Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by a rookit


  • This topic is locked This topic is locked
5 replies to this topic

#1 slikk24

slikk24

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 15 December 2011 - 02:13 PM

I have ran malware bytes, Defogger, DDS, & GMER. No Luck

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-15 05:06:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: gmer.exe; Driver: C:\DOCUME~1\Libby\LOCALS~1\Temp\fgtdrpog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E97210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E97224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E97250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E972A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E971FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E971D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E971E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E9723A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E9727C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E97266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E972D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E972BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E97290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP B9E97294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A75C4 7 Bytes JMP B9E972AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A83DA 5 Bytes JMP B9E972C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6114 5 Bytes JMP B9E97280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C13F8 5 Bytes JMP B9E971D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C1684 5 Bytes JMP B9E971EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8DA6 5 Bytes JMP B9E972D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 8061925E 7 Bytes JMP B9E9726A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 8061A70E 7 Bytes JMP B9E9723E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061ACEC 5 Bytes JMP B9E97214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061B188 7 Bytes JMP B9E97228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061B358 7 Bytes JMP B9E97254 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061C0CA 5 Bytes JMP B9E97200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? jsvi.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9849360, 0x2456AE, 0xE8000020]
.text mrxsmb.sys B6ABD000 13 Bytes JMP B6ABDC0D \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
.text mrxsmb.sys B6ABD00E 13 Bytes [28, 8A, AD, B6, 8B, 0D, F4, ...]
.text mrxsmb.sys B6ABD01C 3 Bytes [85, F4, E5]
.text mrxsmb.sys B6ABD021 44 Bytes [6A, 04, 5B, 39, 1D, 44, B1, ...]
.text mrxsmb.sys B6ABD04F 43 Bytes [68, F0, 8B, AD, B6, 56, E8, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification
? C:\DOCUME~1\Libby\LOCALS~1\Temp\fgtdrpob.sys The system cannot find the file specified. !
? C:\DOCUME~1\Libby\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01FD0000
.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01FD002C
.text C:\WINDOWS\Explorer.EXE[432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01FD0011
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03700FEF
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03700068
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03700F69
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03700043
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03700F86
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03700FB2
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03700099
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03700F47
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 037000D9
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 037000BE
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 037000F4
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03700FA1
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03700FDE
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03700F58
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03700FCD
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03700014
.text C:\WINDOWS\Explorer.EXE[432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03700F36
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 036F0011
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 036F004E
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 036F0FCA
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 036F0000
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 036F003D
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 036F0FEF
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 036F0F9B
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 8B]
.text C:\WINDOWS\Explorer.EXE[432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 036F0022
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024A0F8B
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!system 77C293C7 5 Bytes JMP 024A0FA6
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024A0FC1
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024A0FE3
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024A0016
.text C:\WINDOWS\Explorer.EXE[432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024A0FD2
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01FE0FEF
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01FE0FD4
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01FE0014
.text C:\WINDOWS\Explorer.EXE[432] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01FE002F
.text C:\WINDOWS\Explorer.EXE[432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FF0FEF
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006B000A
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006B002C
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006B001B
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0074006F
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00740054
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00740F7C
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0074002F
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00740F9E
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00740F49
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00740091
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007400E2
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007400C7
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007400F3
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00740F8D
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00740080
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00740FB9
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00740FD4
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007400B6
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006E0025
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006E0051
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006E0FCA
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006E0F94
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006E0000
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006E0FAF
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8E, 88]
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006E0040
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006D004C
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 006D0FB7
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006D001D
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006D0FE3
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006D0FC8
.text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006D000C
.text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01050FE5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01050067
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01050056
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01050F72
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01050F83
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01050FA5
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01050F2B
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01050F3C
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01050EF8
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01050F09
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010500AC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01050F94
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01050F4D
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01050FC0
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01050011
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01050F1A
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01040040
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01040FB6
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0104002F
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01040FEF
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0104007D
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01040000
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0104006C
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01040051
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01030FA6
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 0103003B
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01030FD2
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0103000C
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01030FC1
.text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01030FE3
.text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0102000A
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 0101000A
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01010FD4
.text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01010025
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90076
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F81
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F9E
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90FAF
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90051
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900AE
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F5C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900EE
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F4B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F90F30
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90FC0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90087
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90036
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900C9
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B3002F
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B30F8D
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B3004A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B30FB2
.text%

Edited by slikk24, 15 December 2011 - 02:17 PM.


BC AdBot (Login to Remove)

 


#2 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 15 December 2011 - 02:21 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/15/2008 10:30:18 AM
System Uptime: 12/13/2011 8:09:02 PM (21 hours ago)
.
Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon™ 64 Processor 3200+ | Socket M2 | 2003/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 47.148 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1195: 9/15/2011 11:33:48 PM - System Checkpoint
RP1196: 9/16/2011 9:17:33 PM - Removed IObit Toolbar v4.6.
RP1197: 9/17/2011 9:46:02 PM - System Checkpoint
RP1198: 9/18/2011 10:33:29 PM - System Checkpoint
RP1199: 9/19/2011 11:33:24 PM - System Checkpoint
RP1200: 9/21/2011 12:33:23 AM - System Checkpoint
RP1201: 9/21/2011 5:07:08 AM - Software Distribution Service 3.0
RP1202: 9/22/2011 6:31:38 AM - System Checkpoint
RP1203: 9/23/2011 6:53:36 AM - System Checkpoint
RP1204: 9/24/2011 8:03:37 AM - System Checkpoint
RP1205: 9/25/2011 8:26:05 AM - System Checkpoint
RP1206: 9/26/2011 8:53:14 AM - System Checkpoint
RP1207: 9/27/2011 10:15:09 PM - System Checkpoint
RP1208: 9/28/2011 4:02:25 AM - Software Distribution Service 3.0
RP1209: 9/29/2011 4:53:03 AM - System Checkpoint
RP1210: 9/30/2011 5:52:45 AM - System Checkpoint
RP1211: 10/1/2011 6:52:42 AM - System Checkpoint
RP1212: 10/2/2011 7:13:08 AM - System Checkpoint
RP1213: 10/3/2011 7:52:34 AM - System Checkpoint
RP1214: 10/4/2011 8:52:31 AM - System Checkpoint
RP1215: 10/5/2011 9:52:27 AM - System Checkpoint
RP1216: 10/6/2011 10:52:23 AM - System Checkpoint
RP1217: 10/7/2011 11:52:20 AM - System Checkpoint
RP1218: 10/8/2011 12:52:17 PM - System Checkpoint
RP1219: 10/9/2011 1:53:21 PM - System Checkpoint
RP1220: 10/10/2011 3:05:07 PM - System Checkpoint
RP1221: 10/11/2011 4:09:01 PM - System Checkpoint
RP1222: 10/12/2011 6:04:47 AM - Software Distribution Service 3.0
RP1223: 10/13/2011 6:38:33 AM - System Checkpoint
RP1224: 10/14/2011 7:27:35 AM - System Checkpoint
RP1225: 10/15/2011 8:27:30 AM - System Checkpoint
RP1226: 10/16/2011 9:27:28 AM - System Checkpoint
RP1227: 10/17/2011 10:27:25 AM - System Checkpoint
RP1228: 10/18/2011 11:27:23 AM - System Checkpoint
RP1229: 10/19/2011 12:49:27 PM - System Checkpoint
RP1230: 10/20/2011 1:27:17 PM - System Checkpoint
RP1231: 10/21/2011 2:27:16 PM - System Checkpoint
RP1232: 10/22/2011 3:04:19 PM - System Checkpoint
RP1233: 10/23/2011 3:27:11 PM - System Checkpoint
RP1234: 10/24/2011 4:27:08 PM - System Checkpoint
RP1235: 10/25/2011 5:27:06 PM - System Checkpoint
RP1236: 10/26/2011 5:29:13 PM - System Checkpoint
RP1237: 10/27/2011 5:29:22 PM - System Checkpoint
RP1238: 10/28/2011 6:26:58 PM - System Checkpoint
RP1239: 10/29/2011 7:26:55 PM - System Checkpoint
RP1240: 10/30/2011 8:30:27 PM - System Checkpoint
RP1241: 10/31/2011 9:34:31 PM - System Checkpoint
RP1242: 11/1/2011 10:26:45 PM - System Checkpoint
RP1243: 11/3/2011 6:48:08 PM - System Checkpoint
RP1244: 11/4/2011 7:19:11 PM - System Checkpoint
RP1245: 11/5/2011 8:05:06 PM - System Checkpoint
RP1246: 11/6/2011 7:10:50 PM - System Checkpoint
RP1247: 11/7/2011 8:06:34 PM - System Checkpoint
RP1248: 11/8/2011 8:53:31 PM - System Checkpoint
RP1249: 11/9/2011 9:34:26 PM - System Checkpoint
RP1250: 11/10/2011 3:00:13 AM - Software Distribution Service 3.0
RP1251: 11/11/2011 3:06:29 AM - System Checkpoint
RP1252: 11/12/2011 4:06:29 AM - System Checkpoint
RP1253: 11/13/2011 5:06:23 AM - System Checkpoint
RP1254: 11/14/2011 6:06:20 AM - System Checkpoint
RP1255: 11/14/2011 7:16:13 PM - Software Distribution Service 3.0
RP1256: 11/15/2011 7:39:54 PM - System Checkpoint
RP1257: 11/16/2011 8:21:01 PM - System Checkpoint
RP1258: 11/17/2011 8:52:24 PM - System Checkpoint
RP1259: 11/19/2011 11:01:18 PM - System Checkpoint
RP1260: 11/20/2011 11:28:35 PM - System Checkpoint
RP1261: 11/22/2011 12:28:35 AM - System Checkpoint
RP1262: 11/23/2011 1:28:35 AM - System Checkpoint
RP1263: 11/24/2011 1:52:21 AM - System Checkpoint
RP1264: 11/25/2011 2:52:20 AM - System Checkpoint
RP1265: 11/26/2011 3:51:58 AM - System Checkpoint
RP1266: 11/27/2011 3:52:11 AM - System Checkpoint
RP1267: 11/27/2011 2:15:54 PM - Software Distribution Service 3.0
RP1268: 11/28/2011 2:37:58 PM - System Checkpoint
RP1269: 11/29/2011 2:44:16 PM - System Checkpoint
RP1270: 11/30/2011 9:06:43 PM - System Checkpoint
RP1271: 12/1/2011 3:00:34 AM - Software Distribution Service 3.0
RP1272: 12/2/2011 3:32:08 AM - System Checkpoint
RP1273: 12/3/2011 3:49:38 AM - System Checkpoint
RP1274: 12/4/2011 4:49:35 AM - System Checkpoint
RP1275: 12/5/2011 5:49:32 AM - System Checkpoint
RP1276: 12/6/2011 6:50:35 AM - System Checkpoint
RP1277: 12/7/2011 7:02:37 AM - System Checkpoint
RP1278: 12/8/2011 7:49:22 AM - System Checkpoint
RP1279: 12/9/2011 8:49:19 AM - System Checkpoint
RP1280: 12/10/2011 10:16:02 AM - System Checkpoint
RP1281: 12/11/2011 10:49:14 AM - System Checkpoint
RP1282: 12/12/2011 12:52:32 PM - System Checkpoint
RP1283: 12/14/2011 4:38:31 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
Advanced SystemCare 4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Athlon 64 Processor Driver
BlackBerry Device Software Updater
Bonjour
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
ContentManager
ContentSAFER for Wizmax
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DB CIF Cam
Docs Opener 0.1
DriveImage XML (Private Edition)
e-Sword
EPSON CX7400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
Facebook Plug-In
Game Booster
GemMaster Mystic
Glary Utilities 2.13.0.689
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java™ 6 Update 24
LeapFrog Connect
LeapFrog Leapster2 Plugin
LimeWire 5.5.10
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Internet Security
McAfee Security Scan Plus
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero OEM
NVIDIA Drivers
Otto
PowerDVD
QuickTime
Safari
Samsung Media Studio 5
ScholarWord
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Smart Defrag
Sonic Encoders
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
vShare Plugin
WebFldrs XP
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Windstream Broadband Check-up Center
.
==== Event Viewer Messages From Past Week ========
.
12/13/2011 9:01:36 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/13/2011 8:48:37 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/13/2011 8:10:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi
12/13/2011 8:10:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SPService service to connect.
12/13/2011 8:10:58 PM, error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2011 8:09:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/13/2011 6:19:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/13/2011 12:50:12 PM, error: Dhcp [1002] - The IP address lease 192.168.254.2 for the Network Card with network address 0013723B36BD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/13/2011 11:23:32 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0013723B36BD has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
12/13/2011 1:23:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/13/2011 1:15:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
12/13/2011 1:10:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/13/2011 1:10:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Cdrom Fips Imapi IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2011 1:10:09 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 18 December 2011 - 03:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 18 December 2011 - 08:47 PM

I fixed it Gringo but thanks anyways

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 18 December 2011 - 09:00 PM

No Problem and thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:03 AM

Posted 21 December 2011 - 02:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users