Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Crashes


  • This topic is locked This topic is locked
4 replies to this topic

#1 purplehero

purplehero

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 February 2012 - 12:45 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic440812.html ~ OB

First the dds file
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by SYSTEM at 0:34:07 on 2012-02-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.2381 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\prxtbooVo.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {007df30f-0616-47c0-959c-0729a1c721f1} - c:\windows\system32\api-ms-win-core-interlocked-l1-1-032.dll
BHO: Shop to Win 9: {0095c290-a428-4bdd-b98c-e0a116f1c702} - c:\program files\shop to win 9\ShoppingBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - c:\program files\oovootoolbar\oovootoolbarX.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Facetheme: {66d8fba6-d90f-40a9-ac55-84896f79ca69} - c:\program files\object\bho_project.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: 5cadb5c0: {ca42994c-1b1b-d732-98f6-e821b7e28b41} - c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\prxtbooVo.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - c:\program files\oovootoolbar\oovootoolbarX.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\prxtbooVo.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_Plugin.exe -update plugin
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [ConexantAudioPatch] %ProgramFiles%\ConexantAudioPatch\Audioreset.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{05a8b730-c37c-4238-b746-135952927472}
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_Plugin.exe -update plugin
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\0484F6D65643736323 : DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\34F4850264255454027594649402D20264F4F44434F4552545 : DhcpNameServer = 10.1.12.1
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\34F6870235F6C6574796F6E637023547F62756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\34F6D607574756272556071696273456E6475627 : DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.17
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\4656661657C647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\65438415A4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\D44707F5C4962627162797 : DhcpNameServer = 10.90.7.8 10.90.7.3
TCP: Interfaces\{CD0CC067-9BF2-4AF5-9293-E637C509B087} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll avgrsstx.dll,c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-26 243152]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-27 51712]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-15 9216]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-8-13 859136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-26 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-26 29584]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S1 MpKsl45e23819;MpKsl45e23819;c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\MpKsl45e23819.sys [2012-1-31 28752]
S1 MpKsleebc66c5;MpKsleebc66c5;c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\MpKsleebc66c5.sys [2012-1-31 28752]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-26 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-26 308136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S2 clr_optimization_v2.0.50727_3232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\windows\system32\bootstr32.exe [2011-6-18 764416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-14 135664]
S2 MMCSS32;Multimedia Class Scheduler ;c:\windows\system32\igdumdx3232.exe --> c:\windows\system32\igdumdx3232.exe [?]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-27 185712]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2011-1-19 947528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-14 135664]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-8-13 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-13 171520]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-8-13 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-16 1343400]
.
=============== Created Last 30 ================
.
2012-02-01 02:35:19 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\MpKsleebc66c5.sys
2012-02-01 02:09:16 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\MpKsl45e23819.sys
2012-02-01 02:09:03 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\mpengine.dll
2012-01-31 23:50:56 -------- d-----w- c:\windows\system32\%LocalAppData%
.
==================== Find3M ====================
.
.
============= FINISH: 0:36:01.77 ===============

Now the attach file




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/13/2010 8:41:26 PM
System Uptime: 1/31/2012 9:39:51 PM (3 hours ago)
.
Motherboard: TOSHIBA | | Satellite T135
Processor: Genuine Intel® CPU U4100 @ 1.30GHz | U2E1 | 1296/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 253.111 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP224: 6/2/2011 6:45:59 AM - Windows Update
RP225: 6/2/2011 7:09:15 AM - Windows Update
RP226: 6/2/2011 11:31:45 PM - Windows Update
RP227: 6/3/2011 12:07:03 AM - Windows Update
RP228: 6/4/2011 3:32:39 PM - Windows Update
RP229: 6/5/2011 8:25:26 PM - Windows Update
RP230: 6/5/2011 8:32:05 PM - Windows Update
RP231: 6/6/2011 11:49:56 PM - Windows Update
RP232: 6/7/2011 6:47:26 AM - Windows Update
RP233: 6/7/2011 7:07:08 AM - Windows Update
RP234: 6/8/2011 6:21:29 AM - Windows Update
RP235: 6/9/2011 6:47:37 AM - Windows Update
RP236: 6/9/2011 7:12:30 AM - Windows Update
RP237: 6/10/2011 5:26:21 AM - Windows Update
RP238: 6/10/2011 7:01:28 AM - Windows Update
RP239: 6/11/2011 11:29:16 AM - Windows Update
RP240: 6/12/2011 10:50:11 PM - Windows Update
RP241: 6/12/2011 11:00:52 PM - Windows Update
RP242: 6/12/2011 11:21:39 PM - Windows Update
RP243: 6/15/2011 6:23:25 AM - Windows Update
RP244: 6/15/2011 6:30:01 AM - Windows Update
RP245: 6/16/2011 6:21:43 AM - Windows Update
RP246: 6/16/2011 6:31:34 AM - Windows Update
RP247: 6/17/2011 11:39:34 PM - Windows Update
RP248: 6/19/2011 10:27:35 AM - Windows Update
RP249: 6/20/2011 11:53:13 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AVG Free 9.0
BearShare
Bluetooth Stack for Windows by Toshiba
Bonjour
Conduit Engine
Conexant HD Audio
Drop Down Deals 1.10.01
Facetheme
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 14
Junk Mail filter update
MediaBar
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Mozilla Firefox (3.6.17)
MSVCRT
MyToshiba
NetZero Launcher
Norton Internet Security
ooVoo
ooVoo Toolbar
ooVoo Video Chat Toolbar
PlayReady PC Runtime x86
Quickbooks Financial Center
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
ScanQuery 1.0 build 116 powered by FIRST SEARCHBAR
Search Toolbar
Shop to Win 9
ShopperReports
Skype Launcher
Skype Toolbars
Skype™ 4.2
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
2/1/2012 12:14:37 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/31/2012 9:40:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/31/2012 9:40:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/31/2012 9:40:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/31/2012 9:40:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/31/2012 9:40:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cdrom discache MpFilter spldr Wanarpv6
1/31/2012 9:40:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8366db40, 0xaeb9b74c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 013112-26894-01.
1/31/2012 9:36:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/31/2012 9:36:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/31/2012 9:33:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
1/31/2012 9:12:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83656b40, 0x93d6574c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 013112-31902-01.
1/31/2012 9:10:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/31/2012 9:07:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
1/31/2012 6:41:51 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
1/31/2012 6:41:50 PM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: A system shutdown is in progress.
1/31/2012 6:41:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007045b Error description: A system shutdown is in progress. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
1/31/2012 6:41:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/31/2012 6:29:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/31/2012 6:27:01 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/31/2012 6:27:01 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/31/2012 6:27:01 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/31/2012 6:01:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/31/2012 5:53:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83669b40, 0xb445374c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 013112-22604-01.
1/31/2012 5:49:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/31/2012 5:47:58 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
1/31/2012 5:44:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/31/2012 5:44:02 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2012 5:44:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/31/2012 5:43:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cdrom DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
1/31/2012 5:43:38 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2012 5:43:38 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2012 5:43:38 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2012 5:43:38 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2012 5:43:38 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2012 5:43:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2012 5:43:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2012 5:43:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2012 5:43:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2012 5:43:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2012 5:43:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x861d3690, 0x82d6bae0, 0x85fa0650). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 013112-22557-01.
.
==== End Of File ===========================

Edited by Orange Blossom, 01 February 2012 - 11:00 AM.
Moved from Win7


BC AdBot (Login to Remove)

 


#2 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 February 2012 - 07:12 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-01 19:04:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.FG02
Running: giye1y61.exe; Driver: C:\windows\system32\config\SYSTEM~1\AppData\Local\Temp\kxtdapog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82081569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820A6092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\windows\System32\svchost.exe[984] ntdll.dll!NtProtectVirtualMemory 773051C0 5 Bytes JMP 0038000A
.text C:\windows\System32\svchost.exe[984] ntdll.dll!NtWriteVirtualMemory 77305D40 5 Bytes JMP 0051000A
.text C:\windows\System32\svchost.exe[984] ntdll.dll!KiUserExceptionDispatcher 77306298 5 Bytes JMP 0036000A
.text C:\windows\Explorer.EXE[1136] ntdll.dll!NtProtectVirtualMemory 773051C0 5 Bytes JMP 001B000A
.text C:\windows\Explorer.EXE[1136] ntdll.dll!NtWriteVirtualMemory 77305D40 5 Bytes JMP 0020000A
.text C:\windows\Explorer.EXE[1136] ntdll.dll!KiUserExceptionDispatcher 77306298 5 Bytes JMP 0016000A
.text C:\windows\System32\ping.exe[1372] ntdll.dll!NtCreateProcess 77304940 5 Bytes JMP 005A000A
.text C:\windows\System32\ping.exe[1372] ntdll.dll!NtCreateProcessEx 77304950 5 Bytes JMP 005F000A
.text C:\windows\System32\ping.exe[1372] ntdll.dll!NtCreateUserProcess 77304A20 5 Bytes JMP 0060000A
.text C:\windows\System32\ping.exe[1372] ntdll.dll!NtProtectVirtualMemory 773051C0 5 Bytes JMP 002E000A
.text C:\windows\System32\ping.exe[1372] ntdll.dll!NtWriteVirtualMemory 77305D40 5 Bytes JMP 0050000A
.text C:\windows\System32\ping.exe[1372] ntdll.dll!KiUserExceptionDispatcher 77306298 5 Bytes JMP 001C000A
.text C:\windows\System32\ping.exe[1372] USER32.dll!GetCursorPos 76C5C198 5 Bytes JMP 006C000A
.text C:\windows\System32\ping.exe[1372] USER32.dll!GetForegroundWindow 76C6565D 5 Bytes JMP 006E000A
.text C:\windows\System32\ping.exe[1372] USER32.dll!WindowFromPoint 76C86D0C 5 Bytes JMP 006D000A
.text C:\windows\System32\ping.exe[1372] ole32.dll!CoCreateInstance 76B1590C 5 Bytes JMP 0067000A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtCreateFile + 6 77304876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtCreateFile + B 7730487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtMapViewOfSection + 6 77304ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtMapViewOfSection + 6 77304ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtMapViewOfSection + B 77304EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenFile + 6 77304F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenFile + B 77304F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcess + 6 77305036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcess + B 7730503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessToken + 6 77305046 4 Bytes CALL 7630574C C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessToken + B 7730504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessTokenEx + 6 77305056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenProcessTokenEx + B 7730505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThread + 6 773050B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThread + B 773050BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadToken + 6 773050C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadToken + B 773050CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadTokenEx + 6 773050D6 4 Bytes CALL 763057DD C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtOpenThreadTokenEx + B 773050DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryAttributesFile + 6 773051E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryAttributesFile + B 773051EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryFullAttributesFile + 6 77305296 4 Bytes CALL 7630599B C:\windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtQueryFullAttributesFile + B 7730529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationFile + 6 773058E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationFile + B 773058EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationThread + 6 77305946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtSetInformationThread + B 7730594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtUnmapViewOfSection + 6 77305C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtUnmapViewOfSection + 6 77305C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1884] ntdll.dll!NtUnmapViewOfSection + B 77305C6B 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000073 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b680d711
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b680d711 (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\0d823055008e34df4a2d4d58df83e6bc[1].swf 27640 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\1073403368@x15[1].js 1299 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\1107584176@x10[1].js 120 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\1622064173@x15[1].js 1299 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\1678683300@Right[1].js 1592 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\lb[1].gif 49 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\23191_100000587140366_8889_q[1].jpg 2469 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\7636430_396f4b8c-6554-444b-a750-2246c4295558[1].js 3791 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\r[1].js 168 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\37536[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\getInPageJS[1].htm 6352 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\ads[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\play-59fbff4587e330966b76409853d193c1[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\PL_FlipPanelDirectionAutomatically_v5_ALL[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\recent[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\img[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\js[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\bsredirect5[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0ZNGKI4\bsredirect5[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9XT9XW1R.txt 301 bytes

---- EOF - GMER 1.0.15 ----

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 AM

Posted 04 February 2012 - 03:32 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 04 February 2012 - 05:26 PM

Sorry, but I made a new topic concerning this issue when I realized that I had made the mistake of replying to this topic, delaying the response time. I did not know how to close this topic so I left it alone. I am receiving help at the moment from my new topic.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:48 AM

Posted 04 February 2012 - 05:27 PM

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users