Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect to Get Answers Fast


  • This topic is locked This topic is locked
3 replies to this topic

#1 Curtis2073

Curtis2073

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 11 November 2011 - 12:25 PM

Google redirects to "Get Answers Fast'

Listed below are MS Security detected Malware, DDS.TXT, ATTACH.TXT, GMER.TXT

MS Security essentials has recently removed the following Malware:
Rogue:Win32/FakeRean
Items:
file:C:\System Volume Information\_restore{AFEFF57A-C616-4886-A1B0-4449D371F042}\RP107\A0015043.exe
file:C:\System Volume Information\_restore{AFEFF57A-C616-4886-A1B0-4449D371F042}\RP107\A0015064.exe

Trojan:Dos/Alureon C
Items:
boot:\Device\Harddisk0\DR0

Trojan:Win32/Cleamon E
Items:
file:C:\System Volume Information\_restore{AFEFF57A-C616-4886-A1B0-4449D371F042}\RP87\A0011092.exe

Trojan:Win32/Sisron
Items:
file:C:\System Volume Information\_restore{AFEFF57A-C616-4886-A1B0-4449D371F042}\RP87\A0011091.exe

Trojan:Win32/Cleamon B
Items:
file:C:\System Volume Information\_restore{AFEFF57A-C616-4886-A1B0-4449D371F042}\RP90\A0011155.dll

SettingsModifier:Win32/PossibleHostsFileHijack
Items:
file:C:\WINDOWS\system32\drivers\etc\hosts

Trojan:Win32/FakeSysdef
Items:
file:C:\Documents and Settings\Lee Curtis\Local Settings\temp\rterrd.exe
process:pid:3716
________________________________________________________________________

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Lee at 7:53:48 on 2011-11-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.126 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\FlexLM\lmgrd.exe
C:\FlexLM\lmgrd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\FlexLM\adskflex.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PrintDisp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\system32\PrintCtrl.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\WinSplit Revolution\WinSplit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Documents and Settings\Lee Curtis\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Lee Curtis\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\WinFast\WFTVFM\WFTV.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
BHO: {0238c281-1c1e-4554-813f-964c77aa91cc} - c:\documents and settings\lee curtis\local settings\application data\ServiceWMP.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - No File
uRun: [Winsplit] c:\program files\winsplit revolution\WinSplit.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] c:\documents and settings\lee curtis\local settings\application data\akamai\netsession_win.exe
uRun: [ScreenshotUtility Update] rundll32 "c:\documents and settings\lee curtis\local settings\application data\apple\appleupdate\Appleup.dll",DllRegisterServer
uRun: [MousePolicyManager] rundll32.exe "c:\documents and settings\all users\application data\MousePolicyManager.dll",DllRegisterServer
mRun: [WinFast Schedule] c:\program files\winfast\wftvfm\WFWIZ.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PrintDisp] c:\windows\system32\PrintDisp.exe
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot pro plugin\Pivot_startup.exe" -delay=10
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
mRun: [CTHelper] CTHELPER.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}
IE: {FA4904B4-1FAF-4afd-886C-C19D2297BA62}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: dailygraphs.com\www
Trusted Zone: google.com\www
Trusted Zone: investors.com\premium
Trusted Zone: investors.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_4.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.pinellascounty.org/ActiveX/ver6.5/mgaxctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin9.valueactive.eu/Register/Branding/olr3313/OCX/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3AFDB092-7AFB-4F56-91DB-0EE346694C00} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lee curtis\application data\mozilla\firefox\profiles\eyekwpd0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CL-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101179100&s=
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPWORDS.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101179100&s=
FF - user.js: extentions.y2layers.installId - c977bcff-6b9a-4a90-80e9-b9ed4a5568de
.
============= SERVICES / DRIVERS ===============
.
R0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\SMR210.SYS [2011-11-2 83064]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsle9e0cf04;MpKsle9e0cf04;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e7c583-3f75-4ac3-9741-287763f8687b}\MpKsle9e0cf04.sys [2011-11-11 28752]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-3 216912]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\lsoft technologies inc\active@ hard disk monitor\DiskMonitorService.exe [2010-3-9 1119624]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2011-9-23 59776]
R2 Flexlm Service 1;Flexlm Service 1;c:\flexlm\lmgrd.exe [2007-3-13 962560]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-3-25 99772]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2010-7-14 74880]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2011-9-23 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [2011-9-23 9600]
R3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2005-12-19 9446]
S1 MpKsl003bae9e;MpKsl003bae9e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0c3dc92-e083-4cff-871f-fa08d1e2cb35}\mpksl003bae9e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0c3dc92-e083-4cff-871f-fa08d1e2cb35}\MpKsl003bae9e.sys [?]
S1 MpKsl117339cd;MpKsl117339cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa0cc4f1-7fd9-4907-9e6a-c3c9191a3d92}\mpksl117339cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa0cc4f1-7fd9-4907-9e6a-c3c9191a3d92}\MpKsl117339cd.sys [?]
S1 MpKsl1bf944a9;MpKsl1bf944a9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48f77310-8040-4baf-be7f-adddd0ee0d97}\mpksl1bf944a9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48f77310-8040-4baf-be7f-adddd0ee0d97}\MpKsl1bf944a9.sys [?]
S1 MpKsl2dd52724;MpKsl2dd52724;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ad8fb21b-d66a-4047-a0db-ebcaea536617}\mpksl2dd52724.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ad8fb21b-d66a-4047-a0db-ebcaea536617}\MpKsl2dd52724.sys [?]
S1 MpKsl4957211c;MpKsl4957211c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e7c583-3f75-4ac3-9741-287763f8687b}\mpksl4957211c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e7c583-3f75-4ac3-9741-287763f8687b}\MpKsl4957211c.sys [?]
S1 MpKsl4a5261de;MpKsl4a5261de;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{019d88ff-1049-4b9e-9639-01201bfb2666}\mpksl4a5261de.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{019d88ff-1049-4b9e-9639-01201bfb2666}\MpKsl4a5261de.sys [?]
S1 MpKsl4d6176c5;MpKsl4d6176c5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7e9b7259-9222-4603-8286-c1b21fcee4bb}\mpksl4d6176c5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7e9b7259-9222-4603-8286-c1b21fcee4bb}\MpKsl4d6176c5.sys [?]
S1 MpKsl4e28b5cf;MpKsl4e28b5cf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a135c3d0-09c9-4080-a838-d2f471f92760}\mpksl4e28b5cf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a135c3d0-09c9-4080-a838-d2f471f92760}\MpKsl4e28b5cf.sys [?]
S1 MpKsl56e33a78;MpKsl56e33a78;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{911cff26-0992-42ca-a50a-a61c9557f738}\mpksl56e33a78.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{911cff26-0992-42ca-a50a-a61c9557f738}\MpKsl56e33a78.sys [?]
S1 MpKsl5fb3c307;MpKsl5fb3c307;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47e76e61-f035-4ddb-86ef-d9f4501a85e0}\mpksl5fb3c307.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47e76e61-f035-4ddb-86ef-d9f4501a85e0}\MpKsl5fb3c307.sys [?]
S1 MpKsl6946100f;MpKsl6946100f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fee74686-f948-4550-86c9-94acbcc3c637}\mpksl6946100f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fee74686-f948-4550-86c9-94acbcc3c637}\MpKsl6946100f.sys [?]
S1 MpKsl6b2d1647;MpKsl6b2d1647;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4282546b-f9a9-4b2d-b699-af48d54b60e9}\mpksl6b2d1647.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4282546b-f9a9-4b2d-b699-af48d54b60e9}\MpKsl6b2d1647.sys [?]
S1 MpKsl6c4bf984;MpKsl6c4bf984;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3c53bd87-5546-4e02-b130-674169185edf}\mpksl6c4bf984.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3c53bd87-5546-4e02-b130-674169185edf}\MpKsl6c4bf984.sys [?]
S1 MpKsl7feeb05b;MpKsl7feeb05b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a91b18a-abab-4bb9-975f-34d94fe1a521}\mpksl7feeb05b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a91b18a-abab-4bb9-975f-34d94fe1a521}\MpKsl7feeb05b.sys [?]
S1 MpKsl822f4f35;MpKsl822f4f35;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f209c24-c696-46db-91a4-181cb614ebf3}\mpksl822f4f35.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f209c24-c696-46db-91a4-181cb614ebf3}\MpKsl822f4f35.sys [?]
S1 MpKsl880ab865;MpKsl880ab865;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{492ce443-4306-4937-8754-68643e9821f3}\mpksl880ab865.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{492ce443-4306-4937-8754-68643e9821f3}\MpKsl880ab865.sys [?]
S1 MpKslaa082193;MpKslaa082193;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b509532-cc58-4ea5-898c-06823e431a63}\mpkslaa082193.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b509532-cc58-4ea5-898c-06823e431a63}\MpKslaa082193.sys [?]
S1 MpKslb5772c5f;MpKslb5772c5f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7f2974d0-1476-45c6-8ccd-6daf28e31c22}\mpkslb5772c5f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7f2974d0-1476-45c6-8ccd-6daf28e31c22}\MpKslb5772c5f.sys [?]
S1 MpKslc8c50271;MpKslc8c50271;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5eeb963c-c660-42ee-a435-865927d3cb18}\mpkslc8c50271.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5eeb963c-c660-42ee-a435-865927d3cb18}\MpKslc8c50271.sys [?]
S1 MpKsle68a96ad;MpKsle68a96ad;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b428f1cc-1287-4253-bae0-de40527970f8}\mpksle68a96ad.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b428f1cc-1287-4253-bae0-de40527970f8}\MpKsle68a96ad.sys [?]
S1 MpKsle9cccb4e;MpKsle9cccb4e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fab7932d-f646-4662-8d2a-a7b265c033ce}\mpksle9cccb4e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fab7932d-f646-4662-8d2a-a7b265c033ce}\MpKsle9cccb4e.sys [?]
S1 MpKslf2156361;MpKslf2156361;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{014774e5-0402-494d-a727-7039d6322471}\mpkslf2156361.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{014774e5-0402-494d-a727-7039d6322471}\MpKslf2156361.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-7 136176]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-5 17920]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-7 136176]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-7-4 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-7-4 19408]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 272128]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 863460]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2071-07-25 13:13:30 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-11-11 11:43:20 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-11-11 11:43:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-11 11:43:19 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2011-11-11 11:43:18 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-11 11:43:17 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-11-11 11:43:17 269272 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2011-11-11 11:40:51 0 ---ha-w- c:\documents and settings\lee curtis\jvyxvwxitw.tmp
2011-11-11 11:39:41 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e7c583-3f75-4ac3-9741-287763f8687b}\MpKsle9e0cf04.sys
2011-11-11 11:39:31 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e7c583-3f75-4ac3-9741-287763f8687b}\offreg.dll
2011-11-11 11:17:44 118784 ----a-w- c:\documents and settings\all users\application data\MousePolicyManager.dll
2011-11-11 11:17:39 244224 ----a-w- c:\documents and settings\lee curtis\local settings\application data\ServiceWMP.dll
2011-11-11 01:20:19 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24e7c583-3f75-4ac3-9741-287763f8687b}\mpengine.dll
2011-11-03 09:58:24 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-03 09:58:24 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-03 09:58:24 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-03 09:58:24 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-03 09:58:24 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-03 09:58:23 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-03 00:52:14 -------- d-----w- c:\documents and settings\lee curtis\local settings\application data\Akamai
2011-11-02 15:21:47 -------- d-----w- c:\program files\Citrix
2011-11-02 15:21:07 72080 ----a-w- c:\documents and settings\lee curtis\g2mdlhlpx.exe
2011-11-02 13:26:19 46640 ----a-w- c:\windows\system32\msln.exe
2011-11-02 13:16:35 2265146 ----a-w- c:\windows\system32\drivers\SMR210.dat
2011-11-02 12:16:30 83064 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-10-31 12:00:59 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-10-19 17:56:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\SET32.tmp
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ------w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 16:42:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-01 00:24:48 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-31 23:53:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-31 14:39:25 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-08-31 13:42:33 4194304 ----a-w- c:\windows\system32\oslmfnza.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-21 14:00:36 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 7:57:20.31 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/27/2003 9:08:35 PM
System Uptime: 11/11/2011 6:38:51 AM (1 hours ago)
.
Motherboard: Intel Corporation | | D845WN
Processor: Intel® Pentium® 4 CPU 2.40GHz | J2E1 | 2392/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 6.069 GiB free.
D: is FIXED (FAT32) - 35 GiB total, 12.829 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&268D196D&2
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&268D196D&2
Service: i8042prt
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\SYSTEM\0003
Manufacturer:
Name:
PNP Device ID: ROOT\SYSTEM\0003
Service:
.
==== System Restore Points ===================
.
RP83: 10/22/2011 6:49:01 PM - Software Distribution Service 3.0
RP84: 10/23/2011 6:43:46 PM - Software Distribution Service 3.0
RP85: 10/24/2011 6:42:11 PM - Software Distribution Service 3.0
RP86: 10/25/2011 8:14:34 PM - System Checkpoint
RP87: 10/26/2011 2:24:28 AM - Software Distribution Service 3.0
RP88: 10/27/2011 1:39:01 AM - Software Distribution Service 3.0
RP89: 10/27/2011 7:47:26 AM - Software Distribution Service 3.0
RP90: 10/28/2011 1:39:24 AM - Software Distribution Service 3.0
RP91: 10/29/2011 2:22:23 AM - Software Distribution Service 3.0
RP92: 10/30/2011 3:07:54 PM - Installed Microsoft Fix it 50267
RP93: 10/30/2011 6:55:41 PM - Software Distribution Service 3.0
RP94: 10/31/2011 7:44:27 AM - Removed Ask Toolbar.
RP95: 10/31/2011 7:53:03 AM - Removed Setup1
RP96: 10/31/2011 10:04:38 AM - Removed Google SketchUp 7
RP97: 10/31/2011 10:33:41 AM - Removed PC Connectivity Solution
RP98: 10/31/2011 10:38:11 AM - Removed Photosynth
RP99: 11/1/2011 12:17:00 AM - Software Distribution Service 3.0
RP100: 11/1/2011 11:55:21 PM - Software Distribution Service 3.0
RP101: 11/2/2011 8:31:41 AM - Norton_Power_Eraser_20111102083129187
RP102: 11/3/2011 12:07:58 AM - Software Distribution Service 3.0
RP103: 11/3/2011 11:52:15 PM - Software Distribution Service 3.0
RP104: 11/4/2011 6:09:51 AM - Software Distribution Service 3.0
RP105: 11/5/2011 12:09:22 AM - Software Distribution Service 3.0
RP106: 11/5/2011 8:28:27 PM - Software Distribution Service 3.0
RP107: 11/6/2011 11:59:43 AM - Restore Operation
RP108: 11/6/2011 11:36:15 PM - Software Distribution Service 3.0
RP109: 11/7/2011 2:26:17 PM - Software Distribution Service 3.0
RP110: 11/7/2011 11:35:57 PM - Software Distribution Service 3.0
RP111: 11/8/2011 2:26:54 PM - Software Distribution Service 3.0
RP112: 11/8/2011 11:36:47 PM - Software Distribution Service 3.0
RP113: 11/9/2011 12:00:33 AM - Software Distribution Service 3.0
RP114: 11/9/2011 2:26:22 PM - Software Distribution Service 3.0
RP115: 11/9/2011 11:32:21 PM - Software Distribution Service 3.0
RP116: 11/10/2011 8:20:07 PM - Software Distribution Service 3.0
RP117: 11/11/2011 7:47:01 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 4.65
Acer eDisplay Management
Active@ Hard Disk Monitor
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player
Advanced Analyzer
AiO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
AutoCAD 2002
AutoCAD Express Tools - AutoCAD 2002
AutoCAD Express Tools - Autodesk Architectural Desktop 3.3
Autodesk Architectural Desktop 2007
Autodesk Architectural Desktop 3.3
Autodesk DWF Viewer
Autodesk MapGuide® Viewer ActiveX Control Release 6.5
AutoUpdate
BetOnline Poker
Bullzip PDF Printer 7.1.0.1140
calibre
CCleaner
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CyberLink MediaShow
DataCAD®
DataCAD® for Windows®
DGOControls
DivX
Download Updater (AOL LLC)
easy gadget
Enterprise
ESET Online Scanner v3
FastStone Image Viewer 4.0
Foxit Creator
Foxit PDF Editor
Foxit Reader
Free Window Registry Repair
GoldWave v5.12
Google Books Uploader (Java Edition)
Google Update Helper
GoToMeeting 4.8.0.723
GPL Ghostscript Lite 8.70
Hardlock Device Driver
HomeGauge4
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PSC & Officejet 5.3.B Corporate Edition
IBP 11.7.9
Image Resizer Powertoy for Windows XP
Intel® Network Connections Drivers
IsoBuster 2.7
Java 2 Runtime Environment, SE v1.4.1_02
Java Auto Updater
Java™ 6 Update 22
K-Lite Codec Pack 5.4.0 (Full)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Fix it Center
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.5
Microsoft Office Word Viewer 2003
Microsoft Plus! for Windows XP
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft® Stock Actions for the Research Task Pane
Mozilla Firefox 8.0 (x86 en-US)
MozyHome
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NCH Toolbox
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Password Corral v4.0
Pivot Pro Plugin
PowerISO
QFolder
Quicken WillMaker Plus 2007
QuickTime
Rapport
RealPlayer
Scan
SDK
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SketchUp DWG Importer
Skype Toolbars
Skype™ 4.2
The Rosetta Stone
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinFast Multimedia Driver Installation
WinFast® PVR
WinSplit Revolution (v11.04)
WorldWinner Games
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
11/6/2011 12:12:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/6/2011 11:56:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mozyFilter MpFilter SCDEmu
11/6/2011 11:55:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/6/2011 10:49:34 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
11/4/2011 8:26:25 PM, error: Print [6161] - The document Untitled - Notepad owned by Lee failed to print on printer hp officejet 6100 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 920. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\LIVINGROOM. Win32 error code returned by the print processor: 2 (0x2).
11/4/2011 8:24:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
11/4/2011 8:03:23 PM, error: Print [6161] - The document Untitled - Notepad owned by Lee failed to print on printer hp officejet 6100 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 924. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\LIVINGROOM. Win32 error code returned by the print processor: 2 (0x2).
11/4/2011 7:55:31 PM, error: Print [6161] - The document Test Page owned by Lee failed to print on printer hp officejet 6100 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 78416. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\LIVINGROOM. Win32 error code returned by the print processor: 2 (0x2).
11/4/2011 7:54:16 PM, error: Print [6161] - The document Hunnicut Invoice owned by Lee failed to print on printer hp officejet 6100 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\LIVINGROOM. Win32 error code returned by the print processor: 2 (0x2).
11/4/2011 7:53:46 PM, error: Print [6161] - The document Hunnicut Invoice owned by Lee failed to print on printer hp officejet 6100 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 251556. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\LIVINGROOM. Win32 error code returned by the print processor: 2 (0x2).
.
==== End Of File ===========================


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-11 12:03:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-22CAA0 rev.16.06V16
Running: gmer.exe; Driver: C:\DOCUME~1\LEECUR~1\LOCALS~1\Temp\pwdyapod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xF5C69FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF5C6AA56]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ZwCreateThread [0xF5E50130]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF5C6ABD4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xF5C6E27C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xF5C6E2AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xF5C6E410]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF5C6AB2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xF5C6A104]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xF5C6A2F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xF5C6A428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF5C6E386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF5C6E2F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xF5C6E322]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xF5C6E354]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xF5C69F66]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF5C6AC40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xF5C6E214]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xF5C69F02]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xF5C69E56]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xF5C69E9E]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7213360, 0x24BB1D, 0xE8000020]
.text C:\WINDOWS\System32\drivers\hardlock.sys section is writeable [0xB89C0400, 0x4C904, 0xE0000020]
.protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xB8A24A20] C:\WINDOWS\System32\drivers\hardlock.sys entry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xB8A24A20]
.protect’’’’hardlockunknown last code section [0xB8A24800, 0x548B, 0xE0000020] C:\WINDOWS\System32\drivers\hardlock.sys unknown last code section [0xB8A24800, 0x548B, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Lee Curtis\Cookies\32PC0MAG.txt 399 bytes
File C:\Documents and Settings\Lee Curtis\Cookies\3Q9D7AQT.txt 2710 bytes
File C:\Documents and Settings\Lee Curtis\Cookies\NBO5H9SN.txt 0 bytes
File C:\Documents and Settings\Lee Curtis\Cookies\UK3BO3SN.txt 275 bytes
File C:\Documents and Settings\Lee Curtis\Cookies\Y1X9EM6C.txt 0 bytes
File C:\Documents and Settings\Lee Curtis\Local Settings\Temporary Internet Files\Content.IE5\0T3Z4DQT\ads728[2].htm 0 bytes
File C:\Documents and Settings\Lee Curtis\Local Settings\Temporary Internet Files\Content.IE5\0T3Z4DQT\iframe[1].htm 0 bytes
File C:\Documents and Settings\Lee Curtis\Local Settings\Temporary Internet Files\Content.IE5\TBRNWLQG\data_sync[1].htm 0 bytes
File C:\Documents and Settings\Lee Curtis\Local Settings\Temporary Internet Files\Content.IE5\U8KBDLP0\COLU-0421_OHE_Glove%20with%20Vizu_300x250_ban_1111011500_ff[1].swf 40262 bytes
File C:\Documents and Settings\Lee Curtis\Local Settings\Temporary Internet Files\Content.IE5\U8KBDLP0\1-LeadBuilder123_728x90[1].swf 0 bytes
File C:\Documents and Settings\Lee Curtis\Local Settings\Temporary Internet Files\Content.IE5\ZFX6BZ9Y\andes_c[1].html 0 bytes
File C:\Documents and Settings\Lee Curtis\Local Settings\Temporary Internet Files\Content.IE5\ZFX6BZ9Y\339920219[1].js 147 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:05 AM

Posted 13 November 2011 - 10:58 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:05 AM

Posted 16 November 2011 - 10:07 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:05 AM

Posted 19 November 2011 - 12:17 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users