Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are my BSOD errors "atikmpag.sys" being caused by a virus?


  • This topic is locked This topic is locked
73 replies to this topic

#1 jo-prez

jo-prez

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:04:30 PM

Posted 07 May 2012 - 08:34 PM

How you guys doing, I was sent here from my previous topic to get a deeper look into my problem. Here's the link from my previous topic explaining my problem: http://www.bleepingcomputer.com/forums/topic450555.html/page__pid__2676456#entry2676456

In my previous topic I was being helped to remove some malware that kept coming back all the time after being removed by Malwarebytes. My computer seems to be clean now but I was sent here to get a deeper look into why does my Norton Security Suite doesn't work on safe mode and to find out why am I getting my Blue screens with the error "atikmpag.sys" that's blocking me to log into windows normal mode. Regarding my antivirus, I installed it on another computer and I tried using it in safe mode and it doesn't seem to protect me, it can only do scans but that's it, is this attitude normal from Norton Security Suite on safe mode? And about my Blue screen error, is there a possibility that I have a hidden virus causing my ATI graphic card driver to fail? I can't log into normal mode only safe mode and I get lots of color lines(artifacts) when turning my computer on and then my computer crashes and I get the Blue screen error. Or is there a virus causing me both problems I just mentioned with my antivirus and the blue screen errors? Can someone help me take a deeper look into my computer just to make sure I don't have a virus still hidding? Any help is greatly appretiated, thanks in advance! here's my DDS log, I have windows vista 64-bit so I didn't do the scan with GMER since you guys say not to do that on 64-bit systems.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Pepe at 2:22:13 on 2012-05-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.5254 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [AdobeBridge]
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Akamai NetSession Interface] "C:\Users\Pepe\AppData\Local\Akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [NPSStartup]
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Pepe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E15948E1-A5B2-47BE-A27E-871C216C8DDC} : NameServer = 4.2.2.2,4.2.2.1
TCP: Interfaces\{E15948E1-A5B2-47BE-A27E-871C216C8DDC} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO-X64: Skype add-on (mastermind) - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun-x64: [NPSStartup]
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
mRunOnce-x64: [GrpConv] grpconv -o
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pepe\AppData\Roaming\Mozilla\Firefox\Profiles\h0tuzflp.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111126&q=
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Pepe\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: C:\Users\Pepe\AppData\Roaming\Mozilla\Firefox\Profiles\h0tuzflp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Pepe\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Pepe\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-22 1157240]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSviA64.sys [2012-3-27 488568]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMTDIV.SYS [?]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-7-17 88576]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2011-11-8 74752]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-2 133104]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-26 654408]
S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-17 636144]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-2 133104]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 PAC207;Basic Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-9-2 16448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-19 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-06 11:03:02 32 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2012-02-16 10:03:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 03:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-15 03:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 03:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-15 03:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-15 03:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-15 03:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-15 03:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 03:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 2:23:48.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:30 PM

Posted 10 May 2012 - 07:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 jo-prez

jo-prez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:04:30 PM

Posted 10 May 2012 - 09:19 PM

How you doing m0le, thanks so much for your reply, I'm ready to receive your instructions :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:30 PM

Posted 11 May 2012 - 05:22 PM

Okay, I've read your other topic with boopme. The atikmpag.sys driver seems to be synonymous with BSOD.

The Google page finds quite a lot. Please take a look at the top search result and tell me if this is the problem you are experiencing and under these or similar conditions.


However, TDSS has also been here so let's make sure that's not still a problem

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#5 jo-prez

jo-prez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:04:30 PM

Posted 13 May 2012 - 08:21 AM

Hello m0le, I did everything you told me.

Regarding the top search result on google about the atikmpag.sys BSOD, I read their topic and the only similar thing related to my problem is the atikmpag.sys BSOD.I never did anything to my computer as far as adding RAM or upgrading any other hardware, if anything I just air dusted the inside of my PC to remove lots of dust it had. The video card fan was working and all the other fans to ventillate my computer were working too. My first BSOD happened out of no where, I was just watching videos on youtube and then I saw some color lines(artifacts) all over my screen. During those times when I was able to log into normal mode my screen would black out and then I would get the BSOD, but that was in the beggining when I first had my first BSOD. I also remember unstalling the old video drivers and uploading them with the updated ones but then some new drivers came up during those same days and I uninstalled the older drivers but after doing that I never had the chance to go back into normal mode to install the new drivers because I'm not able to log in to normal mode. When I turn on my computer, lots of color lines and dots appear all over my screen then my computer freezes and then I always get the atikmpag.sys error. I can only log into safe mode for now.

One thing I've noticed is that people talk so much about running Driver Sweeper after uninstalling the video drivers(Catalyst Control Center) the normal way, do you think maybe some of the old drivers didn't uninstalled completely and maybe that's why I get this atikmpag.sys error? Should I run Driver Sweeper maybe? I think I read that on the same topic that you linked me to, if I'm not mistaken someone mentioned something like that. I've read so many topics about that error, and theres lots of causes for it. But my main worry/question right now is that I really want to find out if theres a virus causing me to get that error, or if my computer is really clean at all or is there still some malware hidding? I would love to know what you think about all that :) But anyways, heres the log from Farbar Recovery Scan Tool x64 that you asked for. Let me know what's next, thank you!



Scan result of Farbar Recovery Scan Tool Version: 12-05-2012
Ran by SYSTEM at 13-05-2012 02:00:28
Running from J:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [118624 2009-07-24] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" [180224 2009-11-08] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [274608 2010-12-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [249856 2005-08-11] (Macrovision Corporation)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [ooVoo] C\ooVoo.exe /minimized [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [ooVoo] C\ooVoo.exe /minimized [x]
HKU\Pepe\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Pepe\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Pepe\...\Run: [AdobeBridge] [x]
HKU\Pepe\...\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [249856 2005-08-11] (Macrovision Corporation)
HKU\Pepe\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [86960 2006-09-11] (Macrovision Corporation)
HKU\Pepe\...\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\Pepe\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Pepe\...\Run: [Akamai NetSession Interface] "C:\Users\Pepe\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
HKU\Pepe\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-03-07] (SUPERAntiSpyware.com)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1081416 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [GrpConv] grpconv -o [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E15948E1-A5B2-47BE-A27E-871C216C8DDC}: [NameServer]4.2.2.2,4.2.2.1

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 astcc; C:\Windows\SysWow64\ASTSRV.EXE [57344 2009-12-01] (Nalpeiron Ltd.)
2 Freemake Improver; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [74752 2011-10-26] (Freemake)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [86584 2010-10-22] (Adobe Systems, Inc.)
3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH6.sys [90128 2011-10-17] (Advanced Micro Devices)
3 atikmdag; C:\Windows\System32\Drivers\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
3 BVRPMPR5a64; C:\Windows\System32\Drivers\BVRPMPR5a64.sys [35840 2009-08-19] (Avanquest Software)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-04] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSvia64.sys [488568 2012-03-20] (Symantec Corporation)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [98144 2008-12-15] (JMicron Technology Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [36208 2009-07-24] (Microsoft Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.037\ENG64.SYS [117880 2011-11-09] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120327.037\EX64.SYS [2048632 2011-11-09] (Symantec Corporation)
3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [571904 2006-11-20] (PixArt Imaging Inc.)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [17976 2010-09-01] (Secunia)
3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [174592 2008-12-14] (Realtek Corporation )
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR64.SYS [62464 2008-12-17] (Realtek Semiconductor Corp.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SRTSP; C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0502000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
3 sscdbus; C:\Windows\System32\Drivers\sscdbus.sys [136264 2010-04-26] (MCCI Corporation)
3 sscdmdfl; C:\Windows\System32\Drivers\sscdmdfl.sys [19016 2010-04-26] (MCCI Corporation)
3 sscdmdm; C:\Windows\System32\Drivers\sscdmdm.sys [172104 2010-04-26] (MCCI Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-07-17] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0502000.00D\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMTDIV.SYS [432760 2011-04-20] (Symantec Corporation)
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [105592 2009-12-23] (PACE Anti-Piracy, Inc.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-13 02:00 - 2012-05-13 02:00 - 0000000 ____D C:\FRST
2012-05-05 00:01 - 2012-05-05 00:01 - 0000662 ____A C:\Users\Pepe\Desktop\ark.txt
2012-05-04 23:32 - 2012-05-04 23:32 - 0023897 ____A C:\Users\Pepe\Desktop\dds.txt
2012-05-04 23:32 - 2012-05-04 23:32 - 0008128 ____A C:\Users\Pepe\Desktop\attach.txt
2012-05-04 23:21 - 2012-05-04 23:21 - 0000000 ____A C:\Users\Pepe\defogger_reenable
2012-05-03 02:06 - 2012-05-04 20:34 - 0000242 ____A C:\Users\Pepe\Desktop\defogger_enable.log
2012-05-03 01:31 - 2011-07-16 19:21 - 0302592 ____A C:\Users\Pepe\Desktop\gmer.exe
2012-05-03 01:19 - 2012-05-04 23:21 - 0000470 ____A C:\Users\Pepe\Desktop\defogger_disable.log
2012-05-03 01:14 - 2012-05-02 22:00 - 0294216 ____A C:\Users\Pepe\Desktop\gmer.zip
2012-05-03 01:14 - 2012-05-02 21:59 - 0302592 ____A C:\Users\Pepe\Desktop\eb4t43xd.exe
2012-05-03 01:13 - 2012-05-02 21:55 - 0050477 ____A C:\Users\Pepe\Desktop\Defogger.exe
2012-05-03 01:10 - 2012-05-05 00:00 - 0000000 ____D C:\Users\Pepe\Desktop\old results for BC
2012-04-23 11:17 - 2012-04-23 11:21 - 0000000 ____D C:\Users\Pepe\Desktop\BC LOGS
2012-04-23 10:11 - 2012-04-23 10:24 - 0121596 ____A C:\TDSSKiller.2.7.31.0_23.04.2012_13.11.37_log.txt
2012-04-23 10:10 - 2010-12-31 22:14 - 0002254 ____A C:\Users\Pepe\Desktop\eula.txt
2012-04-23 10:09 - 2012-04-23 10:09 - 0000348 ____A C:\TDSSKiller.2.7.23.0_23.04.2012_13.09.32_log.txt
2012-04-23 08:16 - 2012-04-23 08:29 - 0121342 ____A C:\TDSSKiller.2.7.23.0_23.04.2012_11.16.40_log.txt
2012-04-23 06:41 - 2006-09-18 13:37 - 0000761 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-23 06:21 - 2012-04-23 06:19 - 0980480 ____A C:\Users\Pepe\Desktop\MicrosoftFixit50267.msi
2012-04-23 06:21 - 2012-04-23 06:18 - 0013824 ____A C:\Users\Pepe\Desktop\HOSTS back to NORMAL.wps
2012-04-23 06:21 - 2012-04-20 16:50 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\Pepe\Desktop\TDSSKiller.exe
2012-04-22 16:21 - 2012-04-22 16:21 - 0001591 ____A C:\Users\Pepe\Desktop\aswMBR.txt
2012-04-22 16:21 - 2012-04-22 16:21 - 0000512 ____A C:\Users\Pepe\Desktop\MBR.dat
2012-04-22 16:02 - 2012-04-22 16:00 - 1008141 ____A C:\Users\Pepe\Desktop\rkill.scr
2012-04-22 15:40 - 2012-04-22 15:40 - 0020963 ____A C:\Users\Pepe\Desktop\Result.txt
2012-04-22 15:27 - 2012-04-22 12:32 - 4731392 ____A (AVAST Software) C:\Users\Pepe\Desktop\aswMBR.exe
2012-04-22 15:27 - 2012-04-22 12:24 - 0396041 ____A C:\Users\Pepe\Desktop\MiniToolBox.exe
2012-04-22 15:22 - 2012-04-22 15:22 - 0293496 ____A C:\Windows\Minidump\Mini042212-01.dmp
2012-04-18 03:59 - 2012-04-18 03:59 - 0293496 ____A C:\Windows\Minidump\Mini041812-01.dmp

============ 3 Months Modified Files and Folders =============

2012-05-13 02:00 - 2012-05-13 02:00 - 0000000 ____D C:\FRST
2012-05-12 22:49 - 2012-03-05 23:18 - 7940270 ____A C:\Windows\ntbtlog.txt
2012-05-12 22:49 - 2006-11-02 04:46 - 0725090 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-05 00:01 - 2012-05-05 00:01 - 0000662 ____A C:\Users\Pepe\Desktop\ark.txt
2012-05-05 00:00 - 2012-05-03 01:10 - 0000000 ____D C:\Users\Pepe\Desktop\old results for BC
2012-05-04 23:32 - 2012-05-04 23:32 - 0023897 ____A C:\Users\Pepe\Desktop\dds.txt
2012-05-04 23:32 - 2012-05-04 23:32 - 0008128 ____A C:\Users\Pepe\Desktop\attach.txt
2012-05-04 23:21 - 2012-05-04 23:21 - 0000000 ____A C:\Users\Pepe\defogger_reenable
2012-05-04 23:21 - 2012-05-03 01:19 - 0000470 ____A C:\Users\Pepe\Desktop\defogger_disable.log
2012-05-04 23:21 - 2009-10-01 20:09 - 0000000 ____D C:\users\Pepe
2012-05-04 20:36 - 2012-03-06 02:14 - 0000732 ____A C:\Users\Pepe\Local Settings\d3d9caps64.dat
2012-05-04 20:36 - 2012-03-06 02:14 - 0000732 ____A C:\Users\Pepe\Local Settings\Application Data\d3d9caps64.dat
2012-05-04 20:36 - 2012-03-06 02:14 - 0000732 ____A C:\Users\Pepe\AppData\Local\d3d9caps64.dat
2012-05-04 20:34 - 2012-05-03 02:06 - 0000242 ____A C:\Users\Pepe\Desktop\defogger_enable.log
2012-05-04 19:22 - 2009-07-17 02:47 - 1266142 ____A C:\Windows\WindowsUpdate.log
2012-05-02 22:00 - 2012-05-03 01:14 - 0294216 ____A C:\Users\Pepe\Desktop\gmer.zip
2012-05-02 21:59 - 2012-05-03 01:14 - 0302592 ____A C:\Users\Pepe\Desktop\eb4t43xd.exe
2012-05-02 21:55 - 2012-05-03 01:13 - 0050477 ____A C:\Users\Pepe\Desktop\Defogger.exe
2012-04-24 10:56 - 2012-03-27 01:41 - 0000370 ____A C:\rkill.log
2012-04-23 11:21 - 2012-04-23 11:17 - 0000000 ____D C:\Users\Pepe\Desktop\BC LOGS
2012-04-23 10:24 - 2012-04-23 10:11 - 0121596 ____A C:\TDSSKiller.2.7.31.0_23.04.2012_13.11.37_log.txt
2012-04-23 10:09 - 2012-04-23 10:09 - 0000348 ____A C:\TDSSKiller.2.7.23.0_23.04.2012_13.09.32_log.txt
2012-04-23 08:29 - 2012-04-23 08:16 - 0121342 ____A C:\TDSSKiller.2.7.23.0_23.04.2012_11.16.40_log.txt
2012-04-23 06:24 - 2009-10-02 23:23 - 0000574 ____A C:\Users\Pepe\Application Data\wklnhst.dat
2012-04-23 06:24 - 2009-10-02 23:23 - 0000574 ____A C:\Users\Pepe\AppData\Roaming\wklnhst.dat
2012-04-23 06:19 - 2012-04-23 06:21 - 0980480 ____A C:\Users\Pepe\Desktop\MicrosoftFixit50267.msi
2012-04-23 06:18 - 2012-04-23 06:21 - 0013824 ____A C:\Users\Pepe\Desktop\HOSTS back to NORMAL.wps
2012-04-22 16:21 - 2012-04-22 16:21 - 0001591 ____A C:\Users\Pepe\Desktop\aswMBR.txt
2012-04-22 16:21 - 2012-04-22 16:21 - 0000512 ____A C:\Users\Pepe\Desktop\MBR.dat
2012-04-22 16:00 - 2012-04-22 16:02 - 1008141 ____A C:\Users\Pepe\Desktop\rkill.scr
2012-04-22 15:51 - 2012-03-26 18:42 - 0000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-22 15:51 - 2012-03-26 18:42 - 0000950 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-22 15:51 - 2012-03-26 18:42 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-22 15:40 - 2012-04-22 15:40 - 0020963 ____A C:\Users\Pepe\Desktop\Result.txt
2012-04-22 15:22 - 2012-04-22 15:22 - 0293496 ____A C:\Windows\Minidump\Mini042212-01.dmp
2012-04-22 15:22 - 2009-12-22 12:07 - 0000000 ____D C:\Windows\Minidump
2012-04-22 15:21 - 2009-12-22 12:06 - 559712879 ____A C:\Windows\MEMORY.DMP
2012-04-22 12:32 - 2012-04-22 15:27 - 4731392 ____A (AVAST Software) C:\Users\Pepe\Desktop\aswMBR.exe
2012-04-22 12:24 - 2012-04-22 15:27 - 0396041 ____A C:\Users\Pepe\Desktop\MiniToolBox.exe
2012-04-20 16:50 - 2012-04-23 06:21 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\Pepe\Desktop\TDSSKiller.exe
2012-04-18 03:59 - 2012-04-18 03:59 - 0293496 ____A C:\Windows\Minidump\Mini041812-01.dmp
2012-04-14 04:48 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Pepe\Local Settings\SoftThinks
2012-04-14 04:48 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Pepe\Local Settings\Application Data\SoftThinks
2012-04-14 04:48 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Pepe\AppData\Local\SoftThinks
2012-04-14 04:37 - 2009-07-17 07:16 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-04-10 23:48 - 2012-04-10 23:48 - 0293496 ____A C:\Windows\Minidump\Mini041112-02.dmp
2012-04-10 23:47 - 2008-01-20 19:26 - 1881816 ____A C:\Windows\PFRO.log
2012-04-10 23:45 - 2012-04-10 23:45 - 0000000 ____A C:\Windows\Minidump\Mini041112-01.dmp
2012-04-10 05:39 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-10 03:07 - 2012-04-10 03:06 - 0121328 ____A C:\TDSSKiller.2.7.23.0_10.04.2012_06.06.50_log.txt
2012-04-10 02:55 - 2012-04-10 02:55 - 0293496 ____A C:\Windows\Minidump\Mini041012-03.dmp
2012-04-10 02:51 - 2012-04-10 02:51 - 0000000 ____A C:\Windows\Minidump\Mini041012-02.dmp
2012-04-10 02:48 - 2012-04-10 02:48 - 0000000 ____A C:\Windows\Minidump\Mini041012-01.dmp
2012-04-10 00:55 - 2012-04-10 03:00 - 0607260 ____R (Swearware) C:\Users\Pepe\Desktop\dds.scr
2012-04-07 01:24 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Pepe\My Backup Files
2012-04-07 01:21 - 2012-04-07 00:38 - 0000000 ____D C:\Users\Pepe\Desktop\CURRENT Desktop
2012-04-04 12:56 - 2012-03-26 18:42 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 20:03 - 2006-11-02 07:42 - 0032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-30 20:03 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-30 20:01 - 2009-10-01 22:56 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-30 19:59 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-30 19:59 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-30 18:34 - 2012-03-30 18:34 - 0121328 ____A C:\TDSSKiller.2.7.23.0_30.03.2012_21.34.02_log.txt
2012-03-30 17:33 - 2012-03-30 17:32 - 0121328 ____A C:\TDSSKiller.2.7.23.0_30.03.2012_20.32.40_log.txt
2012-03-30 17:14 - 2012-03-30 17:14 - 0293600 ____A C:\Windows\Minidump\Mini033012-01.dmp
2012-03-30 17:08 - 2012-03-30 17:08 - 0121328 ____A C:\TDSSKiller.2.7.23.0_30.03.2012_20.08.23_log.txt
2012-03-28 16:31 - 2009-10-01 22:56 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-28 03:17 - 2012-03-28 03:17 - 0338032 ____A C:\Windows\Minidump\Mini032812-03.dmp
2012-03-28 02:31 - 2012-03-28 02:30 - 0121746 ____A C:\TDSSKiller.2.7.23.0_28.03.2012_05.30.34_log.txt
2012-03-28 02:07 - 2012-03-28 02:05 - 165923488 ____A (Advanced Micro Devices, Inc.) C:\Users\Pepe\Downloads\12-2_vista_win7_64_dd_ccc.exe
2012-03-28 01:50 - 2012-03-19 22:48 - 0000000 ____D C:\Users\Pepe\Downloads\Trick Daddy Presents The bleep That I Live Vol.1
2012-03-28 01:44 - 2012-03-28 01:44 - 0000943 ____A C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
2012-03-28 01:44 - 2012-03-28 01:44 - 0000000 ____D C:\Users\Pepe\Local Settings\Secunia PSI
2012-03-28 01:44 - 2012-03-28 01:44 - 0000000 ____D C:\Users\Pepe\Local Settings\Application Data\Secunia PSI
2012-03-28 01:44 - 2012-03-28 01:44 - 0000000 ____D C:\Users\Pepe\AppData\Local\Secunia PSI
2012-03-28 01:44 - 2012-03-28 01:44 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-03-28 01:40 - 2012-03-28 01:40 - 0001758 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-28 01:40 - 2012-03-28 01:40 - 0001758 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-28 01:40 - 2012-03-28 01:40 - 0000000 ____D C:\Users\Pepe\Application Data\SUPERAntiSpyware.com
2012-03-28 01:40 - 2012-03-28 01:40 - 0000000 ____D C:\Users\Pepe\AppData\Roaming\SUPERAntiSpyware.com
2012-03-28 01:40 - 2012-03-28 01:40 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-28 01:40 - 2012-03-28 01:40 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-03-28 01:40 - 2012-03-28 01:40 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-28 01:40 - 2012-03-28 01:40 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-28 01:35 - 2012-03-28 01:35 - 0319200 ____A C:\Windows\Minidump\Mini032812-02.dmp
2012-03-28 01:04 - 2009-11-11 21:25 - 0000000 ____D C:\Users\Pepe\Local Settings\CrashDumps
2012-03-28 01:04 - 2009-11-11 21:25 - 0000000 ____D C:\Users\Pepe\Local Settings\Application Data\CrashDumps
2012-03-28 01:04 - 2009-11-11 21:25 - 0000000 ____D C:\Users\Pepe\AppData\Local\CrashDumps
2012-03-28 00:00 - 2012-03-28 00:00 - 0299208 ____A C:\Windows\Minidump\Mini032812-01.dmp
2012-03-27 23:31 - 2012-03-27 22:46 - 0002310 ____A C:\Users\Pepe\Desktop\unhide.txt
2012-03-27 21:07 - 2012-03-27 21:06 - 0119918 ____A C:\TDSSKiller.2.7.23.0_28.03.2012_00.06.45_log.txt
2012-03-27 20:54 - 2012-03-27 20:54 - 0119918 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_23.54.15_log.txt
2012-03-27 18:55 - 2012-03-27 18:55 - 0002512 ____A C:\{2653A1DC-3E82-44F9-BBBA-4D349E13668A}
2012-03-27 17:14 - 2012-03-27 17:13 - 0119896 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_20.13.45_log.txt
2012-03-27 14:59 - 2012-03-27 14:54 - 0119918 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_17.54.12_log.txt
2012-03-27 14:59 - 2009-10-06 21:26 - 0007728 ____A C:\Users\Pepe\Local Settings\d3d9caps.dat
2012-03-27 14:59 - 2009-10-06 21:26 - 0007728 ____A C:\Users\Pepe\Local Settings\Application Data\d3d9caps.dat
2012-03-27 14:59 - 2009-10-06 21:26 - 0007728 ____A C:\Users\Pepe\AppData\Local\d3d9caps.dat
2012-03-27 12:55 - 2012-03-27 12:54 - 0119918 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_15.54.48_log.txt
2012-03-27 03:46 - 2012-03-27 03:45 - 0119918 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_06.45.46_log.txt
2012-03-27 03:40 - 2012-03-27 03:36 - 0124574 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_06.36.19_log.txt
2012-03-27 03:38 - 2012-03-27 03:38 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-27 00:00 - 2012-03-26 23:31 - 0120480 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_02.31.58_log.txt
2012-03-26 23:09 - 2012-03-27 01:37 - 1008141 ____A C:\Users\Pepe\Desktop\iExplore.exe
2012-03-26 22:53 - 2012-03-27 22:43 - 0389024 ____A (Bleeping Computer, LLC) C:\Users\Pepe\Desktop\unhide.exe
2012-03-26 18:26 - 2012-03-26 18:26 - 0293496 ____A C:\Windows\Minidump\Mini032612-02.dmp
2012-03-26 17:16 - 2012-03-26 17:16 - 0000000 ____D C:\Users\Pepe\Application Data\Malwarebytes
2012-03-26 17:16 - 2012-03-26 17:16 - 0000000 ____D C:\Users\Pepe\AppData\Roaming\Malwarebytes
2012-03-26 17:16 - 2012-03-26 17:16 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-26 17:16 - 2012-03-26 17:16 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-03-26 17:16 - 2012-03-26 17:16 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-26 15:50 - 2012-03-26 15:50 - 0293496 ____A C:\Windows\Minidump\Mini032612-01.dmp
2012-03-24 16:18 - 2012-03-24 16:18 - 0334952 ____A C:\Windows\Minidump\Mini032412-01.dmp
2012-03-24 15:56 - 2006-11-02 07:27 - 0204807 ____A C:\Windows\setupact.log
2012-03-24 12:01 - 2012-03-24 11:55 - 0000448 ____A C:\Users\All Users\WLbifO5DoBmtk4
2012-03-24 12:01 - 2012-03-24 11:55 - 0000448 ____A C:\Users\All Users\Application Data\WLbifO5DoBmtk4
2012-03-24 12:01 - 2012-03-24 11:55 - 0000448 ____A C:\ProgramData\WLbifO5DoBmtk4
2012-03-24 11:55 - 2012-03-24 11:55 - 0000264 ____A C:\Users\All Users\Application Data\~WLbifO5DoBmtk4
2012-03-24 11:55 - 2012-03-24 11:55 - 0000264 ____A C:\Users\All Users\~WLbifO5DoBmtk4
2012-03-24 11:55 - 2012-03-24 11:55 - 0000264 ____A C:\ProgramData\~WLbifO5DoBmtk4
2012-03-24 11:55 - 2012-03-24 11:55 - 0000176 ____A C:\Users\All Users\Application Data\~WLbifO5DoBmtk4r
2012-03-24 11:55 - 2012-03-24 11:55 - 0000176 ____A C:\Users\All Users\~WLbifO5DoBmtk4r
2012-03-24 11:55 - 2012-03-24 11:55 - 0000176 ____A C:\ProgramData\~WLbifO5DoBmtk4r
2012-03-24 05:27 - 2009-12-29 05:44 - 0000000 ____D C:\Users\Pepe\Application Data\Skype
2012-03-24 05:27 - 2009-12-29 05:44 - 0000000 ____D C:\Users\Pepe\AppData\Roaming\Skype
2012-03-24 05:00 - 2009-12-29 05:47 - 0000000 ____D C:\Users\Pepe\Application Data\skypePM
2012-03-24 05:00 - 2009-12-29 05:47 - 0000000 ____D C:\Users\Pepe\AppData\Roaming\skypePM
2012-03-24 01:10 - 2012-03-24 01:10 - 0000056 ____A C:\Windows\SysWOW64\ezsidmv.dat
2012-03-23 17:24 - 2012-03-23 17:24 - 0524672 ____A C:\Windows\Minidump\Mini032312-01.dmp
2012-03-22 00:56 - 2012-03-22 00:56 - 0000000 ____D C:\Users\Pepe\Local Settings\ElevatedDiagnostics
2012-03-22 00:56 - 2012-03-22 00:56 - 0000000 ____D C:\Users\Pepe\Local Settings\Application Data\ElevatedDiagnostics
2012-03-22 00:56 - 2012-03-22 00:56 - 0000000 ____D C:\Users\Pepe\AppData\Local\ElevatedDiagnostics
2012-03-22 00:21 - 2009-10-05 20:20 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-03-22 00:21 - 2009-10-05 20:20 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
2012-03-22 00:21 - 2009-10-05 20:20 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-03-21 23:33 - 2009-07-17 07:11 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-21 23:19 - 2011-11-03 18:40 - 0000000 ____D C:\Users\Pepe\Local Settings\Application Data\Akamai
2012-03-21 23:19 - 2011-11-03 18:40 - 0000000 ____D C:\Users\Pepe\Local Settings\Akamai
2012-03-21 23:19 - 2011-11-03 18:40 - 0000000 ____D C:\Users\Pepe\AppData\Local\Akamai
2012-03-21 23:13 - 2006-11-02 07:21 - 4847448 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-21 22:56 - 2006-11-02 04:35 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-03-19 23:07 - 2009-11-24 17:40 - 0000000 ____D C:\Program Files (x86)\BitComet
2012-03-17 01:14 - 2012-03-17 00:58 - 82282164 ____A C:\Users\Pepe\Downloads\470770.mp4
2012-03-17 01:09 - 2012-03-17 00:57 - 60319858 ____A C:\Users\Pepe\Downloads\487817.mp4
2012-03-17 01:08 - 2012-03-17 00:53 - 73092444 ____A C:\Users\Pepe\Downloads\1081267.mp4
2012-03-17 01:01 - 2012-03-17 00:52 - 47776794 ____A C:\Users\Pepe\Downloads\842819.mp4
2012-03-17 00:57 - 2012-03-17 00:52 - 23778105 ____A C:\Users\Pepe\Downloads\516673.mp4
2012-03-17 00:46 - 2012-03-17 00:46 - 20343193 ____A C:\Users\Pepe\Downloads\3632.3gp
2012-03-17 00:45 - 2012-03-17 00:45 - 18808411 ____A C:\Users\Pepe\Downloads\3402.3gp
2012-03-17 00:44 - 2012-03-17 00:43 - 40060248 ____A C:\Users\Pepe\Downloads\7696.3gp
2012-03-17 00:41 - 2012-03-17 00:39 - 45136523 ____A C:\Users\Pepe\Downloads\14650.3gp
2012-03-17 00:40 - 2012-03-17 00:40 - 8428301 ____A C:\Users\Pepe\Downloads\20909.3gp
2012-03-17 00:39 - 2012-03-17 00:38 - 24352320 ____A C:\Users\Pepe\Downloads\21982.3gp
2012-03-14 21:57 - 2012-03-14 21:56 - 22723060 ____A C:\Users\Pepe\Downloads\m_d7ab8fb762659c39ba176a0c6d93bdf4.mp4
2012-03-14 21:57 - 2012-03-14 21:51 - 118178693 ____A C:\Users\Pepe\Downloads\m_33139d05ed69c747bf80326d42df201c.mp4
2012-03-14 21:50 - 2012-03-14 21:48 - 41590976 ____A C:\Users\Pepe\Downloads\m_959267f6190b124fcf53fa500ad7b963.mp4
2012-03-12 20:17 - 2012-03-12 20:13 - 0070571 ____A C:\Users\Pepe\Downloads\imagejpeg_3.jpg
2012-03-12 20:17 - 2012-03-12 20:13 - 0065238 ____A C:\Users\Pepe\Downloads\imagejpeg_2paris2.jpg
2012-03-10 00:34 - 2012-03-10 00:34 - 0058894 ____A C:\Users\Pepe\Downloads\PARISimagejpeg_2svd.jpg
2012-03-10 00:32 - 2012-03-10 00:32 - 0000364 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-Pepe-PC-Pepe.job
2012-03-08 04:27 - 2012-03-08 04:26 - 0293600 ____A C:\Windows\Minidump\Mini030812-01.dmp
2012-03-07 23:24 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-07 23:22 - 2012-03-07 23:22 - 0000000 ____D C:\AMD
2012-03-07 23:12 - 2009-07-17 07:07 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-03-07 23:11 - 2012-03-07 23:11 - 0017103 ____A C:\Windows\SysWOW64\CCCInstall_201203080111354758.log
2012-03-07 03:36 - 2012-03-07 03:36 - 0416968 ____A C:\Windows\Minidump\Mini030712-01.dmp
2012-03-06 05:14 - 2009-10-03 02:28 - 0089600 ____A C:\Users\Pepe\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-06 05:14 - 2009-10-03 02:28 - 0089600 ____A C:\Users\Pepe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-06 05:14 - 2009-10-03 02:28 - 0089600 ____A C:\Users\Pepe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-06 03:03 - 2010-01-01 06:21 - 0000032 ____A C:\Windows\SysWOW64\w3data.vss
2012-03-06 03:03 - 2010-01-01 06:21 - 0000032 ____A C:\Windows\SysWOW64\msvcsv60.dll
2012-03-06 03:03 - 2010-01-01 06:21 - 0000032 ____A C:\Windows\msocreg32.dat
2012-03-06 01:53 - 2012-03-06 01:53 - 0295568 ____A C:\Windows\Minidump\Mini030612-02.dmp
2012-03-06 01:08 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-03-06 01:08 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-03-06 01:08 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-03-06 01:08 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-03-06 01:08 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-03-06 01:08 - 2012-03-06 01:08 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-03-06 00:27 - 2012-03-06 00:27 - 0385464 ____A C:\Windows\Minidump\Mini030612-01.dmp
2012-03-02 16:42 - 2012-03-02 16:42 - 0022314 ____A C:\Users\Pepe\Downloads\imagejpeg_2.jpg
2012-02-17 07:12 - 2009-11-24 17:37 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-17 04:59 - 2012-02-17 04:59 - 4506331 ____A C:\Users\Pepe\Downloads\rick ross ft drake french montana - stay schemin.mp3
2012-02-16 02:03 - 2011-05-16 11:12 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-16 01:59 - 2009-07-17 07:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 19:05 - 2012-02-14 19:05 - 16507904 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 0069632 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 0061952 ____A C:\Windows\System32\OVDecode64.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 0059904 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-02-14 19:05 - 2012-02-14 19:05 - 0054784 ____A C:\Windows\SysWOW64\OVDecode.dll
2012-02-14 19:04 - 2012-02-14 19:04 - 13238272 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-02-14 19:03 - 2012-02-14 19:03 - 0054272 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-14 19:03 - 2012-02-14 19:03 - 0048128 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-14 08:49 - 2012-03-21 22:50 - 0327680 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-14 08:49 - 2012-03-21 22:50 - 0196096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-14 07:45 - 2012-03-21 22:50 - 0219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-14 07:45 - 2012-03-21 22:50 - 0160768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0028160 ____A (Microsoft Corporation) A0AB2BB9A92293D9CE66E252719AB5FE

C:\Windows\SysWOW64\userinit.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0025088 ____A (Microsoft Corporation) 0E135526E9785D085BCD9AEDE6FBCBF9

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 6134.07 MB
Available physical RAM: 5574.78 MB
Total Pagefile: 5943.96 MB
Available Pagefile: 5545.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:916.44 GB) (Free:473.29 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
7 Drive j: (GLORIA) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
8 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.78 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 1 Online 1911 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 71 MB 32 KB
Partition 2 Primary 15 GB 71 MB
Partition 3 Primary 916 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 71 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 J GLORIA FAT Removable 1907 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-04 23:28

======================= End Of Log ==========================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:30 PM

Posted 13 May 2012 - 04:20 PM

Clean logs above :). If you want me to say that the system is malware-free then I could probably say that now, to be honest. One more try for any remnants with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#7 jo-prez

jo-prez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:04:30 PM

Posted 13 May 2012 - 05:44 PM

Ok I will do that, and is it ok to do this on safe mode? The only thing protecting me is my firewall right now.

#8 jo-prez

jo-prez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:04:30 PM

Posted 14 May 2012 - 09:31 AM

I went ahead and did the online scan with ESET in safe mode. It looks like it found something!! :clapping: :) Could you please tell me what that malware that ESET found was capable of doing? Do we need to do a more intense scan with other tools to find out more malware? I await for your next instructions m0le, you're great!! :) Here's the log:




C:\$Recycle.Bin\S-1-5-21-3197264084-3694203075-1548587854-1000\$R6DURWK.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Users\Pepe\AppData\Local\Temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BK trojan cleaned by deleting - quarantined
C:\Users\Pepe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\7c7f64ea-2c0e17d5 Java/Exploit.CVE-2012-0507.B trojan deleted - quarantined
C:\Users\Pepe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\2dc8efef-4d8c4cd8 a variant of Java/TrojanDownloader.OpenStream.NCM trojan deleted - quarantined
C:\Users\Pepe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\68a1fab9-4e0ac7bd a variant of Java/Exploit.Agent.NAL trojan cleaned by deleting - quarantined
C:\Users\Pepe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\43801948-443e1bb2 Java/Exploit.CVE-2012-0507.AB trojan deleted - quarantined

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:30 PM

Posted 14 May 2012 - 07:30 PM

1. Win32/Toolbar.Zugo
2. a variant of Win32/HiddenStart.A application
3. a variant of Java/Exploit.CVE-2011-3544.BK trojan
4. Java/Exploit.CVE-2012-0507.B trojan
5. a variant of Java/TrojanDownloader.OpenStream.NCM trojan
6. a variant of Java/Exploit.Agent.NAL trojan
7. Java/Exploit.CVE-2012-0507.AB trojan


Firstly, this is what they are capable of and does not mean that this necessarily happened to you.

1. Installs malware on your machine and sends email address list for spamming. Also flashes false error warnings which encourage you to download more malware masquerading as a security program

2. Riskware. In other words, a legitimate program but with qualities which malware writers would find useful

3 and 4. This exploits vulnerabilities in Java and this one allows downloads onto your system of executable malicious files.

5. A trojan which, as the name suggest, also downloads malware onto your system

6. A different variant but the same type of malware as 3 and 4

7. Same as the answer to 6


It is also useful to know that 4-7 are only copies of malware which Java has cached. Not dangerous as such.

Having seen the variety of crud on your machine I think we should now run two more tools and see if anything else exists. Also once we're done you must remind me to update your Java version and remove any old ones. That will certainly help.

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#10 jo-prez

jo-prez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:04:30 PM

Posted 15 May 2012 - 10:26 AM

Hello again,

Malwarebytes didn't found anything but SuperAntiSpayware Free Editing did, here is the log below. You also mention to remind you to update my Java version and remove any old ones. Let me know what's next, thank you!



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/15/2012 at 09:20 AM

Application Version : 5.0.1148

Core Rules Database Version : 8595
Trace Rules Database Version: 6407

Scan type : Complete Scan
Total Scan Time : 00:49:49

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 310
Memory threats detected : 0
Registry items scanned : 65679
Registry threats detected : 0
File items scanned : 78747
File threats detected : 4

Adware.Tracking Cookie
C:\Users\Pepe\AppData\Roaming\Microsoft\Windows\Cookies\Z13N7PD3.txt [ /collective-media.net ]
C:\Users\Pepe\AppData\Roaming\Microsoft\Windows\Cookies\X7I87XQG.txt [ /ads.bleepingcomputer.com ]
C:\USERS\PEPE\Cookies\Z13N7PD3.txt [ Cookie:pepe@collective-media.net/ ]

PUP.CNETInstaller
C:\USERS\PEPE\DESKTOP\CNET_DRIVERSWEEPER_3_2_0_EXE.EXE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:30 PM

Posted 15 May 2012 - 06:28 PM

Yes, the SAS log looks clean - cookies and something which is flagged as suspect but isn't. Yes, Java...

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Jdk 6 Update 31 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Please tell me how the machine is now.
Posted Image
m0le is a proud member of UNITE

#12 jo-prez

jo-prez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:04:30 PM

Posted 16 May 2012 - 01:14 PM

Hello m0le,

Before anything let me update you with something I did regarding my atikmpag.sys BSOD error. I used Driver Sweeper to uninstall all the remainder drivers related to my AMD/ATI graphics card. I rebooted into normal mode and I was able to finally log in with no BSOD!! :thumbup2:

My computer finally got all the updates from everything using Secunia PSI. I didn't had to download the Java version from the link you gave me because Java prompt me with an update and I belive the latest version now is Jdk 6 Update 32 and thats the one I have installed on my PC now. I also went ahead and uninstalled all the old versions like you told me to do it.

My computer is doing good except I noticed some weird behavior when trying to "check for service" on my Norton Security Suite. It tries to connect to connect to its servers but I get this message: "No response received from Symantec server". Then it gives me an option to check my proxy settings but I don't know much about all that. I did some research on this problem and Norton mentions on their website something about my DNS settings have been probably changed. I'm thinking here maybe the fake virus that first hit me weeks ago probably messed something up. I'm going to reinstall Norton Security Suite and see if that helps solve the problem.

I also noticed some fishy behavior when I was visiting a website, I would be browsing and out of no where my browser started re-directing itself to a blank page and on the adress bar I would only see this: "http:///" but thats it. It did it like twice on the same page. Do you think I still have malware? or do you think that fake virus I had weeks ago did some damage to other stuff?

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:30 PM

Posted 16 May 2012 - 05:54 PM

Not malware, more likely leftover problems. Let's try resetting

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List Winsock Entries
  • List devices
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Posted Image
m0le is a proud member of UNITE

#14 jo-prez

jo-prez
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:04:30 PM

Posted 17 May 2012 - 10:03 AM

Hi again, here's the Minitoolbox log:





MiniToolBox by Farbar Version: 18-01-2012
Ran by Pepe (administrator) on 17-05-2012 at 09:16:14
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Pepe-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-AE-E7-08-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::156f:1c4d:67f1:ae95%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, May 16, 2012 7:49:58 PM
Lease Expires . . . . . . . . . . : Friday, May 18, 2012 7:49:58 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251667374
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-F2-0F-4B-00-23-AE-E7-08-7A
DNS Servers . . . . . . . . . . . : 4.2.2.2
4.2.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E15948E1-A5B2-47BE-A27E-871C216C8DDC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4c9:469:3f57:febc(Preferred)
Link-local IPv6 Address . . . . . : fe80::4c9:469:3f57:febc%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

Name: google.com
Addresses: 74.125.225.38
74.125.225.39
74.125.225.40
74.125.225.41
74.125.225.46
74.125.225.32
74.125.225.33
74.125.225.34
74.125.225.35
74.125.225.36
74.125.225.37



Pinging google.com [74.125.225.37] with 32 bytes of data:

Reply from 74.125.225.37: bytes=32 time=12ms TTL=55

Reply from 74.125.225.37: bytes=32 time=13ms TTL=55



Ping statistics for 74.125.225.37:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 13ms, Average = 12ms

Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=258ms TTL=49

Reply from 98.139.183.24: bytes=32 time=285ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 258ms, Maximum = 285ms, Average = 271ms

Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 23 ae e7 08 7a ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{E15948E1-A5B2-47BE-A27E-871C216C8DDC}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.67 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.67 276
192.168.1.67 255.255.255.255 On-link 192.168.1.67 276
192.168.1.255 255.255.255.255 On-link 192.168.1.67 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.67 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.67 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:4c9:469:3f57:febc/128
On-link
11 276 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::4c9:469:3f57:febc/128
On-link
11 276 fe80::156f:1c4d:67f1:ae95/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/17/2012 09:01:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 08:00:50 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 07:27:52 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 07:17:31 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 07:07:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 06:48:06 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2680317)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/17/2012 06:48:06 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (05/17/2012 06:48:06 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (05/17/2012 06:45:13 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 06:23:53 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2680317)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (05/17/2012 08:02:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070050Hotfix for Windows (KB947821){0844882E-A858-49E8-8932-811DE7B59236}501

Error: (05/17/2012 08:02:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070050Hotfix for Windows (KB947821){0844882E-A858-49E8-8932-811DE7B59236}501

Error: (05/17/2012 07:51:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x800706beHotfix for Windows (KB947821){0844882E-A858-49E8-8932-811DE7B59236}501

Error: (05/17/2012 06:48:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070643Security Update for Microsoft Works 9 (KB2680317){A89539BB-5D77-471B-AE05-8BC8082D6A50}101

Error: (05/17/2012 06:24:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070643Security Update for Microsoft Works 9 (KB2680317){A89539BB-5D77-471B-AE05-8BC8082D6A50}101

Error: (05/17/2012 03:02:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070643Security Update for Microsoft Works 9 (KB2680317){A89539BB-5D77-471B-AE05-8BC8082D6A50}101

Error: (05/17/2012 02:26:34 AM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (05/16/2012 07:15:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070643Security Update for Microsoft Works 9 (KB2680317){A89539BB-5D77-471B-AE05-8BC8082D6A50}101

Error: (05/16/2012 03:03:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070643Security Update for Microsoft Works 9 (KB2680317){A89539BB-5D77-471B-AE05-8BC8082D6A50}101

Error: (05/16/2012 02:08:07 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (05/17/2012 09:01:03 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 08:00:50 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 07:27:52 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 07:17:31 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 07:07:03 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 06:48:06 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft WorksSecurity Update for Microsoft Works 9 (KB2680317)1603(NULL)(NULL)

Error: (05/17/2012 06:48:06 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)

Error: (05/17/2012 06:48:06 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)

Error: (05/17/2012 06:45:13 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/17/2012 06:23:53 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft WorksSecurity Update for Microsoft Works 9 (KB2680317)1603(NULL)(NULL)


========================= Devices: ================================

Name: ATI Radeon HD 4800 Series
Description: ATI Radeon HD 4800 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 6134.07 MB
Available physical RAM: 3122.12 MB
Total Pagefile: 12451.66 MB
Available Pagefile: 9987.12 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.5 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:916.44 GB) (Free:468.47 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.78 GB) NTFS

========================= Users: ========================================

User accounts for \\PEPE-PC

Administrator Guest Pepe

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini030612-01.dmp
C:\Windows\Minidump\Mini030612-02.dmp
C:\Windows\Minidump\Mini030712-01.dmp
C:\Windows\Minidump\Mini030812-01.dmp
C:\Windows\Minidump\Mini032312-01.dmp
C:\Windows\Minidump\Mini032412-01.dmp
C:\Windows\Minidump\Mini032612-01.dmp
C:\Windows\Minidump\Mini032612-02.dmp
C:\Windows\Minidump\Mini032812-01.dmp
C:\Windows\Minidump\Mini032812-02.dmp
C:\Windows\Minidump\Mini032812-03.dmp
C:\Windows\Minidump\Mini033012-01.dmp
C:\Windows\Minidump\Mini041012-01.dmp
C:\Windows\Minidump\Mini041012-02.dmp
C:\Windows\Minidump\Mini041012-03.dmp
C:\Windows\Minidump\Mini041112-01.dmp
C:\Windows\Minidump\Mini041112-02.dmp
C:\Windows\Minidump\Mini041812-01.dmp
C:\Windows\Minidump\Mini042212-01.dmp
C:\Windows\Minidump\Mini051412-01.dmp
C:\Windows\Minidump\Mini051612-01.dmp
C:\Windows\Minidump\Mini051612-02.dmp
C:\Windows\Minidump\Mini082210-01.dmp
C:\Windows\Minidump\Mini110611-01.dmp
C:\Windows\Minidump\Mini110811-01.dmp
C:\Windows\Minidump\Mini110811-02.dmp
C:\Windows\Minidump\Mini111210-01.dmp
C:\Windows\Minidump\Mini121110-01.dmp
C:\Windows\Minidump\Mini122209-01.dmp

**** End of log ****



I wanted to mention some new behaviors that my computer has being doing.

1) while being online I've gotten 3 different error messages from Adobe Flash Player

a)TypeError: Error #1010: A term is undefined and has no properties.
at Centex_EXP_300x250_Bnr_012811_r1_fla::MainTimeline/loadRegion()
at Centex_EXP_300x250_Bnr_012811_r1_fla::MainTimeline/onRegionLoaded()
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at flash.net::URLLoader/onComplete()

b)TypeError: Error #1009: Cannot access a property or method of a null object reference.
at LibraryInstanceBlur/frame1()
at flash.display::MovieClip/gotoAndPlay()
at LibraryInstanceBlur/byeStar1()

c)SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller http://cdn.statics.live.spongecell.com/zappos/2012/zappos_direct/Q2/may/dedicated_dansko_realmedia/v4o/bin/RectangleGrid.swf?r=471829978 cannot access <unknown>.
at flash.external::ExternalInterface$/_evalJS()
at flash.external::ExternalInterface$/call()
at MethodInfo-92()
at flash.utils::Timer/_timerDispatch()
at flash.utils::Timer/tick()

I don't know what those errors mean but I just wanted to mention them here, but according to my IE it fixed those problems. Hopefully it's true. But the last behavior I wanted to mention is that my last Windows Update doesn't want to install even if I try to do it manually by going to the Microsoft page to download and then try to install it. I also noticed that when I'm about to shutdown my computer, the "sleep" mode menu option is dimmed out and I can't use it. Do you have any thoughts on all this?

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:30 PM

Posted 17 May 2012 - 05:35 PM

Now I can see that the update service is failing and we have a report which allows me to link to Microsoft's troubleshooter for this issue.

http://support.microsoft.com/kb/2328240


There is also something strange here

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Can you load Bleeping Computer on the machine?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users