Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows can not find NIRKMD


  • This topic is locked This topic is locked
6 replies to this topic

#1 Dolphin0

Dolphin0

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 02 June 2011 - 06:32 AM

Hi,
I am running a combofix on a machine. It is keep showing me the message "Windows cannot find NIRKMD, make sure you typed the name correctly.."

It does not continue the steps unless i press OK.

I am running combofix on XP machine - SP3. please let me know if you need any more information.

I have run comboifix on different machine without any issues.

I cannot find any help on NIRKMD on internet. I also would like to know what it is and what does it do?

Please guide me through the right direction..

Many thanks in advance.

Hi Andrew,
I have noticed that you have moved my post, so i guess i opened it under the wrong topic.

Do you want me to run combofix, just to inform you that it does not let me run it unless i press ok to NIRKMD message as mentioned in the above thread.

I wil try and run it again, as it is on somone else's PC at work, i have to wait till they let me have their PC to run the scan.I will post the result asap.
thanks

please find my scan report.

ComboFix 11-06-01.07 - 02/06/2011 9:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1454 [GMT 1:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
Command switches used :: /u
AV: McAfeeŽ Security-as-a-Service Anti-virus *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.HAP\WINDOWS
c:\windows\system32\bin
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-05-31 06:39 . 2011-05-31 06:39 8321 ----a-w- c:\windows\system32\drivers\CDProbe.SYS
2011-05-23 07:34 . 2011-05-23 07:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2011-05-09 16:22 . 2011-05-09 16:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 08:31 . 2009-05-15 07:36 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-05-31 06:39 . 2009-05-15 07:36 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-05-31 06:39 . 2009-05-13 08:16 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-02-05 17:39 . 2008-02-05 17:38 28868320 ----a-w- c:\program files\FileFormatConverters.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\anthonyd\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\anthonyd\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\anthonyd\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\anthonyd\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-14 39408]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 1036288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 178712]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-01-25 476480]
"Track-It! Workstation Manager Service Monitor"="c:\windows\TIREMOTE\TIServiceMonitor.exe" [2009-05-30 169984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\anthonyd\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\anthonyd\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-2353\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-2354\Scripts\Logon\0\0]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-2354\Scripts\Logon\0\1]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7340\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7340\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7340\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7340\Scripts\Logon\0\3]
"Script"=Disableproxy.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7378\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7378\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7378\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7383\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-7383\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8141\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8141\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8141\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8215\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8215\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8215\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8215\Scripts\Logon\0\3]
"Script"=Disableproxy.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8215\Scripts\Logon\0\4]
"Script"=Outlook 2011 Global settings.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8296\Scripts\Logon\0\0]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8296\Scripts\Logon\0\1]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8677\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8677\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8677\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8679\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8679\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8679\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8899\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8899\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-885222611-2063553274-1082013118-8899\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-500\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-500\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7778\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7778\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7778\Scripts\Logon\0\2]
"Script"=Messenger.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7778\Scripts\Logon\0\3]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7791\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7791\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7791\Scripts\Logon\0\2]
"Script"=Messenger.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7791\Scripts\Logon\0\3]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7815\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7815\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7829\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7829\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-7829\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-8590\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-8590\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-8590\Scripts\Logon\0\2]
"Script"=Audit.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-8590\Scripts\Logon\0\3]
"Script"=Messenger.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-8638\Scripts\Logon\0\0]
"Script"=Logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-914559495-1175209041-6498272-8638\Scripts\Logon\0\1]
"Script"=MNDUserName.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15/02/2007 18:00 26624]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/08/2010 14:55 88544]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [23/01/2007 04:58 133968]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [15/10/2010 15:44 324928]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [05/01/2011 10:20 145936]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [16/02/2011 10:23 291064]
R2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [16/02/2011 10:23 291064]
R2 TIRmtCtl;Track-It! Remote Control;c:\windows\TIREMOTE\wuser32.exe [16/10/2008 10:49 311374]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [16/10/2008 10:49 217088]
R3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [31/05/2011 07:39 8321]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [07/02/2007 18:00 2944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/03/2010 19:05 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/03/2010 19:05 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/08/2010 14:55 85152]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 11:25 30969208]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/08/2004 18:00 14336]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [24/01/2008 16:21 4064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASFALRT
*Deregistered* - AsfAlrt
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
.
2011-05-18 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-05-31 c:\windows\Tasks\FileCure Startup.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 18:05]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 18:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: google.com\picasa
TCP: DhcpNameServer = 194.11.5.35 194.11.5.32
DPF: {4A224399-F178-4816-8CDD-65873E3B92A5} - hxxps://cognos.dmsp.com/cognos/contributor/controls/clientFull73.cab
DPF: {57D60ED1-AFA0-47C3-A850-723896923971} - hxxps://cognos.dmsp.com/cognos/contributor/controls/epcWebInstaller73.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DameWare MRC Agent - c:\windows\system32\DWRCST.exe
AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 09:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(7656)
c:\windows\system32\WININET.dll
c:\documents and settings\anthonyd\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-02 10:00:51
ComboFix-quarantined-files.txt 2011-06-02 09:00
.
Pre-Run: 30,017,355,776 bytes free
Post-Run: 40,031,543,296 bytes free
.
- - End Of File - - 8E3A19D887328792035D826110B10F29

Mod Edit: Merged posts, moved topic from AII to MRL ~ Hamluis.

Hi,

Can you please provide any update on this issue as now I have had few machines showing the same message "Windows cannot find NIRKMD".
Thanks

EDIT: Please be patient. There are over 330 unanswered topics in this forum at present and the current average wait time to receive help is 10 days. ~Budapest

Edited by Budapest, 07 June 2011 - 04:12 PM.
Mod Edit: Moved From MRL To AII - AA


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:55 PM

Posted 11 June 2011 - 07:34 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Dolphin0

Dolphin0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 13 June 2011 - 02:18 AM

Hi M0le,
thanks for looking into this.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:55 PM

Posted 14 June 2011 - 03:05 PM

This maybe due to McAfee not being completely disabled before you downloaded and ran Combofix.

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Now redownload Combofix

Please download ComboFix from one of these locations:Now boot into safe mode

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode with networking.
Make sure you choose the option without networking support.
Please see here for additional details.

Now attempt to run Combofix again. The message should not appear this time.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:55 PM

Posted 19 June 2011 - 06:36 AM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 Dolphin0

Dolphin0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 20 June 2011 - 05:27 AM

Hi M0le,

Thanks for your help. It seems to work fine now.

Thanks again.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:55 PM

Posted 20 June 2011 - 06:32 PM

:thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users