Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Infection that affected the registry


  • This topic is locked This topic is locked
26 replies to this topic

#1 76Sixers

76Sixers

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 05 December 2011 - 08:15 PM

My helper referred me to this forum. I have posted a link to that thread below:

Infected Computer

I ran a full scan with Malware byte before I sought out help. It found two Trojans and deleted / quarantined them. copied and pasted part of the log below:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mcafee Real-Time scanner won't turn on or scan, my computer crashes a lot now and I get an error message when I try to run most of my programs.

below are the logs the forum requests:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by name at 12:38:14 on 2011-12-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1513 [GMT -6:00]
.
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [nwiz] nwiz.exe /install
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{8C29F9C6-AF2C-4AB7-968A-88103C9B3040} : DhcpNameServer = 172.16.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-3-20 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-4-10 20160]
S3 efipsk;efipsk;\??\c:\docume~1\name~1\locals~1\temp\efipsk.sys --> c:\docume~1\name~1\locals~1\temp\efipsk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-21 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-21 40552]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2005-08-18 08:52:10 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-10-12 23:41:32 2544848 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe
.
============= FINISH: 12:39:41.41 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/26/2003 6:07:08 PM
System Uptime: 12/4/2011 12:22:04 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2394/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 12.936 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2501: 10/9/2011 9:14:39 AM - System Checkpoint
RP2502: 10/10/2011 10:08:34 AM - System Checkpoint
RP2503: 10/11/2011 10:45:02 AM - System Checkpoint
RP2504: 10/12/2011 3:00:18 AM - Software Distribution Service 3.0
RP2505: 10/13/2011 3:54:18 AM - System Checkpoint
RP2506: 10/14/2011 4:52:47 AM - System Checkpoint
RP2507: 10/15/2011 5:46:18 AM - System Checkpoint
RP2508: 10/16/2011 6:43:25 AM - System Checkpoint
RP2509: 10/17/2011 7:37:42 AM - System Checkpoint
RP2510: 10/18/2011 8:31:50 AM - System Checkpoint
RP2511: 10/19/2011 9:26:03 AM - System Checkpoint
RP2512: 10/20/2011 10:18:54 AM - System Checkpoint
RP2513: 10/21/2011 11:00:46 AM - System Checkpoint
RP2514: 10/22/2011 11:51:04 AM - System Checkpoint
RP2515: 10/23/2011 12:48:50 PM - System Checkpoint
RP2516: 10/24/2011 1:03:38 PM - System Checkpoint
RP2517: 10/25/2011 3:38:41 PM - System Checkpoint
RP2518: 10/26/2011 6:27:32 PM - System Checkpoint
RP2519: 10/27/2011 7:28:14 PM - Restore Operation
RP2520: 10/28/2011 8:21:16 PM - System Checkpoint
RP2521: 10/29/2011 12:39:52 AM - Software Distribution Service 3.0
RP2522: 10/29/2011 11:17:18 PM - Restore Operation
RP2523: 10/29/2011 11:27:34 PM - Restore Operation
RP2524: 10/30/2011 11:55:18 PM - System Checkpoint
RP2525: 11/2/2011 7:37:07 PM - System Checkpoint
RP2526: 11/3/2011 8:06:07 PM - System Checkpoint
RP2527: 11/6/2011 10:44:46 AM - System Checkpoint
RP2528: 11/7/2011 11:27:28 AM - System Checkpoint
RP2529: 11/8/2011 12:21:46 PM - System Checkpoint
RP2530: 11/9/2011 3:00:18 AM - Software Distribution Service 3.0
RP2531: 11/10/2011 10:16:36 PM - Software Distribution Service 3.0
RP2532: 11/13/2011 12:16:20 PM - System Checkpoint
RP2533: 11/14/2011 12:46:36 PM - System Checkpoint
RP2534: 11/15/2011 1:40:51 PM - System Checkpoint
RP2535: 11/19/2011 4:11:24 PM - System Checkpoint
RP2536: 11/21/2011 6:12:46 PM - System Checkpoint
RP2537: 11/22/2011 6:46:42 PM - System Checkpoint
RP2538: 11/23/2011 7:40:39 PM - System Checkpoint
RP2539: 11/28/2011 12:14:36 AM - System Checkpoint
RP2540: 11/29/2011 12:30:13 AM - System Checkpoint
RP2541: 11/30/2011 1:24:07 AM - System Checkpoint
RP2542: 12/1/2011 2:17:48 AM - System Checkpoint
RP2543: 12/2/2011 3:11:05 AM - System Checkpoint
RP2544: 12/3/2011 4:04:36 AM - System Checkpoint
RP2545: 12/4/2011 4:58:28 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
ABBYY FineReader 5.0 Sprint
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Britannica Ready Reference
Cayman Installer and Documentation
Content Transfer
Critical Update for Windows Media Player 11 (KB959772)
DA920EN
DAO
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Networking Guide
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
DS21Patch
DVDSentry
DVDXCopy Xpress 3.2.1
EarthLink MDAC
File Type Assistant
Finale NotePad 2003
Google Toolbar for Internet Explorer
Google Update Helper
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iTunes
Java 2 Runtime Environment, SE v1.4.2
Macromedia Shockwave Player
Memeo AutoSync
Memeo Instant Backup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Modem Helper
MSSoap
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Netscape (7.2)
NFL Head Coach
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
NWZ-E350 WALKMAN Guide
Paint Shop Pro 7
PowerDVD
Qualxserve Service Agreement
Quicken 2002 New User Edition
QuickTime
RealPlayer
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sierra Print Artist Gold
Sierra Utilities
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sudoku Mania!
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Audio/Video Driver
Viewpoint Manager (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 11
Yahoo! BrowserPlus 2.8.1
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/27/2011 9:06:50 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054bc34, parameter3 b18c6ab4, parameter4 00000000.
11/27/2011 9:06:05 PM, error: Service Control Manager [7009] - Timeout (120000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
11/27/2011 9:06:05 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/27/2011 9:02:52 PM, error: Service Control Manager [7023] - The Google Software Updater service terminated with the following error: %%2147942402
11/27/2011 9:01:07 PM, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000.
.
==== End Of File ===========================



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-05 17:55:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: gmer.exe; Driver: C:\DOCUME~1\name~1\LOCALS~1\Temp\pgrcquod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB97D2340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!SimpleTypeMemorySize + 2DA9 77E74581 1 Byte [6E]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!SimpleTypeMemorySize + 2DE9 77E745C1 1 Byte [79]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!SimpleTypeMemorySize + 31E9 77E749C1 1 Byte [4D]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!SimpleTypeMemorySize + 32A9 77E74A81 1 Byte [72]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!SimpleTypeMemorySize + 34A9 77E74C81 1 Byte [67]
.text ...
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!RpcBindingSetAuthInfoA + 2AE 77EBD081 1 Byte [68]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!RpcBindingSetAuthInfoA + 2EE 77EBD0C1 1 Byte [77]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!RpcBindingSetAuthInfoA + 4AE 77EBD281 1 Byte [60]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!RpcBindingSetAuthInfoA + 4EE 77EBD2C1 1 Byte [80]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!RpcBindingSetAuthInfoA + 5EE 77EBD3C1 1 Byte [41]
.text ...
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!I_RpcTransDatagramAllocate2 + 249 77EBD981 1 Byte [C6]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!I_RpcTransDatagramAllocate2 + 449 77EBDB81 1 Byte [EF]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!I_RpcTransDatagramAllocate2 + 489 77EBDBC1 1 Byte [24]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!I_RpcTransDatagramAllocate2 + 589 77EBDCC1 1 Byte [10]
.text C:\WINDOWS\System32\svchost.exe[1016] RPCRT4.dll!I_RpcTransDatagramAllocate2 + 689 77EBDDC1 1 Byte [03]
.text ...
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!AlignRects 7E416381 1 Byte [66]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!AlignRects 7E4163C1 1 Byte [46]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!AlignRects 7E416481 1 Byte [44]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!AlignRects 7E416781 1 Byte [66]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!AlignRects 7E416881 1 Byte [42]
.text ...
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!SetUrlCacheEntryGroupW + 76C8 3D970BC1 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!FindFirstUrlCacheEntryExW + 5C2E 3D98A0C1 1 Byte [F4]
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!FindFirstUrlCacheEntryExW + 5CEE 3D98A181 1 Byte [68]
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!FindFirstUrlCacheEntryExW + 5D2E 3D98A1C1 1 Byte [6C]
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!FindFirstUrlCacheEntryExW + 5E2E 3D98A2C1 1 Byte [40]
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!FindFirstUrlCacheEntryExW + 5EEE 3D98A381 1 Byte [14]
.text ...
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!SetUrlCacheEntryGroupW + 76C8 3D970BC1 1 Byte [FF]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] ole32.dll!ComPs_NdrStubCall2 + C7D9 775B30C1 1 Byte [C0]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] ole32.dll!ComPs_NdrStubCall2 + C899 775B3181 1 Byte [8B]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] ole32.dll!ComPs_NdrStubCall2 + C999 775B3281 1 Byte [90]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] ole32.dll!ComPs_NdrStubCall2 + C9D9 775B32C1 1 Byte [FF]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] ole32.dll!ComPs_NdrStubCall2 + CB99 775B3481 1 Byte [3B]
.text ...
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] SHLWAPI.dll!PathUnExpandEnvStringsA + 1C1A 77FAB0C1 1 Byte [EB]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] SHLWAPI.dll!PathUnExpandEnvStringsA + 1DDA 77FAB281 1 Byte [90]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] SHLWAPI.dll!PathUnExpandEnvStringsA + 1FDA 77FAB481 1 Byte [EC]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] SHLWAPI.dll!PathUnExpandEnvStringsA + 20DA 77FAB581 1 Byte [EC]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] SHLWAPI.dll!PathUnExpandEnvStringsA + 23DA 77FAB881 1 Byte [85]
.text ...
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] USERENV.dll!UnregisterGPNotification + 5D2D 769DF5C1 1 Byte [6E]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] USERENV.dll!UnregisterGPNotification + 5DED 769DF681 1 Byte [F6]
.text C:\Documents and Settings\name\Desktop\gmer\gmer.exe[2060] USERENV.dll!UnregisterGPNotification + 632D 769DFBC1 1 Byte [02]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!I_RpcBCacheFree + 1A2E 77E780C1 1 Byte [07]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!I_RpcBCacheFree + 1B2E 77E781C1 1 Byte [10]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!I_RpcBCacheFree + 1F2E 77E785C1 1 Byte [F0]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!I_RpcBCacheFree + 202E 77E786C1 1 Byte [83]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!RpcRevertToSelf + 21 77E78881 1 Byte [40]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!I_RpcAllocate + 20 77E788C1 1 Byte [23]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!NdrOleFree + 25C 77E78B81 1 Byte [41]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!NdrOleFree + 35C 77E78C81 1 Byte [F4]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!NdrOleFree + 39C 77E78CC1 1 Byte [65]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!NdrOleFree + 55C 77E78E81 1 Byte [FE]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!I_RpcGetBuffer + 80 77E78F81 1 Byte [64]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] RPCRT4.dll!I_RpcGetBuffer + C0 77E78FC1 1 Byte [84]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2156] WININET.dll!SetUrlCacheEntryGroupW + 76C8 3D970BC1 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[2704] WININET.dll!SetUrlCacheEntryGroupW + 76C8 3D970BC1 1 Byte [FF]
.text C:\Program Files\Common Files\Dell\EUSW\Support.exe[2972] WININET.dll!SetUrlCacheEntryGroupW + 76C8 3D970BC1 1 Byte [FF]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3044] USERENV.dll!UnloadUserProfile + 347A 76A20DA1 1 Byte [8C]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3044] USERENV.dll!UnloadUserProfile + 353A 76A20E61 1 Byte [7F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3044] USERENV.dll!UnloadUserProfile + 387A 76A211A1 1 Byte [8B]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3044] USERENV.dll!UnloadUserProfile + 397A 76A212A1 1 Byte [89]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3044] USERENV.dll!UnloadUserProfile + 3B7A 76A214A1 1 Byte [FF]
.text ...
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!BeginUpdateResourceW + 49 7C870C61 1 Byte [F9]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!BeginUpdateResourceW + 89 7C870CA1 1 Byte [E8]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!BeginUpdateResourceW + 189 7C870DA1 1 Byte [FF]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!BeginUpdateResourceA + 3A6 7C871161 1 Byte [BD]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!GetConsoleAliasExesLengthA + 10F 7C8714A1 1 Byte [90]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!GetConsoleAliasesA + 13A 7C871661 1 Byte [FF]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!SetConsoleNumberOfCommandsA + 3C 7C8718A1 1 Byte [18]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!GetConsoleCommandHistoryLengthA + 5C 7C8719A1 1 Byte [FF]
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[3056] kernel32.dll!SetConsoleCommandHistoryMode + 5C 7C871B61 1 Byte [E8]
.text C:\Program Files\iTunes\iTunesHelper.exe[3096] WININET.DLL!SetUrlCacheEntryGroupW + 76C8 3D970BC1 1 Byte [FF]
.text C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe[3780] WININET.dll!SetUrlCacheEntryGroupW + 76C8 3D970BC1 1 Byte [FF]

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 10 December 2011 - 08:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430948 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 76Sixers

76Sixers
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 12 December 2011 - 10:43 AM

yes I still need help, Mcafee Real-Time Scanner won't turn on, and the software becomes unresponsive. I had to uninstall my Mcafee Antivirus plus software because my system becomes more unstable with it installed.

Malware bytes found two Trojans. I am not sure they were removed because most of my programs still error out when I try to use them.

copied from Malware Bytes log:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

I can still access the Internet but now my system is unstable and my computer either shuts off or crashes to the blue screen;

I have tried system restore and even tried to re-install my virus software but it will not install cleanly so I can't scan with any virus software right now.

one of the errors is: c:\windows\systems32\shodc.dll

My helper referred me to this forum. I have posted a link to that thread below:

Infected Computer

"I don't have my original windows cd"



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-12 08:12:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: gmer.exe; Driver: C:\DOCUME~1\my name~1\LOCALS~1\Temp\pgrcquod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB928C340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!FindExeDlgProc + 15941 7CB4C0C1 1 Byte [7C]
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!FindExeDlgProc + 15A01 7CB4C181 1 Byte [64]
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!FindExeDlgProc + 15A41 7CB4C1C1 1 Byte [0A]
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!FindExeDlgProc + 15C01 7CB4C381 1 Byte [44]
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!FindExeDlgProc + 15C41 7CB4C3C1 1 Byte [00]
.text ...
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!SHCreateLocalServerRunDll + 2E754 7CB8D0C1 1 Byte [21]
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!SHCreateLocalServerRunDll + 2EC14 7CB8D581 1 Byte [83]
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!SHCreateLocalServerRunDll + 2EC54 7CB8D5C1 1 Byte [F6]
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!SHCreateLocalServerRunDll + 2EF14 7CB8D881 1 Byte [6B]
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!SHCreateLocalServerRunDll + 2EF54 7CB8D8C1 1 Byte [06]
.text ...
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!IsCharSpaceW + 3D4 77F75CB9 1 Byte [EC]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!IsCharSpaceW + 4D4 77F75DB9 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!IsCharSpaceW + 5D4 77F75EB9 1 Byte [17]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!IsCharSpaceW + 6D4 77F75FB9 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!IsCharSpaceW + 794 77F76079 1 Byte [E8]
.text ...
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!UrlCombineA + 109 77F767B9 1 Byte [FB]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!UrlCanonicalizeA + 54 77F768B9 1 Byte [C6]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!SHSetValueA + DE 77F769B9 1 Byte [8D]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrToIntA + 4 77F76A79 1 Byte [EC]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrToIntA + 44 77F76AB9 1 Byte [90]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrRChrIW + 2A 77FA4CB9 1 Byte [5D]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrStrNIW + 5C 77FA4D79 1 Byte [3B]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrStrNIW + 9C 77FA4DB9 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrStrNIW + 15C 77FA4E79 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrStrNIW + 19C 77FA4EB9 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrFormatByteSize64A + 1A 77FA4FB9 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrRetToStrA + 38 77FA5079 1 Byte [75]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrRetToStrA + 178 77FA51B9 1 Byte [57]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrRetToStrA + 238 77FA5279 1 Byte [10]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrFromTimeIntervalW + 48E 77FA5779 1 Byte [EC]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrFromTimeIntervalW + 6EE 77FA59D9 1 Byte [08]
.text C:\WINDOWS\system32\svchost.exe[880] SHLWAPI.dll!StrFromTimeIntervalW + 78E 77FA5A79 1 Byte [11]
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!RtlQueryRegistryValues + D14 7C94DD61 1 Byte [50]
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!RtlQueryRegistryValues + D54 7C94DDA1 1 Byte [4D]
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!RtlQueryRegistryValues + F14 7C94DF61 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!RtlQueryRegistryValues + F54 7C94DFA1 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!RtlQueryRegistryValues + 1014 7C94E061 1 Byte [08]
.text ...
.text C:\WINDOWS\system32\svchost.exe[956] ole32.dll!DoDragDrop + 2C4 775D1081 1 Byte [10]
.text C:\WINDOWS\system32\svchost.exe[956] ole32.dll!DoDragDrop + 304 775D10C1 1 Byte [03]
.text C:\WINDOWS\system32\svchost.exe[956] ole32.dll!DoDragDrop + 404 775D11C1 1 Byte [77]
.text C:\WINDOWS\system32\svchost.exe[956] ole32.dll!DoDragDrop + 4C4 775D1281 1 Byte [75]
.text C:\WINDOWS\system32\svchost.exe[956] ole32.dll!DoDragDrop + 504 775D12C1 1 Byte [04]
.text ...
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] SHELL32.dll!StrStrW + 170 7CB9D0C1 1 Byte [6C]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] SHELL32.dll!StrStrW + 270 7CB9D1C1 1 Byte [77]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] SHELL32.dll!StrStrW + 330 7CB9D281 1 Byte [10]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] SHELL32.dll!StrStrW + 470 7CB9D3C1 1 Byte [38]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] SHELL32.dll!StrStrW + 730 7CB9D681 1 Byte [80]
.text ...
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!_wstat64 + 31C 77C21081 1 Byte [89]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!_wstati64 + 96 77C21181 1 Byte [FF]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!_wstati64 + D6 77C211C1 1 Byte [03]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!_wstati64 + 1D6 77C212C1 1 Byte [FF]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!_wstati64 + 2D6 77C213C1 1 Byte [FF]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!rename + 37 77C21481 1 Byte [CC] {INT 3 }
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!??0exception@@QAE@ABQBD@Z + 29 77C214C1 1 Byte [59]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!??1bad_cast@@UAE@XZ + F 77C215C1 1 Byte [CC] {INT 3 }
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!??_Gexception@@UAEPAXI@Z + 4 77C21681 1 Byte [EC]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!?raw_name@type_info@@QBEPBDXZ + 10E 77C21A81 1 Byte [75]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!__uncaught_exception + 10 77C21BC1 1 Byte [8A]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!__CxxCallUnwindDtor + A4 77C21DC1 1 Byte [E8]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!__CxxCallUnwindDtor + 164 77C21E81 1 Byte [8B]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2432] msvcrt.dll!__CxxCallUnwindDtor + 1A4 77C21EC1 1 Byte [7E]
.text C:\WINDOWS\System32\DSentry.exe[2444] ntdll.dll!RtlDeleteAce + BCC8 7C943C61 1 Byte [73]
.text C:\WINDOWS\System32\DSentry.exe[2444] ntdll.dll!RtlDeleteAce + BDC8 7C943D61 1 Byte [6F]
.text C:\WINDOWS\System32\DSentry.exe[2444] ntdll.dll!RtlDeleteAce + BEC8 7C943E61 1 Byte [69]
.text C:\WINDOWS\System32\DSentry.exe[2444] ntdll.dll!RtlDeleteAce + BF08 7C943EA1 1 Byte [74]
.text C:\WINDOWS\System32\DSentry.exe[2444] ntdll.dll!RtlDeleteAce + BFC8 7C943F61 1 Byte [FD]
.text ...
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + EB 7CA42081 1 Byte [FE]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 12B 7CA420C1 1 Byte [40]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 22B 7CA421C1 1 Byte [05]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 5EB 7CA42581 1 Byte [03]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 62B 7CA425C1 1 Byte [D0]
.text ...
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHDoDragDrop + 242C 7CAB10C1 1 Byte [9C]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHDoDragDrop + 24EC 7CAB1181 1 Byte [6E]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHDoDragDrop + 252C 7CAB11C1 1 Byte [6A]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHDoDragDrop + 25EC 7CAB1281 1 Byte [F2]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!SHDoDragDrop + 262C 7CAB12C1 1 Byte [95]
.text ...
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!DllInstall + 15 7CAB1CC1 1 Byte [46]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!DllInstall + 115 7CAB1DC1 1 Byte [7F]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!DllInstall + 215 7CAB1EC1 1 Byte [4C]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!DllInstall + 2D5 7CAB1F81 1 Byte [04]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] SHELL32.dll!DllInstall + 315 7CAB1FC1 1 Byte [72]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] ole32.dll!WdtpInterfacePointer_UserFree 774EB081 1 Byte [42]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] ole32.dll!WdtpInterfacePointer_UserFree 774EBA81 1 Byte [40]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] ole32.dll!CoGetComCatalog + A1 77512C61 1 Byte [85]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] ole32.dll!CoGetComCatalog + E1 77512CA1 1 Byte [89]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] ole32.dll!CoGetComCatalog + 1A1 77512D61 1 Byte [EC]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] ole32.dll!CoGetComCatalog + 1E1 77512DA1 1 Byte [FF]
.text C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe[2460] ole32.dll!CoGetComCatalog + 2A1 77512E61 1 Byte [8B]
.text ...
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!I_RpcLogEvent + 4DF 77EA4181 1 Byte [F0]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!NdrVaryingArrayFree + 30 77EA41C1 1 Byte [56]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!NdrVaryingArrayMarshall + 14 77EA4281 1 Byte [68]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!NdrVaryingArrayMemorySize + F7 77EA45C1 1 Byte [FE]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!NdrVaryingArrayMemorySize + 4B7 77EA4981 1 Byte [05]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!NdrVaryingArrayMemorySize + 5B7 77EA4A81 1 Byte [00]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!RpcMgmtWaitServerListen + 48 77EA4B81 1 Byte [0B]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!RpcMgmtStopServerListening + 33 77EA4BC1 1 Byte [10]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!RpcMgmtStopServerListening + 133 77EA4CC1 1 Byte [6E]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!NdrFixedArrayMemorySize + F7 77EA4E81 1 Byte [FE]
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2652] RPCRT4.dll!NdrFixedArrayMemorySize + 237 77EA4FC1 1 Byte [74]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3688] SHLWAPI.dll!DelayLoadFailureHook + 54D4 77FCC0C1 1 Byte [64]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3688] USERENV.dll!DeleteProfileA + 3326 76A0C2A1 1 Byte [89]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3688] USERENV.dll!DeleteProfileA + 38E6 76A0C861 1 Byte [8B]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3688] USERENV.dll!DeleteProfileA + 3926 76A0C8A1 1 Byte [F4]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3688] USERENV.dll!DeleteProfileA + 3A26 76A0C9A1 1 Byte [CE] {INTO }
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3688] USERENV.dll!DeleteProfileA + 3AE6 76A0CA61 1 Byte [E8]
.text ...
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtGetLocaleInfoW + C3 77C34471 1 Byte [FF]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtGetStringTypeW + 4E 77C34531 1 Byte [C6]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtGetStringTypeW + 8E 77C34571 1 Byte [18]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtGetStringTypeW + 14E 77C34631 1 Byte [C0]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtLCMapStringA + 11C 77C34831 1 Byte [E8]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtLCMapStringA + 15C 77C34871 1 Byte [08]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtLCMapStringA + 25C 77C34971 1 Byte [7D]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtLCMapStringA + 35C 77C34A71 1 Byte [77]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtLCMapStringW + 24B 77C34D31 1 Byte [FF]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__crtLCMapStringW + 28B 77C34D71 1 Byte [F1] {INT1 }
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!_onexit + 39 77C34E31 1 Byte [CC] {INT 3 }
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__dllonexit + E0 77C34F31 1 Byte [18]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__dllonexit + 120 77C34F71 1 Byte [DC]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!signal + 5D 77C35031 1 Byte [4E]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!signal + 15D 77C35131 1 Byte [FF]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!signal + 19D 77C35171 1 Byte [FC]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!raise + A4 77C35231 1 Byte [F9]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!raise + E4 77C35271 1 Byte [D0]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!__lconv_init + 26 77C35331 1 Byte [BF]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] msvcrt.dll!_set_error_mode + 29 77C35371 1 Byte [C3]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!RegSaveKeyExW + 3B 77E36081 1 Byte [05]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!RegSaveKeyExW + 7B 77E360C1 1 Byte [E7]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!RegSetValueW + AB 77E361C1 1 Byte [E0]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!RegSetValueW + 16B 77E36281 1 Byte [60]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!RegSetValueW + 1AB 77E362C1 1 Byte [80]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!RegSetValueW + 2AB 77E363C1 1 Byte [5E]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!RegSetValueW + 4AB 77E365C1 1 Byte [EA]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!EnumServicesStatusExW + C9 77E36A81 1 Byte [62]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!EnumServiceGroupW + 38 77E36AC1 1 Byte [00]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!I_ScSetServiceBitsA + 18 77E36B81 1 Byte [29]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!I_ScSetServiceBitsA + 58 77E36BC1 1 Byte [7F]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!EnumServicesStatusExA + 52 77E36C81 1 Byte [74]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 1 Byte [62]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity + 40 77E36DC1 1 Byte [7B]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity + 60 77E36DE1 1 Byte [05]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!ChangeServiceConfigA + 18 77E36E81 1 Byte [FE]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!ChangeServiceConfigA + 58 77E36EC1 1 Byte [7F]
.text C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe[3768] ADVAPI32.dll!ChangeServiceConfigA + 118 77E36F81 1 Byte [10]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A95AAD20
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by My Name at 8:13:41 on 2011-12-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1550 [GMT -6:00]
.
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [nwiz] nwiz.exe /install
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-3-20 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-4-10 20160]
S3 efipsk;efipsk;\??\c:\docume~1\wesley~1\locals~1\temp\efipsk.sys --> c:\docume~1\wesley~1\locals~1\temp\efipsk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-21 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-21 40552]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-08-18 08:52:10 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-10-12 23:41:32 2544848 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe
.
============= FINISH: 8:14:32.87 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/26/2003 6:07:08 PM
System Uptime: 12/12/2011 1:34:39 AM (7 hours ago)
.
Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2394/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 12.908 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2501: 10/9/2011 9:14:39 AM - System Checkpoint
RP2502: 10/10/2011 10:08:34 AM - System Checkpoint
RP2503: 10/11/2011 10:45:02 AM - System Checkpoint
RP2504: 10/12/2011 3:00:18 AM - Software Distribution Service 3.0
RP2505: 10/13/2011 3:54:18 AM - System Checkpoint
RP2506: 10/14/2011 4:52:47 AM - System Checkpoint
RP2507: 10/15/2011 5:46:18 AM - System Checkpoint
RP2508: 10/16/2011 6:43:25 AM - System Checkpoint
RP2509: 10/17/2011 7:37:42 AM - System Checkpoint
RP2510: 10/18/2011 8:31:50 AM - System Checkpoint
RP2511: 10/19/2011 9:26:03 AM - System Checkpoint
RP2512: 10/20/2011 10:18:54 AM - System Checkpoint
RP2513: 10/21/2011 11:00:46 AM - System Checkpoint
RP2514: 10/22/2011 11:51:04 AM - System Checkpoint
RP2515: 10/23/2011 12:48:50 PM - System Checkpoint
RP2516: 10/24/2011 1:03:38 PM - System Checkpoint
RP2517: 10/25/2011 3:38:41 PM - System Checkpoint
RP2518: 10/26/2011 6:27:32 PM - System Checkpoint
RP2519: 10/27/2011 7:28:14 PM - Restore Operation
RP2520: 10/28/2011 8:21:16 PM - System Checkpoint
RP2521: 10/29/2011 12:39:52 AM - Software Distribution Service 3.0
RP2522: 10/29/2011 11:17:18 PM - Restore Operation
RP2523: 10/29/2011 11:27:34 PM - Restore Operation
RP2524: 10/30/2011 11:55:18 PM - System Checkpoint
RP2525: 11/2/2011 7:37:07 PM - System Checkpoint
RP2526: 11/3/2011 8:06:07 PM - System Checkpoint
RP2527: 11/6/2011 10:44:46 AM - System Checkpoint
RP2528: 11/7/2011 11:27:28 AM - System Checkpoint
RP2529: 11/8/2011 12:21:46 PM - System Checkpoint
RP2530: 11/9/2011 3:00:18 AM - Software Distribution Service 3.0
RP2531: 11/10/2011 10:16:36 PM - Software Distribution Service 3.0
RP2532: 11/13/2011 12:16:20 PM - System Checkpoint
RP2533: 11/14/2011 12:46:36 PM - System Checkpoint
RP2534: 11/15/2011 1:40:51 PM - System Checkpoint
RP2535: 11/19/2011 4:11:24 PM - System Checkpoint
RP2536: 11/21/2011 6:12:46 PM - System Checkpoint
RP2537: 11/22/2011 6:46:42 PM - System Checkpoint
RP2538: 11/23/2011 7:40:39 PM - System Checkpoint
RP2539: 11/28/2011 12:14:36 AM - System Checkpoint
RP2540: 11/29/2011 12:30:13 AM - System Checkpoint
RP2541: 11/30/2011 1:24:07 AM - System Checkpoint
RP2542: 12/1/2011 2:17:48 AM - System Checkpoint
RP2543: 12/2/2011 3:11:05 AM - System Checkpoint
RP2544: 12/3/2011 4:04:36 AM - System Checkpoint
RP2545: 12/4/2011 4:58:28 AM - System Checkpoint
RP2546: 12/5/2011 5:21:27 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
ABBYY FineReader 5.0 Sprint
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Britannica Ready Reference
Cayman Installer and Documentation
Content Transfer
Critical Update for Windows Media Player 11 (KB959772)
DA920EN
DAO
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Networking Guide
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
DS21Patch
DVDSentry
DVDXCopy Xpress 3.2.1
EarthLink MDAC
File Type Assistant
Finale NotePad 2003
Google Toolbar for Internet Explorer
Google Update Helper
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iTunes
Java 2 Runtime Environment, SE v1.4.2
Macromedia Shockwave Player
Memeo AutoSync
Memeo Instant Backup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Modem Helper
MSSoap
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Netscape (7.2)
NFL Head Coach
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
NWZ-E350 WALKMAN Guide
Paint Shop Pro 7
PowerDVD
Qualxserve Service Agreement
Quicken 2002 New User Edition
QuickTime
RealPlayer
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sierra Print Artist Gold
Sierra Utilities
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sudoku Mania!
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Audio/Video Driver
Viewpoint Manager (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 11
Yahoo! BrowserPlus 2.8.1
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/5/2011 7:20:44 PM, error: System Error [1003] - Error code 10000050, parameter1 9ac83bb7, parameter2 00000001, parameter3 e13478b7, parameter4 00000000.
12/5/2011 6:37:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054c139, parameter3 f793e620, parameter4 00000000.
12/5/2011 6:36:49 PM, error: Service Control Manager [7009] - Timeout (120000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
12/5/2011 6:36:49 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/5/2011 12:52:31 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/5/2011 12:42:02 PM, error: Service Control Manager [7023] - The Google Software Updater service terminated with the following error: %%2147942402
12/5/2011 12:36:50 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054c139, parameter3 b209994c, parameter4 00000000.
12/11/2011 9:48:51 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
.
==== End Of File ===========================

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:01 AM

Posted 12 December 2011 - 09:33 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

It may be more than a trojan at work here

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 76Sixers

76Sixers
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 12 December 2011 - 10:16 PM

Hello m0le,

I am replying to let you know that I've seen your post and will follow the instructions listed in the post

#6 76Sixers

76Sixers
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 12 December 2011 - 10:30 PM

21:22:08.0281 3548 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:22:08.0671 3548 ============================================================
21:22:08.0671 3548 Current date / time: 2011/12/12 21:22:08.0671
21:22:08.0671 3548 SystemInfo:
21:22:08.0671 3548
21:22:08.0671 3548 OS Version: 5.1.2600 ServicePack: 3.0
21:22:08.0671 3548 Product type: Workstation
21:22:08.0671 3548 ComputerName: COMP
21:22:08.0671 3548 UserName: My Name
21:22:08.0671 3548 Windows directory: C:\WINDOWS
21:22:08.0671 3548 System windows directory: C:\WINDOWS
21:22:08.0671 3548 Processor architecture: Intel x86
21:22:08.0671 3548 Number of processors: 1
21:22:08.0671 3548 Page size: 0x1000
21:22:08.0671 3548 Boot type: Normal boot
21:22:08.0671 3548 ============================================================
21:22:10.0484 3548 Initialize success
21:22:42.0968 0544 ============================================================
21:22:42.0968 0544 Scan started
21:22:42.0968 0544 Mode: Manual;
21:22:42.0968 0544 ============================================================
21:22:43.0671 0544 Abiosdsk - ok
21:22:44.0015 0544 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
21:22:44.0031 0544 abp480n5 - ok
21:22:44.0453 0544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:22:44.0515 0544 ACPI - ok
21:22:44.0875 0544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:22:44.0875 0544 ACPIEC - ok
21:22:45.0218 0544 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
21:22:45.0234 0544 ADM8511 - ok
21:22:45.0609 0544 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
21:22:45.0640 0544 adpu160m - ok
21:22:46.0031 0544 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
21:22:46.0046 0544 aeaudio - ok
21:22:46.0484 0544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:22:46.0531 0544 aec - ok
21:22:46.0859 0544 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
21:22:46.0859 0544 Afc - ok
21:22:47.0265 0544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:22:47.0281 0544 AFD - ok
21:22:47.0625 0544 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
21:22:47.0640 0544 agp440 - ok
21:22:48.0000 0544 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
21:22:48.0015 0544 agpCPQ - ok
21:22:48.0421 0544 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
21:22:48.0421 0544 Aha154x - ok
21:22:48.0765 0544 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
21:22:48.0781 0544 aic78u2 - ok
21:22:49.0093 0544 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
21:22:49.0109 0544 aic78xx - ok
21:22:49.0437 0544 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
21:22:49.0437 0544 AliIde - ok
21:22:49.0765 0544 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
21:22:49.0781 0544 alim1541 - ok
21:22:50.0125 0544 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
21:22:50.0140 0544 amdagp - ok
21:22:50.0484 0544 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
21:22:50.0515 0544 amsint - ok
21:22:50.0875 0544 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
21:22:50.0890 0544 asc - ok
21:22:51.0343 0544 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
21:22:51.0343 0544 asc3350p - ok
21:22:51.0703 0544 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
21:22:51.0703 0544 asc3550 - ok
21:22:52.0093 0544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:22:52.0093 0544 AsyncMac - ok
21:22:52.0546 0544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:22:52.0546 0544 atapi - ok
21:22:52.0859 0544 Atdisk - ok
21:22:53.0203 0544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:22:53.0218 0544 Atmarpc - ok
21:22:53.0546 0544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:22:53.0546 0544 audstub - ok
21:22:54.0265 0544 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
21:22:54.0625 0544 BCMModem - ok
21:22:54.0968 0544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:22:54.0968 0544 Beep - ok
21:22:55.0328 0544 bvrp_pci - ok
21:22:55.0656 0544 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
21:22:55.0656 0544 cbidf - ok
21:22:55.0984 0544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:22:55.0984 0544 cbidf2k - ok
21:22:56.0390 0544 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:22:56.0406 0544 CCDECODE - ok
21:22:56.0734 0544 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
21:22:56.0734 0544 cd20xrnt - ok
21:22:57.0078 0544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:22:57.0093 0544 Cdaudio - ok
21:22:57.0468 0544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:22:57.0484 0544 Cdfs - ok
21:22:57.0890 0544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:22:57.0921 0544 Cdrom - ok
21:22:58.0218 0544 Changer - ok
21:22:58.0531 0544 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
21:22:58.0531 0544 CmdIde - ok
21:22:58.0875 0544 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
21:22:58.0875 0544 Cpqarray - ok
21:22:59.0281 0544 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
21:22:59.0296 0544 dac2w2k - ok
21:22:59.0640 0544 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
21:22:59.0640 0544 dac960nt - ok
21:23:00.0046 0544 DCamUSBEMPIA (45a46a0af042f8bfe86a8d3b3b289a31) C:\WINDOWS\system32\DRIVERS\emDevice.sys
21:23:00.0109 0544 DCamUSBEMPIA - ok
21:23:00.0500 0544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:23:00.0515 0544 Disk - ok
21:23:01.0109 0544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:23:01.0453 0544 dmboot - ok
21:23:01.0828 0544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:23:01.0875 0544 dmio - ok
21:23:02.0218 0544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:23:02.0218 0544 dmload - ok
21:23:02.0578 0544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:23:02.0593 0544 DMusic - ok
21:23:02.0953 0544 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
21:23:02.0953 0544 dpti2o - ok
21:23:03.0328 0544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:23:03.0328 0544 drmkaud - ok
21:23:03.0703 0544 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
21:23:03.0718 0544 drvmcdb - ok
21:23:04.0093 0544 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
21:23:04.0093 0544 drvnddm - ok
21:23:04.0593 0544 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:23:04.0640 0544 E100B - ok
21:23:04.0781 0544 efipsk - ok
21:23:05.0140 0544 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
21:23:05.0156 0544 EL90XBC - ok
21:23:05.0531 0544 emAudio (0613c7cf05dfe81ac70f4a925823c28e) C:\WINDOWS\system32\drivers\emAudio.sys
21:23:05.0546 0544 emAudio - ok
21:23:05.0953 0544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:23:06.0000 0544 Fastfat - ok
21:23:06.0406 0544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:23:06.0421 0544 Fdc - ok
21:23:06.0765 0544 FiltUSBEMPIA (32093e294ef997d7920473f029515948) C:\WINDOWS\system32\DRIVERS\emFilter.sys
21:23:06.0765 0544 FiltUSBEMPIA - ok
21:23:07.0125 0544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:23:07.0125 0544 Fips - ok
21:23:07.0562 0544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:23:07.0562 0544 Flpydisk - ok
21:23:07.0937 0544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:23:07.0984 0544 FltMgr - ok
21:23:08.0375 0544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:23:08.0375 0544 Fs_Rec - ok
21:23:08.0765 0544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:23:08.0812 0544 Ftdisk - ok
21:23:09.0140 0544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:23:09.0156 0544 GEARAspiWDM - ok
21:23:09.0546 0544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:23:09.0546 0544 Gpc - ok
21:23:09.0906 0544 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:23:09.0921 0544 HidUsb - ok
21:23:10.0296 0544 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
21:23:10.0312 0544 hpn - ok
21:23:10.0734 0544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:23:10.0796 0544 HTTP - ok
21:23:11.0156 0544 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:23:11.0171 0544 i2omgmt - ok
21:23:11.0578 0544 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
21:23:11.0578 0544 i2omp - ok
21:23:11.0953 0544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:23:11.0968 0544 i8042prt - ok
21:23:12.0343 0544 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
21:23:12.0375 0544 i81x - ok
21:23:12.0750 0544 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
21:23:12.0750 0544 iAimFP0 - ok
21:23:13.0093 0544 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
21:23:13.0093 0544 iAimFP1 - ok
21:23:13.0468 0544 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
21:23:13.0468 0544 iAimFP2 - ok
21:23:13.0812 0544 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
21:23:13.0828 0544 iAimFP3 - ok
21:23:14.0156 0544 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
21:23:14.0156 0544 iAimFP4 - ok
21:23:14.0640 0544 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
21:23:14.0656 0544 iAimTV0 - ok
21:23:15.0031 0544 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
21:23:15.0031 0544 iAimTV1 - ok
21:23:15.0359 0544 iAimTV2 - ok
21:23:15.0687 0544 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
21:23:15.0718 0544 iAimTV3 - ok
21:23:16.0109 0544 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
21:23:16.0109 0544 iAimTV4 - ok
21:23:16.0546 0544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:23:16.0562 0544 Imapi - ok
21:23:16.0906 0544 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
21:23:16.0921 0544 ini910u - ok
21:23:17.0265 0544 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
21:23:17.0265 0544 IntelIde - ok
21:23:17.0625 0544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:23:17.0640 0544 intelppm - ok
21:23:18.0000 0544 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:23:18.0015 0544 ip6fw - ok
21:23:18.0390 0544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:23:18.0390 0544 IpFilterDriver - ok
21:23:18.0750 0544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:23:18.0765 0544 IpInIp - ok
21:23:19.0187 0544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:23:19.0234 0544 IpNat - ok
21:23:19.0609 0544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:23:19.0640 0544 IPSec - ok
21:23:20.0000 0544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:23:20.0000 0544 IRENUM - ok
21:23:20.0390 0544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:23:20.0406 0544 isapnp - ok
21:23:20.0765 0544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:23:20.0765 0544 Kbdclass - ok
21:23:21.0171 0544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:23:21.0234 0544 kmixer - ok
21:23:21.0718 0544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:23:21.0734 0544 KSecDD - ok
21:23:22.0046 0544 lbrtfdc - ok
21:23:22.0421 0544 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
21:23:22.0453 0544 mferkdk - ok
21:23:22.0781 0544 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
21:23:22.0796 0544 mfesmfk - ok
21:23:23.0125 0544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:23:23.0125 0544 mnmdd - ok
21:23:23.0515 0544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:23:23.0515 0544 Modem - ok
21:23:23.0859 0544 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:23:23.0859 0544 MODEMCSA - ok
21:23:24.0203 0544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:23:24.0218 0544 Mouclass - ok
21:23:24.0625 0544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:23:24.0625 0544 mouhid - ok
21:23:24.0984 0544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:23:25.0000 0544 MountMgr - ok
21:23:25.0406 0544 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
21:23:25.0406 0544 mraid35x - ok
21:23:25.0812 0544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:23:25.0859 0544 MRxDAV - ok
21:23:26.0328 0544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:23:26.0468 0544 MRxSmb - ok
21:23:26.0890 0544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:23:26.0906 0544 Msfs - ok
21:23:27.0250 0544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:23:27.0250 0544 MSKSSRV - ok
21:23:27.0609 0544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:23:27.0609 0544 MSPCLOCK - ok
21:23:27.0953 0544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:23:27.0953 0544 MSPQM - ok
21:23:28.0281 0544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:23:28.0296 0544 mssmbios - ok
21:23:28.0640 0544 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:23:28.0640 0544 MSTEE - ok
21:23:29.0046 0544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:23:29.0062 0544 Mup - ok
21:23:29.0421 0544 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:23:29.0437 0544 NABTSFEC - ok
21:23:29.0843 0544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:23:29.0906 0544 NDIS - ok
21:23:30.0312 0544 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:23:30.0312 0544 NdisIP - ok
21:23:30.0640 0544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:23:30.0640 0544 NdisTapi - ok
21:23:30.0968 0544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:23:30.0984 0544 Ndisuio - ok
21:23:31.0390 0544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:23:31.0406 0544 NdisWan - ok
21:23:31.0843 0544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:23:31.0843 0544 NDProxy - ok
21:23:32.0203 0544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:23:32.0218 0544 NetBIOS - ok
21:23:32.0671 0544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:23:32.0718 0544 NetBT - ok
21:23:33.0140 0544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:23:33.0140 0544 Npfs - ok
21:23:33.0687 0544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:23:33.0921 0544 Ntfs - ok
21:23:34.0296 0544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:23:34.0296 0544 Null - ok
21:23:35.0187 0544 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:23:35.0625 0544 nv - ok
21:23:35.0984 0544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:23:35.0984 0544 NwlnkFlt - ok
21:23:36.0312 0544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:23:36.0312 0544 NwlnkFwd - ok
21:23:36.0750 0544 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
21:23:36.0765 0544 omci - ok
21:23:37.0109 0544 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
21:23:37.0125 0544 P3 - ok
21:23:37.0546 0544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:23:37.0562 0544 Parport - ok
21:23:37.0937 0544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:23:37.0953 0544 PartMgr - ok
21:23:38.0296 0544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:23:38.0296 0544 ParVdm - ok
21:23:38.0687 0544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:23:38.0718 0544 PCI - ok
21:23:39.0015 0544 PCIDump - ok
21:23:39.0328 0544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:23:39.0343 0544 PCIIde - ok
21:23:39.0718 0544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:23:39.0765 0544 Pcmcia - ok
21:23:40.0109 0544 Pcouffin (62c72e912a04aa927d9eaf9a0b157aaf) C:\WINDOWS\system32\Drivers\Pcouffin.sys
21:23:40.0125 0544 Pcouffin - ok
21:23:40.0484 0544 PDCOMP - ok
21:23:40.0781 0544 PDFRAME - ok
21:23:41.0078 0544 PDRELI - ok
21:23:41.0375 0544 PDRFRAME - ok
21:23:41.0718 0544 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
21:23:41.0718 0544 perc2 - ok
21:23:42.0140 0544 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
21:23:42.0140 0544 perc2hib - ok
21:23:42.0578 0544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:23:42.0593 0544 PptpMiniport - ok
21:23:42.0968 0544 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:23:42.0968 0544 Processor - ok
21:23:43.0359 0544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:23:43.0375 0544 PSched - ok
21:23:43.0734 0544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:23:43.0734 0544 Ptilink - ok
21:23:44.0046 0544 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
21:23:44.0062 0544 PxHelp20 - ok
21:23:44.0421 0544 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
21:23:44.0421 0544 ql1080 - ok
21:23:44.0781 0544 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
21:23:44.0796 0544 Ql10wnt - ok
21:23:45.0093 0544 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
21:23:45.0109 0544 ql12160 - ok
21:23:45.0406 0544 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
21:23:45.0421 0544 ql1240 - ok
21:23:45.0843 0544 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
21:23:45.0843 0544 ql1280 - ok
21:23:46.0171 0544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:23:46.0171 0544 RasAcd - ok
21:23:46.0531 0544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:23:46.0546 0544 Rasl2tp - ok
21:23:46.0937 0544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:23:46.0953 0544 RasPppoe - ok
21:23:47.0312 0544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:23:47.0312 0544 Raspti - ok
21:23:47.0750 0544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:23:47.0796 0544 Rdbss - ok
21:23:48.0281 0544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:23:48.0281 0544 RDPCDD - ok
21:23:48.0734 0544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:23:48.0796 0544 rdpdr - ok
21:23:49.0218 0544 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:23:49.0250 0544 RDPWD - ok
21:23:49.0718 0544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:23:49.0734 0544 redbook - ok
21:23:50.0078 0544 RimUsb - ok
21:23:50.0421 0544 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:23:50.0437 0544 RimVSerPort - ok
21:23:50.0812 0544 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:23:50.0828 0544 ROOTMODEM - ok
21:23:51.0218 0544 ScanUSBEMPIA (9202c8474937fa710accfbc9c6e9a769) C:\WINDOWS\system32\DRIVERS\emScan.sys
21:23:51.0218 0544 ScanUSBEMPIA - ok
21:23:51.0656 0544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:23:51.0671 0544 Secdrv - ok
21:23:52.0203 0544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:23:52.0218 0544 serenum - ok
21:23:52.0625 0544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:23:52.0671 0544 Serial - ok
21:23:53.0093 0544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:23:53.0093 0544 Sfloppy - ok
21:23:53.0406 0544 Simbad - ok
21:23:53.0765 0544 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
21:23:53.0781 0544 sisagp - ok
21:23:54.0187 0544 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:23:54.0203 0544 SLIP - ok
21:23:54.0796 0544 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
21:23:54.0984 0544 smwdm - ok
21:23:55.0406 0544 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
21:23:55.0421 0544 Sparrow - ok
21:23:56.0031 0544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:23:56.0031 0544 splitter - ok
21:23:56.0531 0544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:23:56.0546 0544 sr - ok
21:23:57.0109 0544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:23:57.0203 0544 Srv - ok
21:23:57.0562 0544 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:23:57.0562 0544 sscdbhk5 - ok
21:23:58.0015 0544 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
21:23:58.0031 0544 ssrtln - ok
21:23:58.0406 0544 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:23:58.0406 0544 streamip - ok
21:23:58.0765 0544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:23:58.0781 0544 swenum - ok
21:23:59.0171 0544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:23:59.0203 0544 swmidi - ok
21:23:59.0718 0544 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
21:23:59.0765 0544 symc810 - ok
21:24:00.0234 0544 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
21:24:00.0234 0544 symc8xx - ok
21:24:00.0687 0544 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
21:24:00.0687 0544 sym_hi - ok
21:24:01.0046 0544 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
21:24:01.0062 0544 sym_u3 - ok
21:24:01.0453 0544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:24:01.0468 0544 sysaudio - ok
21:24:02.0187 0544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:24:02.0281 0544 Tcpip - ok
21:24:02.0625 0544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:24:02.0656 0544 TDPIPE - ok
21:24:03.0109 0544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:24:03.0109 0544 TDTCP - ok
21:24:03.0593 0544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:24:03.0625 0544 TermDD - ok
21:24:04.0062 0544 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
21:24:04.0078 0544 tfsnboio - ok
21:24:04.0468 0544 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
21:24:04.0484 0544 tfsncofs - ok
21:24:05.0093 0544 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
21:24:05.0093 0544 tfsndrct - ok
21:24:05.0500 0544 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
21:24:05.0500 0544 tfsndres - ok
21:24:05.0937 0544 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
21:24:05.0968 0544 tfsnifs - ok
21:24:06.0453 0544 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
21:24:06.0453 0544 tfsnopio - ok
21:24:06.0843 0544 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
21:24:06.0875 0544 tfsnpool - ok
21:24:07.0406 0544 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
21:24:07.0468 0544 tfsnudf - ok
21:24:07.0937 0544 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
21:24:07.0984 0544 tfsnudfa - ok
21:24:08.0359 0544 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
21:24:08.0359 0544 TosIde - ok
21:24:08.0921 0544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:24:08.0968 0544 Udfs - ok
21:24:09.0359 0544 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
21:24:09.0375 0544 ultra - ok
21:24:09.0906 0544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:24:10.0031 0544 Update - ok
21:24:10.0546 0544 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:24:10.0593 0544 USBAAPL - ok
21:24:11.0125 0544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:24:11.0140 0544 usbccgp - ok
21:24:11.0500 0544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:24:11.0515 0544 usbehci - ok
21:24:11.0937 0544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:24:11.0953 0544 usbhub - ok
21:24:12.0421 0544 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:24:12.0421 0544 usbprint - ok
21:24:12.0968 0544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:24:12.0968 0544 usbscan - ok
21:24:13.0359 0544 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:24:13.0375 0544 USBSTOR - ok
21:24:13.0765 0544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:24:13.0796 0544 usbuhci - ok
21:24:14.0234 0544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:24:14.0250 0544 VgaSave - ok
21:24:14.0656 0544 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
21:24:14.0687 0544 viaagp - ok
21:24:15.0078 0544 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
21:24:15.0109 0544 ViaIde - ok
21:24:15.0515 0544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:24:15.0531 0544 VolSnap - ok
21:24:15.0937 0544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:24:15.0953 0544 Wanarp - ok
21:24:16.0250 0544 WDICA - ok
21:24:16.0593 0544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:24:16.0640 0544 wdmaud - ok
21:24:17.0093 0544 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:24:17.0109 0544 WpdUsb - ok
21:24:17.0656 0544 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:24:17.0671 0544 WS2IFSL - ok
21:24:18.0031 0544 WscNetDr - ok
21:24:18.0453 0544 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:24:18.0453 0544 WSTCODEC - ok
21:24:18.0890 0544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:24:18.0921 0544 WudfPf - ok
21:24:19.0328 0544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:24:19.0359 0544 WudfRd - ok
21:24:19.0453 0544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:24:19.0921 0544 \Device\Harddisk0\DR0 - ok
21:24:19.0953 0544 Boot (0x1200) (11ce1de5972158a4b40ac0644fa27d2f) \Device\Harddisk0\DR0\Partition0
21:24:19.0953 0544 \Device\Harddisk0\DR0\Partition0 - ok
21:24:19.0953 0544 ============================================================
21:24:19.0953 0544 Scan finished
21:24:19.0953 0544 ============================================================
21:24:19.0984 0620 Detected object count: 0
21:24:19.0984 0620 Actual detected object count: 0

#7 76Sixers

76Sixers
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 12 December 2011 - 11:01 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-12 21:38:51
-----------------------------
21:38:51.546 OS Version: Windows 5.1.2600 Service Pack 3
21:38:51.546 Number of processors: 1 586 0x209
21:38:51.546 ComputerName: COMP UserName: Name
21:38:52.484 Initialize success
21:56:44.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:56:44.562 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3
21:56:44.593 Disk 0 MBR read successfully
21:56:44.593 Disk 0 MBR scan
21:56:44.593 Disk 0 Windows XP default MBR code
21:56:44.609 Disk 0 scanning sectors +80276805
21:56:44.703 Disk 0 scanning C:\WINDOWS\system32\drivers
21:57:08.281 Service scanning
21:57:12.250 Modules scanning
21:57:26.187 Disk 0 trace - called modules:
21:57:26.218 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
21:57:26.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a801ab8]
21:57:26.218 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a80bd98]
21:57:26.234 Scan finished successfully
21:58:23.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Name\Desktop\MBR.dat"
21:58:23.578 The log file has been saved successfully to "C:\Documents and Settings\Name\Desktop\aswMBR.txt"

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:01 AM

Posted 13 December 2011 - 02:46 PM

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 76Sixers

76Sixers
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 13 December 2011 - 10:52 PM

I ran ComboFix, but I kept getting corrupt file error messages. I also got a "grep.3xe has encountered a problem and needs to close message" several times during the scan. I have posted the log below.


I have uninstalled Mcafee Antivirus Plus and firewall but some part of it is still showing up per the ComboFix log notes below.


ComboFix 11-12-13.03 - Name 12/13/2011 21:25:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1613 [GMT -6:00]
Running from: c:\documents and settings\Name\Desktop\comfix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
/wow section - STAGE 4
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.COMP\WINDOWS
c:\documents and settings\Name\WINDOWS
c:\documents and settings\Name\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Name\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Name\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 03:12 . 2011-12-14 03:12 -------- d-----w- c:\windows\LastGood
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2003-03-20 21:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2002-08-29 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2002-08-29 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-08-18 08:52 . 2005-08-18 08:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-10-12 23:41 . 2004-10-12 23:41 2544848 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-10 180269]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 3:04 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 10:42 AM 14088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/20/2010 11:38 PM 24652]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [1/4/2005 11:04 AM 33376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 5:18 PM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\SYSTEM32\DRIVERS\ADM8511.SYS [4/10/2006 8:45 PM 20160]
S3 efipsk;efipsk;\??\c:\docume~1\Name~1\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\Name~1\LOCALS~1\Temp\efipsk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 5:18 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:18]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:18]
.
2011-12-14 c:\windows\Tasks\User_Feed_Synchronization-{7D6BDAD0-F071-413B-B603-D991BB44AAB1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
TCP: DhcpNameServer = 000.00.0.0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-13 21:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????@???????????????(??????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-514534536-3198930587-935661192-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-12-13 21:38:40
ComboFix-quarantined-files.txt 2011-12-14 03:38
.
Pre-Run: 13,577,760,768 bytes free
Post-Run: 15,055,151,104 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 2D739EDDDFC7AC86D55F9E4B34022C94

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:01 AM

Posted 14 December 2011 - 06:14 PM

I assume that the Name folder has been renamed for the forum so please change it back in the script we are about to run.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\docume~1\Name~1\LOCALS~1\Temp\efipsk.sys

Driver::
efipsk


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 76Sixers

76Sixers
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 15 December 2011 - 12:56 AM

I ran combofix twice using the last instructions.

The first time I ran it I kept getting "Application Errors" listed below:

I got four "grep.3XE has encounterted a promblem and must close" messages.
I got one "pev.3XE application error" message.
I got one "string QGrep ecountered a problem and needs to close" message.
I got one "procedure sfcIsfile protected could not be located in DLL.SFC.dll" message.
I got one "Instruction at 0X7C9113C0 reference memory at 0x8b98048d memory could not be written" message.

here is the log from the first run:


ComboFix 11-12-13.03 - Name 12/14/2011 22:22:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1562 [GMT -6:00]
Running from: c:\documents and settings\Name\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Name\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\docume~1\Name~1\LOCALS~1\Temp\efipsk.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TSOC.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EFIPSK
-------\Service_efipsk
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2002-08-29 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-02-06 23:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-08-29 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-04-15 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-08-29 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 1980-01-01 05:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 1980-01-01 05:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2002-08-29 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2003-03-20 21:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2002-08-29 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2002-08-29 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-08-18 08:52 . 2005-08-18 08:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-10-12 23:41 . 2004-10-12 23:41 2544848 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_03.34.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-15 04:39 . 2011-12-15 04:39 40960 c:\windows\temp\rtdrvmon.exe
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\SYSTEM32\tzchange.exe
- 2007-01-29 08:58 . 2011-07-08 13:49 46080 c:\windows\SYSTEM32\tzchange.exe
+ 2002-08-29 10:00 . 2011-11-04 19:20 66560 c:\windows\SYSTEM32\mshtmled.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 66560 c:\windows\SYSTEM32\mshtmled.dll
- 2006-10-27 21:09 . 2011-08-22 23:48 55296 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2006-10-27 21:09 . 2011-11-04 19:20 55296 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 25600 c:\windows\SYSTEM32\jsproxy.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 25600 c:\windows\SYSTEM32\jsproxy.dll
- 2009-06-11 11:38 . 2011-08-22 23:48 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
+ 2009-06-11 11:38 . 2011-11-04 19:20 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 66560 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 66560 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-05-10 06:35 . 2011-08-22 23:48 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-05-10 06:35 . 2011-11-04 19:20 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2002-08-29 10:00 . 2011-10-28 05:31 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
- 2002-08-29 10:00 . 2011-04-26 11:07 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 105984 c:\windows\SYSTEM32\url.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 105984 c:\windows\SYSTEM32\url.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 206848 c:\windows\SYSTEM32\occache.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 206848 c:\windows\SYSTEM32\occache.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 611840 c:\windows\SYSTEM32\mstime.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 611840 c:\windows\SYSTEM32\mstime.dll
+ 2006-10-27 21:09 . 2011-11-04 19:20 602112 c:\windows\SYSTEM32\msfeeds.dll
- 2006-10-27 21:09 . 2011-08-22 23:48 602112 c:\windows\SYSTEM32\msfeeds.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 184320 c:\windows\SYSTEM32\iepeers.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 184320 c:\windows\SYSTEM32\iepeers.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 387584 c:\windows\SYSTEM32\iedkcs32.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 387584 c:\windows\SYSTEM32\iedkcs32.dll
+ 2002-08-29 10:00 . 2011-11-04 11:24 174080 c:\windows\SYSTEM32\ie4uinit.exe
- 2002-08-29 10:00 . 2011-08-22 11:56 174080 c:\windows\SYSTEM32\ie4uinit.exe
- 2003-07-11 15:00 . 2011-10-12 08:16 313968 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2003-07-11 15:00 . 2011-12-14 09:09 313968 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-02-06 23:05 . 2011-11-04 19:20 916992 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2007-05-10 06:35 . 2011-08-22 23:48 602112 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2007-05-10 06:35 . 2011-11-04 19:20 602112 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2009-06-11 11:38 . 2011-08-22 23:48 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
+ 2009-06-11 11:38 . 2011-11-04 19:20 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2010-06-11 20:41 . 2011-08-22 23:48 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll
+ 2010-06-11 20:41 . 2011-11-04 19:20 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll
+ 2002-08-29 10:00 . 2011-11-04 19:20 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2002-08-29 10:00 . 2011-08-22 23:48 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2002-08-29 10:00 . 2011-08-22 11:56 174080 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2002-08-29 10:00 . 2011-11-04 11:24 174080 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2002-08-29 10:00 . 2011-10-18 11:13 186880 c:\windows\SYSTEM32\DLLCACHE\encdec.dll
- 2002-08-29 10:00 . 2011-02-09 13:53 186880 c:\windows\SYSTEM32\DLLCACHE\encdec.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-14 09:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-14 09:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-14 09:03 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-14 09:03 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
- 2004-01-21 22:20 . 2011-08-22 23:48 1212416 c:\windows\SYSTEM32\urlmon.dll
+ 2004-01-21 22:20 . 2011-11-04 19:20 1212416 c:\windows\SYSTEM32\urlmon.dll
+ 2004-07-07 23:37 . 2011-11-04 19:20 5978112 c:\windows\SYSTEM32\mshtml.dll
- 2006-10-17 18:57 . 2011-08-22 23:48 2000384 c:\windows\SYSTEM32\iertutil.dll
+ 2006-10-17 18:57 . 2011-11-04 19:20 2000384 c:\windows\SYSTEM32\iertutil.dll
+ 2002-08-29 10:00 . 2011-11-23 13:25 1859584 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
+ 2004-01-21 22:20 . 2011-11-04 19:20 1212416 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2004-01-21 22:20 . 2011-08-22 23:48 1212416 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2004-04-15 16:12 . 2011-11-01 16:07 1288704 c:\windows\SYSTEM32\DLLCACHE\ole32.dll
+ 1980-01-01 05:00 . 2011-10-25 13:33 2192768 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 1980-01-01 05:00 . 2010-12-09 13:38 2192768 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
+ 2008-10-14 22:06 . 2011-10-25 12:52 2027008 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2008-10-14 22:06 . 2010-12-09 13:07 2027008 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 1980-01-01 05:00 . 2011-10-25 12:52 2069376 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
- 1980-01-01 05:00 . 2010-12-09 13:07 2069376 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-14 22:06 . 2011-10-25 13:37 2148864 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
- 2008-10-14 22:06 . 2010-12-09 13:42 2148864 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2004-07-07 23:37 . 2011-11-04 19:20 5978112 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2007-05-10 06:35 . 2011-08-22 23:48 2000384 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2007-05-10 06:35 . 2011-11-04 19:20 2000384 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-14 09:03 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-14 09:03 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
- 2008-10-14 22:06 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-10-14 22:06 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\I386\ntoskrnl.exe
- 2008-10-14 22:06 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\I386\ntkrpamp.exe
+ 2008-10-14 22:06 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\I386\ntkrpamp.exe
+ 2008-10-14 22:06 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\I386\ntkrnlpa.exe
- 2008-10-14 22:06 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\I386\ntkrnlpa.exe
- 2008-10-14 22:06 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2008-10-14 22:06 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\I386\ntkrnlmp.exe
- 2006-10-27 21:09 . 2011-08-23 22:48 11081728 c:\windows\SYSTEM32\ieframe.dll
+ 2006-10-27 21:09 . 2011-11-04 19:20 11081728 c:\windows\SYSTEM32\ieframe.dll
+ 2007-05-10 06:35 . 2011-11-04 19:20 11081728 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-05-10 06:35 . 2011-08-23 22:48 11081728 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2011-12-14 09:03 . 2011-08-23 22:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-10 180269]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 3:04 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 10:42 AM 14088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/20/2010 11:38 PM 24652]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [1/4/2005 11:04 AM 33376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 5:18 PM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\SYSTEM32\DRIVERS\ADM8511.SYS [4/10/2006 8:45 PM 20160]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 5:18 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:18]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:18]
.
2011-12-15 c:\windows\Tasks\User_Feed_Synchronization-{7D6BDAD0-F071-413B-B603-D991BB44AAB1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????@???????????????(??????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-514534536-3198930587-935661192-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2656)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2011-12-14 22:52:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 04:52
ComboFix2.txt 2011-12-14 03:38
.
Pre-Run: 14,818,283,520 bytes free
Post-Run: 14,687,285,248 bytes free
.
- - End Of File - - C3770448380CC0ED3B7F30E2C0984FF1



The second time I ran ComboFix I ended some processes to eliminate possible conflicts.

This time I only got "Application corrupt errors", approximately seven of these type error messages. I have a copy of that log listed below:


ComboFix 11-12-13.03 - Name 12/14/2011 23:09:50.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1640 [GMT -6:00]
Running from: c:\documents and settings\name\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Name\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\docume~1\Name~1\LOCALS~1\Temp\efipsk.sys"
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2002-08-29 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-02-06 23:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2002-08-29 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-04-15 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2002-08-29 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 1980-01-01 05:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 1980-01-01 05:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2002-08-29 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2003-03-20 21:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2002-08-29 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2002-08-29 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-08-18 08:52 . 2005-08-18 08:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-10-12 23:41 . 2004-10-12 23:41 2544848 -c--a-w- c:\program files\Shockwave_Installer_Slim.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-10 180269]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 3:04 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 10:42 AM 14088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/20/2010 11:38 PM 24652]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [1/4/2005 11:04 AM 33376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 5:18 PM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\SYSTEM32\DRIVERS\ADM8511.SYS [4/10/2006 8:45 PM 20160]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 5:18 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:18]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
TCP: DhcpNameServer = xxx.xx.x.x
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 23:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????@???????????????(??????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-514534536-3198930587-935661192-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3472)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-14 23:25:52
ComboFix-quarantined-files.txt 2011-12-15 05:25
ComboFix2.txt 2011-12-15 04:52
ComboFix3.txt 2011-12-14 03:38
.
Pre-Run: 14,696,431,616 bytes free
Post-Run: 14,675,259,392 bytes free
.
- - End Of File - - 0486142E3527526CD25241C82D1379C5

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:01 AM

Posted 15 December 2011 - 07:35 PM

Looks good. Don't worry about the error messages as they apply to Combofix's running and not your system directly.

Please scan online with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#13 76Sixers

76Sixers
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 15 December 2011 - 11:36 PM

I cannot run the Online scanner. (During Step 2 ) Downloading of the virus definition database I got an error message stating "can not get update. Is proxy configured?" message.

I tried switching to Netscape browser and I followed the instruction for an alternate browser and ended up with the same message.

What proxy setting am I suppose to configure?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:01 AM

Posted 16 December 2011 - 07:45 PM

In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".

In Firefox you find the Proxy server settings this like this. In Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection Select "auto-detect Proxy settings for this network"
Posted Image
m0le is a proud member of UNITE

#15 76Sixers

76Sixers
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 17 December 2011 - 11:01 AM

Here is what ESET Online Scan found:



C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2532\A0285623.dll Win32/Adware.PerfectOptimizer application cleaned by deleting - quarantined


C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2532\A0285630.exe a variant of Win32/Adware.PerfectOptimizer application cleaned by deleting - quarantined



C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2532\A0285640.exe a variant of Win32/Adware.PerfectOptimizer application deleted - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users