Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus.win32.agent.mpq


  • This topic is locked This topic is locked
38 replies to this topic

#1 Jekth

Jekth

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 30 November 2011 - 10:56 AM

Hello, This is my first post on a forum like this.Running windows XP sp3 on HP laptop. Ran MBAM the other night in safemode after getting some weird pop-up that said programs were being blocked from accessing the internet and all of a sudden I'm getting the "limited or no connectivity" along with ad-aware scans showing the virus.win32.agent.mpq and an unknown. MBAM comes up clean but ad-aware states that it has deleted a high risk but running it again a minute later, they are back. Started running SuperAntiSpyware and it found 148 tracking cookies. Restarted and the keyboard was disabled. Chkdsk found one error and fixed it. Keyboard still disabled. Repaired windows from disk and now I'm back to SP2 and loaded keyboard driver in safemode under admin. Inernet connection is letting very little traffic thru, "acquiring" status and downloading windows updates. None of my malware programs will run and d.d.s. is locking up after about five minutes. I'm posting and downloading from my desktop and transferring files back and forth with a flash drive since the internet connection isn't working.

Please Help.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 AM

Posted 05 December 2011 - 11:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430065 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 05 December 2011 - 01:40 PM

It's been a few days and a friend (PhD. in CS) told me to run combofix and use the recovery console. I've also run windows standalone security essentials and it picked up the "Trojan:Dos/Alureon.E" but could not remove or quarantine. The Dr. told me to get Gparted and delete the partition that the virus had installed itself in. MSSE scans come up clean now and I can run DDS and GMER. I had to uninstall all other virus and spyware scanners as they can no longer be accessed. I have an old copy of GMER on the desktop that cannot be deleted, renamed or accessed in any way. And, the keyboard and mouse are no longer functioning. Device manager is listing keyboard as unknown and drivers for both devices are getting the code 39 error. Using a borrowed usb keyboard to operate. Internet connection is working. I have the SP2 restore disk.

Here are the DDS and GMER logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Amanda at 8:36:35 on 2011-12-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.581 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Eset NOD32 antivirus system 2.50 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\amanda\startm~1\programs\startup\canoni~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_26.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: san-diego.ca.us\arcc.co
DPF: {03A89EFD-E023-B100-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://nelsonphoto.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://tempo5.sandicor.com/5.2.03.11234/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://century21.webex.com/client/T27L10NSP25/training/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{025EC115-8E19-4D4C-BFF9-CE703658DE0C} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\amanda\application data\mozilla\firefox\profiles\4hc5f5li.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\amanda\application data\mozilla\firefox\profiles\4hc5f5li.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\documents and settings\amanda\application data\mozilla\firefox\profiles\4hc5f5li.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\documents and settings\amanda\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\amanda\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\amanda\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInst11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl7046acad;MpKsl7046acad;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04683d1c-b28f-48ca-99bc-e386b0440521}\MpKsl7046acad.sys [2011-12-5 29904]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 MpKsl94fcae77;MpKsl94fcae77;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{908d223f-1219-4bc8-b76b-9c6e56019527}\mpksl94fcae77.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{908d223f-1219-4bc8-b76b-9c6e56019527}\MpKsl94fcae77.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 130248]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 130248]
.
=============== Created Last 30 ================
.
2011-12-05 16:22:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04683d1c-b28f-48ca-99bc-e386b0440521}\MpKsl7046acad.sys
2011-12-05 16:21:54 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04683d1c-b28f-48ca-99bc-e386b0440521}\offreg.dll
2011-12-05 01:50:46 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-05 01:50:41 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-05 01:50:40 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-05 01:50:35 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-05 01:50:29 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-05 01:49:38 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-05 01:49:32 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-05 01:49:30 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-12-05 01:49:22 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-12-05 01:49:20 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-12-05 01:49:18 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-05 01:48:09 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-12-05 01:48:04 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-12-05 01:46:59 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2011-12-05 01:45:58 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-12-05 01:45:52 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-12-05 01:45:43 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-12-05 01:45:37 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-12-05 01:45:29 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-12-05 01:45:23 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-12-05 01:45:16 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-12-05 01:45:11 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-12-05 01:45:07 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-12-05 01:45:01 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2011-12-05 01:43:56 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-12-05 01:43:49 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-12-05 01:43:48 94784 -c--a-w- c:\windows\system32\dllcache\twain.dll
2011-12-05 01:43:48 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2011-12-05 01:43:37 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-12-05 01:43:32 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-12-05 01:43:28 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-12-05 01:43:23 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-12-05 01:43:18 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-12-05 01:43:14 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-12-05 01:43:08 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-12-05 01:43:04 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-12-05 01:43:02 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-12-05 01:41:56 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-12-05 01:41:55 15360 -c--a-w- c:\windows\system32\dllcache\taskman.exe
2011-12-05 01:41:47 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-12-05 01:41:43 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-12-05 01:41:38 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-12-05 01:41:29 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-12-05 01:41:25 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-12-05 01:41:21 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-12-05 01:41:17 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-12-05 01:41:12 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-12-05 01:41:08 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-12-05 01:41:04 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-12-05 01:39:52 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-12-05 01:38:59 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-12-05 01:37:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2011-12-05 01:37:57 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2011-12-05 01:37:53 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-12-05 01:37:49 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-12-05 01:37:43 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-12-05 01:37:39 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-12-05 01:37:35 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-12-05 01:37:30 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2011-12-05 01:37:30 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-12-05 01:37:09 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-12-05 01:37:05 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-12-05 01:37:01 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-12-05 01:35:54 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-12-05 01:35:50 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-12-05 01:35:46 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-12-05 01:35:42 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2011-12-05 01:35:38 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-12-05 01:35:34 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2011-12-05 01:35:30 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-12-05 01:35:26 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2011-12-05 01:35:22 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2011-12-05 01:35:17 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2011-12-05 01:35:13 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2011-12-05 01:35:06 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2011-12-05 01:35:01 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2011-12-05 01:33:58 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-12-05 01:32:59 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-12-05 01:31:57 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2011-12-05 01:30:59 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2011-12-05 01:29:46 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-12-05 01:29:42 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-12-05 01:29:28 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-12-05 01:29:28 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-12-05 01:29:22 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-12-05 01:29:18 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-12-05 01:29:16 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-12-05 01:29:08 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-12-05 01:29:04 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-12-05 01:27:58 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2011-12-05 01:27:54 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2011-12-05 01:27:51 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2011-12-05 01:27:47 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-12-05 01:27:43 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-12-05 01:27:39 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2011-12-05 01:27:36 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2011-12-05 01:27:32 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-12-05 01:27:28 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-12-05 01:27:23 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-12-05 01:26:56 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-12-05 01:26:54 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-12-05 01:26:44 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-12-05 01:26:29 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-12-05 01:26:27 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-12-05 01:26:06 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-12-05 01:26:00 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-12-05 01:25:58 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-12-05 01:25:44 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-12-05 01:25:24 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-12-05 01:25:13 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-12-05 01:25:02 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-12-05 01:23:57 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2011-12-05 01:22:56 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-12-05 01:21:59 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-12-05 01:20:57 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2011-12-05 01:19:58 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-12-05 01:18:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-12-05 01:17:58 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2011-12-05 01:16:57 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2011-12-05 01:15:59 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2011-12-05 01:14:57 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2011-12-05 01:13:59 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2011-12-05 01:12:57 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-12-05 01:11:58 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2011-12-05 01:10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-12-05 01:09:59 19456 -c--a-w- c:\windows\system32\dllcache\ativttxx.sys
2011-12-05 01:08:59 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2011-12-05 01:08:58 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-12-05 01:08:57 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2011-12-05 01:08:56 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-12-05 01:08:54 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2011-12-05 01:08:53 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-12-05 01:08:52 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-12-05 01:08:52 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-12-05 01:08:51 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-12-05 01:08:20 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2011-12-05 01:08:13 25600 -c--a-w- c:\windows\system32\dllcache\twunk_32.exe
2011-12-05 01:08:12 49680 -c--a-w- c:\windows\system32\dllcache\twunk_16.exe
2011-12-05 01:07:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-12-05 01:07:03 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-12-05 01:07:03 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-12-05 01:07:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2011-12-05 01:06:59 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-12-05 01:06:58 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-12-05 01:06:57 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-12-04 21:05:28 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-04 21:04:41 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04683d1c-b28f-48ca-99bc-e386b0440521}\mpengine.dll
2011-12-03 20:06:46 2148864 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-12-03 20:06:43 2027008 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-12-03 19:14:02 9728 -c--a-w- c:\windows\system32\dllcache\rwnh.dll
2011-12-03 19:14:02 10752 -c--a-w- c:\windows\system32\dllcache\smtpapi.dll
2011-12-03 19:13:59 221696 -c--a-w- c:\windows\system32\dllcache\seo.dll
2011-12-03 19:13:58 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2011-12-03 19:13:07 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2011-12-03 19:13:06 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2011-12-03 19:13:01 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2011-12-03 19:11:59 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2011-12-03 19:10:58 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2011-12-03 19:10:58 46592 -c--a-w- c:\windows\system32\dllcache\svcext51.dll
2011-12-03 19:10:41 24064 -c--a-w- c:\windows\system32\dllcache\evntcmd.exe
2011-12-03 19:10:31 285184 -c--a-w- c:\windows\system32\dllcache\fxscomex.dll
2011-12-03 19:10:30 23552 -c--a-w- c:\windows\system32\dllcache\fxsmon.dll
2011-12-03 19:10:15 236544 -c--a-w- c:\windows\system32\dllcache\smi2smir.exe
2011-12-03 19:10:06 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2011-12-03 19:09:58 92160 -c--a-w- c:\windows\system32\dllcache\evntwin.exe
2011-12-03 19:09:56 267776 -c--a-w- c:\windows\system32\dllcache\fxssvc.exe
2011-12-03 19:09:37 6144 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll
2011-12-03 19:09:33 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2011-12-03 19:09:14 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2011-12-03 19:09:14 188416 -c--a-w- c:\windows\system32\dllcache\snmpsmir.dll
2011-12-03 19:08:35 6656 -c--a-w- c:\windows\system32\dllcache\fxsres.dll
2011-12-03 19:08:29 246272 -c--a-w- c:\windows\system32\dllcache\fxst30.dll
2011-12-03 19:08:26 23552 -c--a-w- c:\windows\system32\dllcache\fxsext32.dll
2011-12-03 19:08:21 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2011-12-03 19:08:10 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-12-03 19:08:10 451584 -c--a-w- c:\windows\system32\dllcache\fxsapi.dll
2011-12-03 19:08:09 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2011-12-03 19:08:04 562176 -c--a-w- c:\windows\system32\dllcache\fxsst.dll
2011-12-03 19:07:52 192512 -c--a-w- c:\windows\system32\dllcache\fxswzrd.dll
2011-12-03 19:07:49 229376 -c--a-w- c:\windows\system32\dllcache\fxscover.exe
2011-12-03 19:07:16 33280 -c--a-w- c:\windows\system32\dllcache\snmp.exe
2011-12-03 19:07:10 8704 -c--a-w- c:\windows\system32\dllcache\snmptrap.exe
2011-12-03 19:07:01 397312 -c--a-w- c:\windows\system32\dllcache\fxstiff.dll
2011-12-03 19:06:48 358400 -c--a-w- c:\windows\system32\dllcache\snmpincl.dll
2011-12-03 19:06:45 72192 -c--a-w- c:\windows\system32\dllcache\fxscom.dll
2011-12-03 19:06:33 8704 -c--a-w- c:\windows\system32\dllcache\fxsperf.dll
2011-12-03 19:06:26 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2011-12-03 19:06:18 154112 -c--a-w- c:\windows\system32\dllcache\fxsui.dll
2011-12-03 19:05:58 55296 -c--a-w- c:\windows\system32\dllcache\fxsevent.dll
2011-12-03 19:05:55 27648 -c--a-w- c:\windows\system32\dllcache\rw001ext.dll
2011-12-03 19:05:54 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2011-12-03 19:05:21 26624 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2011-12-03 19:05:06 29184 -c--a-w- c:\windows\system32\dllcache\rw330ext.dll
2011-12-03 19:05:02 10752 -c--a-w- c:\windows\system32\dllcache\hh.exe
2011-12-03 19:04:48 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2011-12-03 19:04:37 142848 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2011-12-03 19:04:31 456192 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2011-12-03 19:04:18 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2011-12-03 19:04:08 50688 -c--a-w- c:\windows\system32\dllcache\twain_32.dll
2011-12-03 19:03:52 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2011-12-03 19:03:52 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2011-12-03 19:03:51 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2011-12-03 19:03:46 283648 -c--a-w- c:\windows\system32\dllcache\winhlp32.exe
2011-12-03 18:54:04 19569 ----a-w- c:\windows\003210_.tmp
2011-12-03 18:15:53 94247 ----a-w- c:\windows\system32\Vxdif.dll
2011-12-03 18:15:53 109319 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-12-03 18:15:53 -------- d-----w- c:\program files\Apoint2K
2011-12-03 18:11:04 7432 ----a-w- c:\windows\system32\drivers\eabfiltr.sys
2011-12-03 18:11:04 5220 ----a-w- c:\windows\system32\drivers\EabUsb.sys
2011-12-03 18:10:55 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2011-12-03 18:10:55 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2011-12-03 18:10:54 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2011-12-03 02:53:44 -------- d-----w- c:\program files\Synaptics
2011-12-03 01:42:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-03 01:19:11 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-11-30 22:47:33 -------- d-----w- c:\windows\Standalone System Sweeper
2011-11-30 18:12:15 -------- d-----w- c:\program files\MSXML 6.0
2011-11-30 00:50:07 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2011-11-30 00:50:07 1419232 ------w- c:\windows\system32\wdfcoinstaller01005.dll
2011-11-29 23:14:06 480768 ----a-w- c:\windows\system32\Audiodev.dll
2011-11-29 23:14:06 360448 ----a-w- c:\windows\system32\l3codecp.acm
2011-11-29 23:14:05 175104 ----a-w- c:\windows\system32\wmpsrcwp.dll
2011-11-29 23:14:04 1589760 ----a-w- c:\windows\system32\wmpencen.dll
2011-11-29 23:07:59 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-11-29 23:07:59 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2011-11-29 23:07:58 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2011-11-29 23:07:58 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
2011-11-29 23:07:58 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2011-11-29 23:07:58 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2011-11-29 23:07:58 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-11-29 23:07:58 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
2011-11-29 21:59:46 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2011-11-29 21:59:46 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2011-11-29 21:59:46 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2011-11-29 21:59:46 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2011-11-29 21:59:45 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2011-11-29 21:59:45 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2011-11-29 21:58:49 13753 ----a-r- c:\windows\SET17A.tmp
2011-11-29 21:58:41 1086058 ----a-r- c:\windows\SET16E.tmp
2011-11-29 21:58:38 1042903 ----a-r- c:\windows\SET16B.tmp
2011-11-29 16:19:54 -------- d-----w- c:\documents and settings\amanda\application data\SUPERAntiSpyware.com
2011-11-29 16:19:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-29 16:19:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-28 20:52:42 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-28 20:52:42 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-28 01:21:25 -------- d-sh--w- c:\documents and settings\amanda\local settings\application data\1cf6efbe
2011-11-07 03:06:35 -------- d-----w- c:\documents and settings\amanda\local settings\application data\PhotoChannel
.
==================== Find3M ====================
.
2011-12-03 19:49:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 19:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 19:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
.
============= FINISH: 8:40:08.87 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-05 10:35:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4025GAS rev.KA101A
Running: lons2shs.exe; Driver: C:\DOCUME~1\Amanda\LOCALS~1\Temp\fxtdqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Amanda\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2184] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2184] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2184] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2184] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011FFAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:13 AM

Posted 06 December 2011 - 07:27 PM

Hello Jekth,

My name is ratman. I'll be helping you with your computer problems.

Thanks for posting your log. Logs take a while to process due to intensive research that must be done. Please give me some time to look over your logs and I will post back soon.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 06 December 2011 - 08:23 PM

Ok, great. I really appreciate the help. Thank you.

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:13 AM

Posted 07 December 2011 - 12:38 PM

Hello Jekth,

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Can you copy/paste the log from scan you ran with ComboFix previously. It can be found at C:\ComboFix.txt
Can you run another scan with Combofix and also post the fresh log in your next reply.

=====================================================================================

I'd like you to run a scan with aswMBR
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================



Junction

We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

===================================================================================



In your next reply, please copy/paste the contents of the following:
  • original ComboFix log C:\ComboFix.txt
  • new C:\ComboFix.txt
  • aswMBR Log
  • log.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 07 December 2011 - 01:35 PM

C:\ComboFix.txt isn't there. The previous version was uninstalled. Would it have deleted the log file too? I downloaded combofix to the desktop and tried to run it. Warning: "Eset NOD32 antivirus system 2.50" is active. I can't find any instance of that program on my machine. OK'd twice then combo fix gave me "Terminal Error - Missing file C:\windows\regedit.exe is missing Copy one from another machine."

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-07 10:13:57
-----------------------------
10:13:57.265 OS Version: Windows 5.1.2600 Service Pack 3
10:13:57.265 Number of processors: 1 586 0x1C00
10:13:57.265 ComputerName: KELLY UserName:
10:13:57.953 Initialize success
10:14:10.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:14:10.859 Disk 0 Vendor: TOSHIBA_MK4025GAS KA101A Size: 38154MB BusType: 3
10:14:12.953 Disk 0 MBR read successfully
10:14:12.953 Disk 0 MBR scan
10:14:12.968 Disk 0 Windows XP default MBR code
10:14:12.984 Disk 0 scanning sectors +78124095
10:14:13.078 Disk 0 scanning C:\WINDOWS\system32\drivers
10:14:25.406 Service scanning
10:14:26.484 Service MpKsl31a5ea06 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC6F3DB6-4A70-4BE5-B939-1CD9A4971618}\MpKsl31a5ea06.sys **LOCKED** 32
10:14:27.187 Modules scanning
10:15:04.734 Disk 0 trace - called modules:
10:15:04.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:15:04.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8897eab8]
10:15:04.859 3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\00000076[0x889d59e8]
10:15:05.250 5 ACPI.sys[f7427620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x889d5d98]
10:15:05.281 Scan finished successfully
10:16:44.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Amanda\Desktop\MBR.dat"
10:16:44.687 The log file has been saved successfully to "C:\Documents and Settings\Amanda\Desktop\aswMBR.txt"



Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin: Access is denied.


..

...

...

...

...

.
Failed to open \\?\c:\\Documents and Settings\Amanda\Desktop\lz8e88qj.exe: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

...

...

...

...

...

...

...

...

...

...

...

...

...

...

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:13 AM

Posted 07 December 2011 - 02:08 PM

Hello Jekth,

Please try installing and running ComboFix using the following instructions

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop.
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 07 December 2011 - 06:16 PM

Sorry it took so long. I downloaded and installed combofix from the link. It was giving me the same errors as before. I ran a search on the hard drive for "eset," "NOD32," and "eset NOD32." Nothing came up. I did find the regedit.exe file in the i386 and copied it to the c:/windows folder. I was then able to run combofix. Here's the log:

ComboFix 11-12-06.02 - Amanda 12/07/2011 14:49:23.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1150.622 [GMT -8:00]
Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.50 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Amanda\g2mdlhlpx.exe
c:\documents and settings\Amanda\My Documents\~WRL0003.tmp
c:\documents and settings\Amanda\My Documents\~WRL0004.tmp
c:\documents and settings\Amanda\My Documents\~WRL0175.tmp
c:\documents and settings\Amanda\My Documents\~WRL1332.tmp
c:\documents and settings\Amanda\My Documents\~WRL1372.tmp
c:\documents and settings\Amanda\My Documents\~WRL2356.tmp
c:\documents and settings\Amanda\My Documents\~WRL2441.tmp
c:\documents and settings\Amanda\My Documents\~WRL3140.tmp
c:\windows\CSC\d6
c:\windows\system32\
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1cf6efbe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-07 23:00 . 2011-12-07 23:01 -------- d-----w- C:\7e9d331197db435351d088eb84da9e
2011-12-07 22:59 . 2011-12-07 22:59 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9EFDBFC-7862-43CC-9C81-7689ED407CA1}\offreg.dll
2011-12-07 19:37 . 2008-04-14 13:42 146432 ------w- c:\windows\regedit.exe
2011-12-07 18:44 . 2011-11-30 10:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9EFDBFC-7862-43CC-9C81-7689ED407CA1}\mpengine.dll
2011-12-05 15:22 . 2011-12-05 15:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2011-12-05 15:14 . 2011-12-05 15:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-12-05 01:39 . 2001-08-18 06:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-12-05 01:39 . 2001-08-18 06:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-12-05 01:36 . 2001-08-18 06:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-12-05 01:36 . 2001-08-18 06:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-12-05 01:34 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-12-05 01:29 . 2001-08-18 06:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-12-05 01:24 . 2001-08-18 06:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-12-05 01:22 . 2001-08-17 20:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-12-05 01:22 . 2001-08-18 06:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-12-05 01:22 . 2001-08-17 21:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-12-05 01:20 . 2001-08-17 22:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2011-12-05 01:19 . 2001-08-17 21:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-12-05 01:18 . 2001-08-18 06:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-12-05 01:17 . 2001-08-17 20:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2011-12-05 01:16 . 2001-08-17 20:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2011-12-05 01:15 . 2001-08-17 20:19 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2011-12-05 01:14 . 2001-08-17 20:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2011-12-05 01:13 . 2001-08-17 20:13 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2011-12-05 01:12 . 2001-08-17 20:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-12-05 01:11 . 2001-08-17 21:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2011-12-05 01:10 . 2001-08-17 21:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-12-05 01:09 . 2001-08-17 20:49 19456 -c--a-w- c:\windows\system32\dllcache\ativttxx.sys
2011-12-05 01:08 . 2001-08-18 06:36 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2011-12-05 01:08 . 2001-08-18 06:36 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-12-05 01:08 . 2001-08-17 22:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2011-12-05 01:08 . 2008-04-14 08:16 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-12-05 01:08 . 2008-04-14 08:10 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2011-12-05 01:08 . 2001-08-17 20:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-12-05 01:08 . 2001-08-17 22:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-12-05 01:08 . 2001-08-17 21:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-12-05 01:08 . 2001-08-17 22:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-12-05 01:07 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-12-05 01:07 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-12-05 01:07 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2011-12-05 01:06 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-12-05 01:06 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-12-05 01:06 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-12-04 21:05 . 2011-11-30 10:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-03 19:13 . 2007-04-03 08:12 1327320 ------w- c:\program files\MSN\MSNCoreFiles\Install\msnsusii.exe
2011-12-03 19:13 . 2007-04-03 08:04 884712 ------w- c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\digcore.exe
2011-12-03 19:13 . 2007-04-03 08:09 11053008 ------w- c:\program files\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe
2011-12-03 19:12 . 2008-04-14 13:40 229376 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obelog.dll
2011-12-03 19:12 . 2008-04-14 13:40 966656 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obemetal.dll
2011-12-03 19:12 . 2008-04-14 13:40 86016 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obepopc.dll
2011-12-03 19:12 . 2007-04-03 08:14 77824 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obemtllc.dll
2011-12-03 19:12 . 2008-04-14 13:41 25088 -c--a-w- c:\windows\system32\dllcache\iisadmin.dll
2011-12-03 19:12 . 2008-04-14 13:41 125952 -c--a-w- c:\windows\system32\dllcache\ftpsv251.dll
2011-12-03 19:12 . 2008-04-14 13:41 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-12-03 19:12 . 2008-04-14 13:41 829440 -c--a-w- c:\windows\system32\dllcache\inetmgr.dll
2011-12-03 19:12 . 2008-04-14 13:41 108544 -c--a-w- c:\windows\system32\dllcache\appconf.dll
2011-12-03 19:12 . 2008-04-14 13:42 15360 -c--a-w- c:\windows\system32\dllcache\inetin51.exe
2011-12-03 19:12 . 2008-04-14 13:41 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2011-12-03 19:12 . 2008-04-14 13:41 6144 -c--a-w- c:\windows\system32\dllcache\ftpmib.dll
2011-12-03 19:10 . 2008-04-14 13:42 24064 -c--a-w- c:\windows\system32\dllcache\evntcmd.exe
2011-12-03 19:10 . 2008-04-14 13:41 285184 -c--a-w- c:\windows\system32\dllcache\fxscomex.dll
2011-12-03 19:10 . 2008-04-14 13:41 23552 -c--a-w- c:\windows\system32\dllcache\fxsmon.dll
2011-12-03 19:09 . 2008-04-14 13:42 92160 -c--a-w- c:\windows\system32\dllcache\evntwin.exe
2011-12-03 19:09 . 2008-04-14 13:42 267776 -c--a-w- c:\windows\system32\dllcache\fxssvc.exe
2011-12-03 19:09 . 2008-04-14 13:41 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2011-12-03 19:09 . 2008-04-14 13:41 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2011-12-03 19:08 . 2008-04-14 13:39 6656 -c--a-w- c:\windows\system32\dllcache\fxsres.dll
2011-12-03 19:08 . 2008-04-14 13:41 246272 -c--a-w- c:\windows\system32\dllcache\fxst30.dll
2011-12-03 19:08 . 2008-04-14 13:41 23552 -c--a-w- c:\windows\system32\dllcache\fxsext32.dll
2011-12-03 19:08 . 2008-04-14 13:41 451584 -c--a-w- c:\windows\system32\dllcache\fxsapi.dll
2011-12-03 19:08 . 2008-04-14 13:41 562176 -c--a-w- c:\windows\system32\dllcache\fxsst.dll
2011-12-03 19:07 . 2008-04-14 13:41 192512 -c--a-w- c:\windows\system32\dllcache\fxswzrd.dll
2011-12-03 19:07 . 2008-04-14 13:42 229376 -c--a-w- c:\windows\system32\dllcache\fxscover.exe
2011-12-03 19:07 . 2008-04-14 13:41 397312 -c--a-w- c:\windows\system32\dllcache\fxstiff.dll
2011-12-03 19:06 . 2008-04-14 13:41 72192 -c--a-w- c:\windows\system32\dllcache\fxscom.dll
2011-12-03 19:06 . 2008-04-14 13:41 8704 -c--a-w- c:\windows\system32\dllcache\fxsperf.dll
2011-12-03 19:06 . 2008-04-14 13:41 154112 -c--a-w- c:\windows\system32\dllcache\fxsui.dll
2011-12-03 19:05 . 2008-04-14 13:41 55296 -c--a-w- c:\windows\system32\dllcache\fxsevent.dll
2011-12-03 19:05 . 2008-04-14 13:41 26624 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2011-12-03 19:05 . 2008-04-14 13:42 10752 -c--a-w- c:\windows\system32\dllcache\hh.exe
2011-12-03 19:04 . 2008-04-14 13:41 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2011-12-03 19:04 . 2008-04-14 13:42 142848 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2011-12-03 19:03 . 2008-04-14 13:41 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2011-12-03 19:03 . 2008-04-14 13:41 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2011-12-03 18:54 . 2006-12-29 08:31 19569 ----a-w- c:\windows\003210_.tmp
2011-12-03 18:15 . 2011-12-03 18:16 -------- d-----w- c:\program files\Apoint2K
2011-12-03 18:15 . 2005-02-01 01:23 109319 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-12-03 18:15 . 2005-01-28 00:46 94247 ----a-w- c:\windows\system32\Vxdif.dll
2011-12-03 18:11 . 2004-04-14 15:36 7432 ----a-w- c:\windows\system32\drivers\eabfiltr.sys
2011-12-03 18:11 . 2003-06-06 19:46 5220 ----a-w- c:\windows\system32\drivers\EabUsb.sys
2011-12-03 18:10 . 2007-06-08 21:46 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2011-12-03 18:10 . 2006-06-30 13:46 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2011-12-03 18:10 . 2005-10-31 22:30 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2011-12-03 18:10 . 2011-12-03 18:10 -------- d-----w- c:\documents and settings\Amanda\Application Data\InstallShield
2011-12-03 02:53 . 2011-12-03 02:53 -------- d-----w- c:\program files\Synaptics
2011-12-03 01:42 . 2011-12-03 01:43 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-30 22:47 . 2011-11-30 22:48 -------- d-----w- c:\windows\Standalone System Sweeper
2011-11-30 19:52 . 2011-11-30 19:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-11-30 18:12 . 2011-11-30 18:12 -------- d-----w- c:\program files\MSXML 6.0
2011-11-30 17:53 . 2011-11-30 17:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-11-30 00:50 . 2007-06-19 00:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2011-11-30 00:50 . 2006-11-02 14:09 1419232 ------w- c:\windows\system32\wdfcoinstaller01005.dll
2011-11-29 23:50 . 2011-11-29 23:50 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-29 23:27 . 2009-08-07 03:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2011-11-29 23:27 . 2009-08-07 03:24 35552 ----a-w- c:\windows\system32\wups.dll
2011-11-29 23:27 . 2009-08-07 03:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2011-11-29 23:27 . 2009-08-07 03:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-11-29 23:27 . 2009-08-07 03:24 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2011-11-29 23:27 . 2009-08-07 03:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-11-29 23:27 . 2009-08-07 03:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-11-29 23:14 . 2004-08-11 08:45 480768 ----a-w- c:\windows\system32\Audiodev.dll
2011-11-29 23:14 . 2004-08-11 08:45 360448 ----a-w- c:\windows\system32\l3codecp.acm
2011-11-29 23:14 . 2004-08-11 08:45 175104 ----a-w- c:\windows\system32\wmpsrcwp.dll
2011-11-29 23:14 . 2004-08-11 08:45 1589760 ----a-w- c:\windows\system32\wmpencen.dll
2011-11-29 23:07 . 2008-04-14 13:41 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-11-29 23:07 . 2008-04-14 13:41 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-11-29 23:07 . 2008-04-14 13:42 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2011-11-29 23:07 . 2008-04-14 13:42 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-11-29 23:07 . 2008-04-14 13:42 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2011-11-29 23:07 . 2008-04-14 13:42 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-11-29 23:07 . 2008-04-14 13:42 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-11-29 23:07 . 2008-04-14 13:42 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-11-29 21:59 . 2007-04-03 07:56 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2011-11-29 21:59 . 2007-04-03 07:56 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2011-11-29 21:59 . 2007-04-03 07:56 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 19:49 . 2011-06-02 20:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 19:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 19:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 18:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-12-05 21:29 . 2011-10-18 17:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-09 184320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-09 159744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Amanda\Start Menu\Programs\Startup\
Canon IJ Status Monitor Canon MX410 series Printer.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2004-11-10 184320]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 05:34 49152 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-04-01 22:11 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"iPodService"=3 (0x3)
"KodakCCS"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"ERSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AudioSrv"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 7:18 AM 200192]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsl3fec5ef2;MpKsl3fec5ef2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9EFDBFC-7862-43CC-9C81-7689ED407CA1}\MpKsl3fec5ef2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9EFDBFC-7862-43CC-9C81-7689ED407CA1}\MpKsl3fec5ef2.sys [?]
S1 MpKsl94fcae77;MpKsl94fcae77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{908D223F-1219-4BC8-B76B-9C6E56019527}\MpKsl94fcae77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{908D223F-1219-4BC8-B76B-9C6E56019527}\MpKsl94fcae77.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 3:30 PM 130248]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 3:30 PM 130248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 23:30]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 23:30]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2737413111-3333861640-1396446624-1005Core.job
- c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 03:40]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2737413111-3333861640-1396446624-1005UA.job
- c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 03:40]
.
2011-12-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: san-diego.ca.us\arcc.co
TCP: DhcpNameServer = 192.168.0.1
DPF: {03A89EFD-E023-B100-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://nelsonphoto.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://tempo5.sandicor.com/5.2.03.11234/Control/IRCSharc.cab
FF - ProfilePath - c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\4hc5f5li.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-The Rosetta Stone - c:\windows\unvise32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 15:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?6?1?6??????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1416)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-12-07 15:09:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-07 23:08
.
Pre-Run: 3,059,847,168 bytes free
Post-Run: 2,959,675,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EDF5163B6223AD6A34D0418DD86F1C5F

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:13 AM

Posted 07 December 2011 - 07:46 PM

Hi Jekth,

Thanks for the ComboFix log.

While I'm analyzing the log can you give me a full description of how your machine is behaving now please?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 07 December 2011 - 08:07 PM

Hi Ratman,

Everything still pretty much the same. Keyboard not working, mouse not working, Gmer (lz8e88qj) on the desktop can't be deleted, Internet explorer will not run even without add-ons, but MSSE scan comes up clean.

#12 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:13 AM

Posted 08 December 2011 - 02:32 PM

Hello Jekth,

I'd like you to run GrantPerms.
For x86 bit systems please download GrantPerms.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe.
Copy and paste the following in the edit box:

c:\Documents and Settings\Amanda\Desktop\lz8e88qj.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
c:\Documents and Settings\All  Users\Application  Data\Microsoft\Microsoft  Antimalware\Scans\History\CacheManager\MpScanCache-1.bin

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

You should now be able to remove the old copy of GMER from your desktop.
====================================================================================

Mini ToolBox
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

===================================================================================

In your next reply, please copy/paste the contents of the following:
  • Perms.txt
  • MiniToolBox Result.txt
How is your machine running now?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#13 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 08 December 2011 - 03:16 PM

GrantPerms by Farbar
Ran by Amanda (administrator) at 2011-12-08 11:54:33

===============================================
\\?\c:\Documents and Settings\Amanda\Desktop\lz8e88qj.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin> failed with: The system cannot find the path specified.


Operating system error message: The system cannot find the path specified.

MiniToolBox by Farbar
Ran by Amanda (administrator) on 08-12-2011 at 11:57:04
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Disconnected)
Broadcom 802.11b/g WLAN = Wireless Network Connection 1 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 1"

set address name="Wireless Network Connection 1" source=dhcp
set dns name="Wireless Network Connection 1" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 1" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : KELLY

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : san.rr.com



Ethernet adapter Wireless Network Connection 1:



Connection-specific DNS Suffix . : san.rr.com

Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

Physical Address. . . . . . . . . : 00-90-4B-ED-43-A8

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Thursday, December 08, 2011 11:39:50 AM

Lease Expires . . . . . . . . . . : Thursday, December 15, 2011 11:39:50 AM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.224.145, 74.125.224.146, 74.125.224.147, 74.125.224.148
74.125.224.144



Pinging google.com [74.125.224.84] with 32 bytes of data:



Reply from 74.125.224.84: bytes=32 time=52ms TTL=53

Reply from 74.125.224.84: bytes=32 time=87ms TTL=53



Ping statistics for 74.125.224.84:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 52ms, Maximum = 87ms, Average = 69ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=85ms TTL=50

Reply from 209.191.122.70: bytes=32 time=107ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 85ms, Maximum = 107ms, Average = 96ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 90 4b ed 43 a8 ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.101 192.168.0.101 1
169.254.181.47 255.255.255.255 192.168.0.101 192.168.0.101 1
192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 25
192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 25
224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 25
255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2011 11:45:42 AM) (Source: MsiInstaller) (User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (12/07/2011 02:45:24 PM) (Source: MsiInstaller) (User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (12/07/2011 10:02:15 AM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.7903.0, P3 1.117.545.0, P4 1.117.545.0, P5 200015b3e9679dd8_ff9e8bc79c29ec39f7e40d8f965948e30dc5c118, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (12/07/2011 09:45:33 AM) (Source: MsiInstaller) (User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (12/05/2011 00:45:05 PM) (Source: MsiInstaller) (User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (12/05/2011 07:45:08 AM) (Source: MsiInstaller) (User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (12/04/2011 06:46:00 PM) (Source: MsiInstaller) (User: Amanda)Amanda
Description: Product: SolutionCenter -- Error 1905. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error: (12/04/2011 05:46:12 PM) (Source: MsiInstaller) (User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (12/04/2011 00:45:09 PM) (Source: MsiInstaller) (User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.

Error: (12/04/2011 11:57:36 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (12/08/2011 11:40:25 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt
Lbd

Error: (12/08/2011 11:39:59 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/07/2011 03:03:00 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/07/2011 02:59:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt
Lbd

Error: (12/07/2011 02:59:37 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/07/2011 10:03:00 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/07/2011 09:43:06 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt
Lbd

Error: (12/07/2011 09:42:10 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/05/2011 02:10:36 PM) (Source: 0) (User: )
Description: \Device\ACPIEC

Error: (12/05/2011 02:10:02 PM) (Source: 0) (User: )
Description: \Device\ACPIEC


Microsoft Office Sessions:
=========================
Error: (12/08/2011 11:45:42 AM) (Source: MsiInstaller)(User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)

Error: (12/07/2011 02:45:24 PM) (Source: MsiInstaller)(User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)

Error: (12/07/2011 10:02:15 AM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.7903.01.117.545.01.117.545.0200015b3e9679dd8_ff9e8bc79c29ec39f7e40d8f965948e30dc5c118NILNILNILNILNIL

Error: (12/07/2011 09:45:33 AM) (Source: MsiInstaller)(User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)

Error: (12/05/2011 00:45:05 PM) (Source: MsiInstaller)(User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)

Error: (12/05/2011 07:45:08 AM) (Source: MsiInstaller)(User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)

Error: (12/04/2011 06:46:00 PM) (Source: MsiInstaller)(User: Amanda)Amanda
Description: Product: SolutionCenter -- Error 1905. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx failed to unregister. HRESULT -2147220472. Contact your support personnel.(NULL)(NULL)(NULL)

Error: (12/04/2011 05:46:12 PM) (Source: MsiInstaller)(User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)

Error: (12/04/2011 00:45:09 PM) (Source: MsiInstaller)(User: Amanda)Amanda
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)

Error: (12/04/2011 11:57:36 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80240016begininstallinstall3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 7.1.0 (Version: 7.1.0)
ALPS Touch Pad Driver
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Athlon 64 Processor Driver (Version: 1.1.0.18)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5145)
ATI Display Driver (Version: 8.122.1-050411a-022561C)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter
BufferChm (Version: 90.0.146.000)
C4200_doccd (Version: 90.0.200.000)
Canon Easy-PhotoPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 4.1
Canon MX410 series MP Drivers
Canon MX410 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
CCleaner (Version: 3.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant AC-Link Audio
Data Fax SoftModem with SmartCP
FormViewer (Version: 4.1.2886)
FoxyTunes for Firefox
Google Earth Plug-in (Version: 6.1.0.5001)
Google Talk Plugin (Version: 2.5.6.4871)
Google Update Helper (Version: 1.3.21.79)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Product Detection (Version: 11.14.0001)
HP Quick Launch Buttons 6.30 J1 (Version: 6.30 J1)
HP Software Update (Version: 3.0.5.001)
HP Update (Version: 5.003.001.001)
HP Wireless Assistant 1.01 A2 (Version: 1.01 A2)
HpSdpAppCoreApp (Version: 3.00.0000)
ieSpell (Version: 2.6.4 (build 573))
iLinc 11 Client
InterVideo DVD Check
InterVideo WinDVD (Version: 5.0-B11.637)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
KODAK EASYSHARE Gallery Upload ActiveX Control
LS_HSI (Version: 1.0.21.1)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Money 2005 (Version: 14)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
QFolder (Version: 1.00.0000)
Quick Launch Buttons 5.10 B2 (Version: 5.10 B2)
QuickTime (Version: 7.70.80.34)
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.71)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.09.0000)
TIxx21 (Version: 1.09.0000)
Unload (Version: 6.0.0)
UnloadSupport (Version: 9.0.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.0.3 (Version: 1.0.3)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

**** End of log ****

I was able to delete the old Gmer. Thanks! Keyboard and mouse are still out; getting "Fatal error during installation" everytime I restart. IE won't open.

#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:13 AM

Posted 09 December 2011 - 09:57 AM

Hello Jekth,

Now lets work on getting your keyboard/mouse sorted:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    i8042prt*
    
    :service
    i8042prt
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please copy/paste the contents of the following:
  • SystemLook.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 09 December 2011 - 10:32 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 07:24 on 09/12/2011 by Amanda
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt*"
C:\cmdcons\I8042PRT.SY_ --a---- 26025 bytes [07:14 04/08/2004] [07:14 04/08/2004] 819D427AB9DBE6AC2960A585087CB766
C:\I386\I8042PRT.SY_ --a--c- 26025 bytes [13:00 04/08/2004] [13:00 04/08/2004] 819D427AB9DBE6AC2960A585087CB766
C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys -----c- 52736 bytes [18:47 03/12/2011] [07:14 04/08/2004] 5502B58EEF7486EE6F93F3F164DCB808
C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys ------- 52480 bytes [19:06 03/12/2011] [08:48 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\system32\dllcache\i8042prt.sys --a--c- 52480 bytes [12:00 04/08/2004] [08:48 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\system32\drivers\i8042prt.sys --a---- 52480 bytes [12:00 04/08/2004] [08:48 14/04/2008] 4A0B06AA8943C1E332520F7440C0AA30

========== service ==========

i8042prt
i8042 Keyboard and PS/2 Mouse Port Driver
(No Description)
Current Status: Stopped
Startup Type: System
Error Control: Normal
Binary: system32\DRIVERS\i8042prt.sys
Group: Keyboard Port
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users