- c:\windows\system32\iconv.dll
2011-05-05 03:26:22 675840 ----a-w- c:\windows\system32\ac3filter.ax
2011-05-05 03:26:22 496640 ----a-w- c:\windows\system32\xvid.ax
2011-05-05 03:26:21 -------- d-----w- c:\program files\Wondershare
2011-05-05 00:55:12 -------- d-----w- c:\program files\VideoLAN
2011-05-03 23:25:17 -------- d-----w- c:\program files\CCleaner
2011-05-03 06:45:01 69120 ------w- c:\windows\system32\wlanapi.dll
2011-05-03 06:43:51 61440 ------w- c:\windows\system32\kmsvc.dll
2011-05-03 02:12:46 -------- d--h--w- c:\windows\PIF
2011-05-01 07:32:08 -------- d-----w- c:\windows\system32\XPSViewer
2011-05-01 07:30:22 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-05-01 07:29:25 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-05-01 07:29:25 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-05-01 07:29:25 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-05-01 07:29:25 117760 ------w- c:\windows\system32\prntvpt.dll
2011-05-01 07:29:24 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-05-01 07:29:24 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-05-01 07:29:23 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-05-01 07:29:23 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-05-01 07:29:22 -------- d-----w- C:\1dcb187db21c3642a7900fb98d14
2011-05-01 07:08:01 -------- d-----w- c:\program files\MSXML 6.0
2011-04-30 22:11:51 -------- d-----w- c:\program files\PeerBlock
2011-04-30 22:06:13 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2011-04-30 21:58:32 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2011-04-30 18:44:01 -------- dc-h--w- c:\windows\ie8
2011-04-30 18:40:55 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-30 18:40:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-30 18:40:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-04-30 18:40:54 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-30 18:40:54 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-30 18:40:53 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-04-30 18:40:51 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-04-30 07:43:14 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-04-30 07:36:39 -------- d-----w- c:\windows\ie8updates
2011-04-30 07:36:16 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2011-04-30 07:09:19 -------- d-----w- c:\windows\ServicePackFiles
2011-04-30 05:57:01 -------- d-----w- c:\documents and settings\all users\application data\vsosdk
2011-04-30 03:19:43 87608 ----a-w- c:\documents and settings\owner\application data\inst.exe
2011-04-30 03:19:43 47360 ----a-w- c:\documents and settings\owner\application data\pcouffin.sys
2011-04-30 03:19:33 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-04-30 03:19:33 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-04-30 03:19:33 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-04-30 03:19:33 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-04-30 03:19:33 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-04-30 03:19:32 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-04-30 03:19:32 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-04-30 03:19:30 -------- d-----w- c:\program files\VSO
2011-04-30 01:22:55 -------- d-----w- c:\program files\uTorrent
2011-04-30 01:22:51 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
2011-04-30 00:14:13 -------- d-----w- c:\documents and settings\owner\local settings\application data\AskToolbar
2011-04-30 00:00:05 -------- d-----w- c:\documents and settings\owner\application data\Sammsoft
2011-04-29 23:59:46 -------- d-----w- c:\program files\Ask.com
2011-04-29 23:59:45 -------- d-----w- C:\Firefox
2011-04-29 23:38:43 -------- d-----w- C:\Movies
2011-04-29 23:37:51 -------- d-----w- c:\documents and settings\owner\application data\.BitTornado
2011-04-29 23:33:14 -------- d-----w- c:\program files\PeerGuardian2
2011-04-29 20:45:45 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-04-29 20:45:25 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-04-29 20:39:55 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-04-29 20:38:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-04-29 20:38:46 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
.
==================== Find3M ====================
.
2011-05-11 17:36:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:18:55.14 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/11/2006 3:04:03 PM
System Uptime: 5/25/2011 10:51:18 PM (18 hours ago)
.
Motherboard: To be filled by O.E.M. | | MS-7207G
Processor: AMD Athlon™ 64 Processor 3500+ | CPU 1 | 2210/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 182 GiB total, 129.906 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.383 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
Description: pcouffin device for 32 bits systems
Device ID: ROOT\PCOUFFIN\0000
Manufacturer: VSO Software
Name: pcouffin device for 32 bits systems
PNP Device ID: ROOT\PCOUFFIN\0000
Service: pcouffin
.
==== System Restore Points ===================
.
RP253: 3/24/2011 1:29:23 PM - System Checkpoint
RP254: 4/29/2011 4:28:43 PM - Software Distribution Service 3.0
RP255: 4/29/2011 7:59:24 PM - ARO 2011 - Before Installation
RP256: 4/29/2011 8:00:12 PM - ARO 2011 - FIRST RUN
RP257: 4/29/2011 8:02:58 PM - ARO 2011 Fri, Apr 29, 11 20:02
RP258: 4/29/2011 8:11:07 PM - Removed SteepandCheap.com Desktop Alert
RP259: 4/30/2011 3:01:18 AM - Software Distribution Service 3.0
RP260: 4/30/2011 2:03:07 PM - Software Distribution Service 3.0
RP261: 4/30/2011 2:41:10 PM - Software Distribution Service 3.0
RP262: 4/30/2011 2:44:46 PM - Installed Windows Internet Explorer 8.
RP263: 4/30/2011 2:45:19 PM - Software Distribution Service 3.0
RP264: 4/30/2011 5:59:55 PM - Software Distribution Service 3.0
RP265: 5/1/2011 3:03:36 AM - Software Distribution Service 3.0
RP266: 5/2/2011 3:19:05 AM - System Checkpoint
RP267: 5/3/2011 3:01:55 PM - System Checkpoint
RP268: 5/4/2011 4:24:43 PM - System Checkpoint
RP269: 5/4/2011 6:24:49 PM - Software Distribution Service 3.0
RP270: 5/4/2011 11:38:46 PM - Installed Windows XP -- Software Updates KB952011.
RP271: 5/5/2011 1:41:53 PM - Software Distribution Service 3.0
RP272: 5/6/2011 2:13:41 PM - System Checkpoint
RP273: 5/7/2011 3:04:39 AM - Software Distribution Service 3.0
RP274: 5/8/2011 3:55:30 AM - System Checkpoint
RP275: 5/9/2011 4:16:11 AM - System Checkpoint
RP276: 5/9/2011 6:54:42 PM - Installed PC MightyMax 2011
RP277: 5/10/2011 12:55:10 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP278: 5/10/2011 12:55:22 AM - Installed AVG 2011
RP279: 5/10/2011 12:56:01 AM - Installed AVG 2011
RP280: 5/10/2011 5:06:32 PM - Installed Windows Defender
RP281: 5/10/2011 10:44:13 PM - Installed Ad-Aware
RP282: 5/11/2011 12:31:31 AM - Advanced SystemCare RestorePoint
RP283: 5/11/2011 1:36:45 PM - Installed Java™ 6 Update 24
RP284: 5/11/2011 1:42:56 PM - Removed Windows Defender
RP285: 5/11/2011 1:44:43 PM - Removed Ad-Aware
RP286: 5/11/2011 2:35:34 PM - Installed Windows Defender
RP287: 5/11/2011 2:36:19 PM - Software Distribution Service 3.0
RP288: 5/12/2011 3:12:28 AM - Installed WinZip 15.0
RP289: 5/14/2011 3:17:53 AM - System Checkpoint
RP290: 5/15/2011 3:57:04 AM - System Checkpoint
RP291: 5/23/2011 6:57:51 PM - System Checkpoint
RP292: 5/24/2011 2:21:53 AM - Restore Operation
RP293: 5/25/2011 4:42:37 PM - Removed AVG 2011
RP294: 5/25/2011 4:45:02 PM - Removed AVG 2011
RP295: 5/25/2011 10:37:06 PM - Software Distribution Service 3.0
RP296: 5/25/2011 10:49:27 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
µTorrent
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL You've Got Pictures Screensaver
Ask Toolbar
Avery Wizard 3.1
BigFix
Brother MFL-Pro Suite
Browser Address Error Redirector
Business Plan Pro 2007
Business Plan Pro 2007 Sample Plans
CCC
CCleaner
ConvertXtoDVD 4.1.17.362
Corel Paint Shop Pro X
DesignPro 5.0 Limited Edition
Digital Media Reader
DVD Solution
FOSS
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (SHIPWORKS)
Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSIChecker
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multimedia Keyboard Driver
NA1Messenger
Napster
Napster Burn Engine
NRF
NVIDIA Drivers
OpenOffice.org Installer 1.0
palmOne
PaperPort
PC MightyMax 2011
PeerBlock 1.0.0 (r181)
picture-shark 1.0
PolicyManager
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Reconciler
Recovery Software Suite eMachines
ReportServer
RRU
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
ShipWorks 2.7.3
Soft Data Fax Modem with SmartCP
Sonic Encoders
Spybot - Search & Destroy
Stamps.com
Sun Download Manager 2.0 (web)
SupportUtility
System
Turbo Lister 2
Universal Media Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
UPS WorldShip
UPSDB
Viewpoint Media Player
VLC media player 1.1.9
WebFldrs XP
WebHelp
Windows Backup Utility
Windows Defender
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 15.0
Wondershare DVD Ripper Platinum(Build 4.5.1.0)
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.0.41)
WorldShip
Yahoo! SiteBuilder
.
==== Event Viewer Messages From Past Week ========
.
5/25/2011 4:49:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor SASDIFSV SASKUTIL
5/24/2011 2:42:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/24/2011 2:21:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/24/2011 2:19:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips Processor SASDIFSV SASKUTIL
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Multimedia Card Reader' (USB\Vid_058f&Pid_9360\2004888) disappeared from the system without first being prepared for removal.
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&59a1a41&0&RM) disappeared from the system without first being prepared for removal.
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&343598db&0&RM) disappeared from the system without first being prepared for removal.
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&255493f1&0&RM) disappeared from the system without first being prepared for removal.
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&19d12bf5&0&RM) disappeared from the system without first being prepared for removal.
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Generic USB SM Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02\2004888&2) disappeared from the system without first being prepared for removal.
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Generic USB SD Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00\2004888&0) disappeared from the system without first being prepared for removal.
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Generic USB MS Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03\2004888&3) disappeared from the system without first being prepared for removal.
5/24/2011 1:26:40 AM, error: PlugPlayManager [12] - The device 'Generic USB CF Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01\2004888&1) disappeared from the system without first being prepared for removal.
.
==== End Of File ===========================
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-26 18:33:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2000BB-00KEA0 rev.08.05J08
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ffdiqfow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6802360, 0x1FE48D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3332] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- EOF - GMER 1.0.15 ----
Thanks for all the help Gomez

Edited by Orange Blossom, 27 May 2011 - 02:20 PM.


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:29 PM

Posted 05 June 2011 - 08:21 AM

Hello Gomez Adams and welcome to BC. :)

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:29 PM

Posted 10 June 2011 - 04:50 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users