Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect & error messages on startup


  • Please log in to reply
24 replies to this topic

#1 wolf_unknown

wolf_unknown

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 05 January 2012 - 08:13 PM

Hi, all. I'm running Windows XP, and I'm having a couple of issues.

1) My Google results redirect. I get this result in Firefox; IE isn't working at all.

2) I get a series of error messages on startup. I believe they may be left over from some previous virus issues I had. They appear unprompted in this order:

"Windows cannot find 'C:\DOCUME~1\PA~1\LOCALS~1\Temp\dwm.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

"Could not load or run 'C:DOCUME~1\PA~1\LOCALS~1\Temp\dwm.exe' specified in registry. Make sure the file exists on your computer or remove the reference to it in the registry."

"Error loading C:\WINDOWS\uhonufeworit.dll
The specified module could not be found."

"Error loading C:\WINDOWS\mapvan.dll
The specified module could not be found."

These messages don't appear all at once; the next one doesn't pop up until I've closed the previous window.

3) This is probably a hardware issue, but I thought I'd toss it in the mix just in case. I have a laptop with a docking station and separate monitor and wireless keyboard. My wireless keyboard has mostly stopped working. It happened very suddenly, with no discernible cause. However, it's not like the keyboard completely died, because all the extra buttons work. For example, outside of the standard keyboard, it has buttons that do things like open My Documents or eject CD, and these work fine. I just can't type on it. The keyboard of my laptop has no issues. Is this a hardware issue, or is it fixable?

Thanks in advance.

Edited by wolf_unknown, 05 January 2012 - 08:28 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 AM

Posted 05 January 2012 - 08:49 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 05 January 2012 - 09:26 PM

Security Check

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec AntiVirus
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Adobe Flash Player ( 10.1.85.3) Flash Player Out of Date!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
``````````End of Log````````````



======================================================================================


FSS


Farbar Service Scanner
Ran by Pa (administrator) on 05-01-2012 at 17:54:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:50370


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(12) Gpc(7) IPSec(5) irda(3) IWCA(13) NetBT(6) PSched(8) RFCOMM(10) s24trans(11) SYMTDI(9) Tcpip(4) Tcpip6(14)
0x0E0000000500000001000000020000000300000004000000090000000600000007000000080000000A0000000B0000000C0000000D0000000E000000
IpSec Tag value is correct.

**** End of log ****


===============================================================================



MiniToolBox


MiniToolBox by Farbar
Ran by Pa (administrator) on 05-01-2012 at 17:56:15
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:50370

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 50370
"network.proxy.type", 4
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller = Local Area Connection (Disconnected)
Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Quentian

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain_not_set.invalid



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : domain_not_set.invalid

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-0E-35-EE-20-74

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.72

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

68.238.64.12

Lease Obtained. . . . . . . . . . : Thursday, January 05, 2012 5:49:31 PM

Lease Expires . . . . . . . . . . : Friday, January 06, 2012 5:49:31 PM

Server: dslmodem.domain
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.240, 74.125.224.242, 74.125.224.244, 74.125.224.243
74.125.224.241



Pinging google.com [74.125.224.240] with 32 bytes of data:



Reply from 74.125.224.240: bytes=32 time=29ms TTL=53

Reply from 74.125.224.240: bytes=32 time=30ms TTL=53



Ping statistics for 74.125.224.240:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 30ms, Average = 29ms

Server: dslmodem.domain
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=226ms TTL=46

Reply from 98.139.180.149: bytes=32 time=210ms TTL=47



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 210ms, Maximum = 226ms, Average = 218ms

Server: dslmodem.domain
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e 35 ee 20 74 ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.72 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.72 192.168.1.72 25
192.168.1.72 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.72 192.168.1.72 25
224.0.0.0 240.0.0.0 192.168.1.72 192.168.1.72 25
255.255.255.255 255.255.255.255 192.168.1.72 192.168.1.72 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/05/2012 04:01:37 PM) (Source: Automatic LiveUpdate Scheduler) (User: SYSTEM)SYSTEM
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Error: (12/02/2011 06:10:07 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 11.0.8328.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/02/2011 11:03:43 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll, version 1.46.0.0, fault address 0x0001fffe.
Processing media-specific event for [mbam.exe!ws!]

Error: (12/02/2011 10:57:50 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll, version 1.46.0.0, fault address 0x0001fffe.
Processing media-specific event for [mbam.exe!ws!]

Error: (12/02/2011 10:53:51 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll, version 1.46.0.0, fault address 0x0001fffe.
Processing media-specific event for [mbam.exe!ws!]

Error: (12/01/2011 09:23:44 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 11.0.8328.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/01/2011 05:36:14 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application acm.exe, version 5.6.7324.0, stamp 4c65e174, faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address 0x00018775.

Error: (12/01/2011 05:26:02 PM) (Source: Automatic LiveUpdate Scheduler) (User: SYSTEM)SYSTEM
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D


System errors:
=============
Error: (01/05/2012 05:55:44 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPA01NetBT_Tcpip_{17FB2B44-ABA9-450A-

Error: (01/05/2012 05:31:42 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPA01NetBT_Tcpip_{17FB2B44-ABA9-450A-

Error: (01/05/2012 05:07:42 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPA01NetBT_Tcpip_{17FB2B44-ABA9-450A-

Error: (01/05/2012 04:07:38 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPA01NetBT_Tcpip_{17FB2B44-ABA9-450A-

Error: (01/05/2012 04:01:41 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%1053

Error: (01/05/2012 04:01:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

Error: (01/05/2012 04:01:36 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (01/05/2012 09:21:58 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (01/03/2012 11:19:58 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Error: (01/03/2012 10:13:03 AM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverPA01NetBT_Tcpip_{17FB2B44-ABA9-450A-


Microsoft Office Sessions:
=========================
Error: (01/05/2012 04:01:37 PM) (Source: Automatic LiveUpdate Scheduler)(User: SYSTEM)SYSTEM
Description: errorInitialization of the COM subsystem failed. Error code: 0x8007041D

Error: (12/02/2011 06:10:07 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.8328.0hungapp0.0.0.000000000

Error: (12/02/2011 11:03:43 AM) (Source: Application Error)(User: )
Description: mbam.exe1.46.0.1mbam.dll1.46.0.00001fffe

Error: (12/02/2011 10:57:50 AM) (Source: Application Error)(User: )
Description: mbam.exe1.46.0.1mbam.dll1.46.0.00001fffe

Error: (12/02/2011 10:53:51 AM) (Source: Application Error)(User: )
Description: mbam.exe1.46.0.1mbam.dll1.46.0.00001fffe

Error: (12/01/2011 09:23:44 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.8328.0hungapp0.0.0.000000000

Error: (12/01/2011 05:36:14 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: acm.exe5.6.7324.04c65e174mscorwks.dll2.0.50727.36154be902c7000018775

Error: (12/01/2011 05:26:02 PM) (Source: Automatic LiveUpdate Scheduler)(User: SYSTEM)SYSTEM
Description: errorInitialization of the COM subsystem failed. Error code: 0x8007041D


=========================== Installed Programs ============================


『エンジェルズ・フェザー』 (Version: 1.00.0000)
Ad-Aware
Ad-Aware (Version: 8.3.0)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.1.85.3)
Adobe Photoshop 5.0.2 (Version: 5.0)
Adobe Reader 7.0.5 Language Support (Version: 7.0.5)
Adobe Reader 7.0.7 (Version: 7.0.7)
Adobe Reader Japanese Fonts (Version: 7.0.5)
Adobe Shockwave Player (Version: 10.2.0.23)
AM200Fix
AOL Instant Messenger
AT&T Connection Services Manager
ATI Control Panel (Version: 6.14.10.5134)
ATI Display Driver (Version: 8.083-041207a-020348C)
AutoUpdate (Version: 1.1)
BlitzMail
Bluetooth Stack for Windows by Toshiba (Version: v3.10.00)
Business Contact Manager for Outlook 2003 (Version: 1.0.2002.1)
CD/DVD Drive Acoustic Silencer (Version: 1.00.005)
Combined Community Codec Pack 2006-07-28 (Remove Only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
DivX (Version: 6.0.3)
DivX Player (Version: 6.0)
DVD-RAM Driver
GTK+ 2.10.13 runtime environment
Hard Disk Recovery Utilities
Intel® PROSet/Wireless Software
InterActual Player
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.475)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Learn2 Player (Uninstall Only)
LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99)
Logitech Desktop Messenger (Version: 2.52.18)
Logitech SetPoint (Version: 2.12)
Malwarebytes' Anti-Malware
mCore (Version: 1.23.0000)
mDrWiFi (Version: 1.23.0000)
MediaLife
mEoU.msi (Version: 1.23.0000)
mHelp (Version: 1.23.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Compatibility Toolkit 5.6 (Version: 5.6.7324.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works (Version: 08.04.0623)
mIWA (Version: 1.23.0000)
mIWCA (Version: 1.23.0000)
mLogView (Version: 1.23.0000)
mMHouse (Version: 1.23.0000)
Mozilla Firefox (3.6.12) (Version: 3.6.12 (en-US))
mPfMgr (Version: 1.23.0000)
mPfWiz (Version: 1.23.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MusicmatchR Jukebox (Version: 9.00.5100)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.23.0000)
mZConfig (Version: 1.23.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
QuickTime
RealArcade
RealPlayer
Roxio Burn Engine (Version: 1.2.0000)
SD Secure Module (Version: 1.0.2)
SMSC IrCC V5.1.3600.5 SP2 (Version: r1.01)
Sonic DLA (Version: 4.95)
Sonic RecordNow! (Version: 7.22)
SoundMAX (Version: 5.12.01.5240)
Symantec AntiVirus (Version: 10.1.6000.6)
Symantec Network Drivers Update (Version: 5.5.1.6)
Synaptics Pointing Device Driver (Version: 7.12.4.0)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.15.0000)
The GIMP 2.2.17
TIxx21/x515 (Version: 1.15.0000)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.00.45)
TOSHIBA Controls
TOSHIBA Hotkey Utility (Version: 1.00.03K)
TOSHIBA Mobile Extension 3 (Version: 1.00.10K)
TOSHIBA PC Diagnostic Tool
Toshiba Registration (Version: 1.00.0000)
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem (Version: 2.1.47.6 (SM21476ALD6))
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.08K)
TOSHIBA Utilities (Version: 1.00.07K)
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Defender Signatures (Version: 1.20.1459.12)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XviD MPEG-4 Video Codec (Version: XviD-1.0.3-20122004)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 79%
Total physical RAM: 511.42 MB
Available physical RAM: 103.95 MB
Total Pagefile: 1248.9 MB
Available Pagefile: 692.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.36 MB

========================= Partitions: =====================================

1 Drive c: (SQ003558) (Fixed) (Total:52.93 GB) (Free:34.41 GB) NTFS
3 Drive e: (Iomega_HDD) (Fixed) (Total:232.88 GB) (Free:126.49 GB) NTFS
5 Drive g: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT

========================= Users: ========================================

User accounts for \\QUENTIAN

Administrator ASPNET Guest
HelpAssistant Pa SUPPORT_388945a0


**** End of log ****



====================================================================================================





MBAM


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pa :: QUENTIAN [administrator]

1/5/2012 6:06:28 PM
mbam-log-2012-01-05 (18-06-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181774
Time elapsed: 12 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\DOCUME~1\PA~1\LOCALS~1\Temp\dwm.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Documents and Settings\Pa\Application Data\Microsoft\Windows\shell.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:50370 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|CrntDLL (Trojan.Witkinat) -> Data: C:\WINDOWS\system32\0068.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Backdoor.Bot) -> Data: C:\Documents and Settings\Pa\Application Data\Microsoft\svchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Pa\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Pa\Application Data\Microsoft\svchostu.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pa\Application Data\Microsoft\Windows\shellu.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pa\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wupd.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\casinoprophet.ico (Malware.Trace) -> Quarantined and deleted successfully.

(end)




=============================================================================


Will restart computer and run GMER next.

#4 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 January 2012 - 10:19 AM

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-06 07:12:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2060AT rev.0022
Running: ktqetm8e.exe; Driver: C:\DOCUME~1\PA~1\LOCALS~1\Temp\fglyipog.sys


---- System - GMER 1.0.15 ----

SSDT 82C3AAA8 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF863587E]
SSDT spxg.sys ZwEnumerateKey [0xF84BADA4]
SSDT spxg.sys ZwEnumerateValueKey [0xF84BB132]
SSDT spxg.sys ZwOpenKey [0xF84A20C0]
SSDT spxg.sys ZwQueryKey [0xF84BB20A]
SSDT spxg.sys ZwQueryValueKey [0xF84BB08A]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8635BFE]

INT 0x3A ? 82B64BF8
INT 0x3B ? 82B64BF8
INT 0x3B ? 82B64BF8
INT 0x3B ? 82B64BF8
INT 0x3E ? 82F7EBF8
INT 0x3F ? 82F7EBF8

---- Kernel code sections - GMER 1.0.15 ----

? hvplvgd.sys The system cannot find the file specified. !
? spxg.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7AC98AC 5 Bytes JMP 82B641D8
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF779B23F]
.text ajmkyz9d.SYS B84E9386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ajmkyz9d.SYS B84E93AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ajmkyz9d.SYS B84E93C4 3 Bytes [00, 80, 02]
.text ajmkyz9d.SYS B84E93C9 1 Byte [30]
.text ajmkyz9d.SYS B84E93C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1740] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F842D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F84CDDDC] spxg.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84CDE30] spxg.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F84A3042] spxg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F84A313E] spxg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84A30C0] spxg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84A3800] spxg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84A36D6] spxg.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82B642D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84B2B90] spxg.sys
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ajmkyz9d.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F7C1F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \FatCdrom 829601F8
Device \FileSystem\Udfs \UdfsCdRom 828BC1F8
Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 828BC1F8
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\USBSTOR \Device\0000009e 828B6500

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 82B631F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F7F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 82F7F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 82F7F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 82F7F1F8
Device \Driver\usbuhci \Device\USBPDO-1 82B631F8
Device \Driver\usbuhci \Device\USBPDO-2 82B631F8
Device \Driver\usbuhci \Device\USBPDO-3 82B631F8
Device \Driver\PCI_PNP0768 \Device\00000061 spxg.sys
Device \Driver\usbehci \Device\USBPDO-4 82B371F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\USBSTOR \Device\000000a1 828B6500
Device \Driver\Ftdisk \Device\HarddiskVolume1 82F801F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{17FB2B44-ABA9-450A-91F7-79B4A3034316} 82C011F8
Device \Driver\Cdrom \Device\CdRom0 82D531F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82F801F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F83D8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F83D8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F83D8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F83D8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 82D531F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82C011F8
Device \Driver\NetBT \Device\NetbiosSmb 82C011F8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 82B631F8
Device \Driver\usbuhci \Device\USBFDO-1 82B631F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82DE31F8
Device \Driver\usbuhci \Device\USBFDO-2 82B631F8
Device 82DE31F8
Device \Driver\usbuhci \Device\USBFDO-3 82B631F8
Device \Driver\usbehci \Device\USBFDO-4 82B371F8
Device \Driver\Ftdisk \Device\FtControl 82F801F8
Device \Driver\ajmkyz9d \Device\Scsi\ajmkyz9d1Port2Path0Target0Lun0 82948500
Device \Driver\ajmkyz9d \Device\Scsi\ajmkyz9d1 82948500
Device \Driver\sptd \Device\3952233072 spxg.sys
Device 829601F8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 82F0B1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037a209280
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x88 0x13 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8D 0xA9 0xC9 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xFD 0x49 0xE4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037a209280 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xB3 0xA9 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8D 0xA9 0xC9 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xFD 0x49 0xE4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 AM

Posted 06 January 2012 - 11:32 AM

Re-run MiniToolbox.

Checkmark following boxes:
  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
Click Go and post the result.

Restart computer.

Re-run MiniToolbox.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
Click Go and post the result.

Still redirected?

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 January 2012 - 12:02 PM

MiniToolBox by Farbar
Ran by Pa (administrator) on 06-01-2012 at 08:56:40
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


**** End of log ****

#7 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 January 2012 - 12:49 PM

MiniToolBox by Farbar
Ran by Pa (administrator) on 06-01-2012 at 09:24:58
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================


**** End of log ****



I am no longer redirecting in Firefox, and I appear to have no issues in IE, either.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 AM

Posted 06 January 2012 - 12:50 PM

Good.
Go ahead with aswMBR.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 January 2012 - 01:34 PM

aswMBR


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-06 10:06:55
-----------------------------
10:06:55.517 OS Version: Windows 5.1.2600 Service Pack 3
10:06:55.517 Number of processors: 1 586 0xD08
10:06:55.557 ComputerName: QUENTIAN UserName:
10:07:00.585 Initialize success
10:14:02.221 AVAST engine defs: 12010600
10:17:59.242 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:17:59.252 Disk 0 Vendor: FUJITSU_MHT2060AT 0022 Size: 57231MB BusType: 3
10:17:59.282 Disk 0 MBR read successfully
10:17:59.362 Disk 0 MBR scan
10:18:00.504 Disk 0 unknown MBR code
10:18:00.554 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 54203 MB offset 63
10:18:00.854 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSWIN4.1 3027 MB offset 111009150
10:18:01.004 Disk 0 scanning sectors +117210240
10:18:01.435 Disk 0 scanning C:\WINDOWS\system32\drivers
10:18:36.435 Service scanning
10:18:40.361 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:18:41.292 Modules scanning
10:18:56.524 Module: C:\WINDOWS\system32\dla\tfsndres.sys **SUSPICIOUS**
10:18:58.998 Disk 0 trace - called modules:
10:18:59.008 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprx.sys >>UNKNOWN [0x82f88938]<<
10:18:59.008 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ef0ab8]
10:18:59.008 3 CLASSPNP.SYS[f8615fd7] -> nt!IofCallDriver -> \Device\00000095[0x82ea89e8]
10:18:59.008 5 ACPI.sys[f8461620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82ef4940]
10:19:02.002 AVAST engine scan C:\WINDOWS
10:19:37.433 AVAST engine scan C:\WINDOWS\system32
10:23:51.669 AVAST engine scan C:\WINDOWS\system32\drivers
10:24:15.082 AVAST engine scan C:\Documents and Settings\Pa
10:29:19.059 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pa\Desktop\MBR.dat"
10:29:19.079 The log file has been saved successfully to "C:\Documents and Settings\Pa\Desktop\aswMBR.txt"

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 AM

Posted 06 January 2012 - 01:36 PM

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\dla\tfsndres.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 January 2012 - 01:52 PM

File name:
tfsndres.sys
Submission date:
2012-01-06 18:41:15 (UTC)
Current status:
queued queued (#5) analysing finished
Result:
0/ 43 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2012.01.06.00 2012.01.06 -
AntiVir 7.11.20.192 2012.01.06 -
Antiy-AVL 2.0.3.7 2012.01.06 -
Avast 6.0.1289.0 2012.01.06 -
AVG 10.0.0.1190 2012.01.06 -
BitDefender 7.2 2012.01.06 -
ByteHero 1.0.0.1 2011.12.31 -
CAT-QuickHeal 12.00 2012.01.06 -
ClamAV 0.97.3.0 2012.01.06 -
Commtouch 5.3.2.6 2012.01.06 -
Comodo 11204 2012.01.06 -
DrWeb 5.0.2.03300 2012.01.06 -
Emsisoft 5.1.0.11 2012.01.06 -
eSafe 7.0.17.0 2012.01.03 -
eTrust-Vet 37.0.9667 2012.01.06 -
F-Prot 4.6.5.141 2012.01.06 -
F-Secure 9.0.16440.0 2012.01.06 -
Fortinet 4.3.388.0 2012.01.06 -
GData 22 2012.01.06 -
Ikarus T3.1.1.109.0 2012.01.06 -
Jiangmin 13.0.900 2012.01.06 -
K7AntiVirus 9.123.5881 2012.01.06 -
Kaspersky 9.0.0.837 2012.01.06 -
McAfee 5.400.0.1158 2012.01.06 -
McAfee-GW-Edition 2010.1E 2012.01.06 -
Microsoft 1.7903 2012.01.06 -
NOD32 6773 2012.01.06 -
Norman 6.07.13 2012.01.06 -
nProtect 2012-01-06.01 2012.01.06 -
Panda 10.0.3.5 2012.01.06 -
PCTools 8.0.0.5 2012.01.06 -
Prevx 3.0 2012.01.06 -
Rising 23.91.04.02 2012.01.06 -
Sophos 4.73.0 2012.01.06 -
SUPERAntiSpyware 4.40.0.1006 2012.01.06 -
Symantec 20111.2.0.82 2012.01.06 -
TheHacker 6.7.0.1.371 2012.01.05 -
TrendMicro 9.500.0.1008 2012.01.06 -
TrendMicro-HouseCall 9.500.0.1008 2012.01.06 -
VBA32 3.12.16.4 2012.01.06 -
VIPRE 11361 2012.01.06 -
ViRobot 2012.1.6.4867 2012.01.06 -
VirusBuster 14.1.153.0 2012.01.06 -

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 AM

Posted 06 January 2012 - 03:59 PM

Good.

Last checks...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 06 January 2012 - 06:29 PM

Ran Temp File Cleaner.

I'm afraid I'll be offline for a few days, but when I can, I'll run ESET and post the results here.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 AM

Posted 06 January 2012 - 06:33 PM

No problem :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 16 January 2012 - 01:26 PM

Sorry about the long wait--it took longer than I expected.

ESET came up clean.

I'm still getting two error messages on startup.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users