Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC will not allow Windows Update


  • Please log in to reply
39 replies to this topic

#1 GavintheGreat

GavintheGreat

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 09:15 AM

running windows XP - I have noticed funny results from search engines - PC will not allow microsoft update - I have rebooted in safe mode , ran rkill/malewarebytes/superantispyware but still can not get microsoft update to work

Edited by hamluis, 08 July 2012 - 10:52 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:53 PM

Posted 08 July 2012 - 12:03 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 01:25 PM

Results of security check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.2.202.235
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#4 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 01:28 PM

Farbar Services log:
Farbar Service Scanner Version: 08-07-2012
Ran by Owner (administrator) on 08-07-2012 at 14:27:42
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#5 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 01:32 PM

Minitoolbox results:
MiniToolBox by Farbar Version: 25-06-2012
Ran by Owner (administrator) on 08-07-2012 at 14:31:32
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dell-5150

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.ma.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-12-3F-AE-8F-B9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Sunday, July 08, 2012 7:50:50 AM

Lease Expires . . . . . . . . . . : Sunday, July 15, 2012 7:50:50 AM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.43.32, 173.194.43.34, 173.194.43.41, 173.194.43.33
173.194.43.46, 173.194.43.37, 173.194.43.36, 173.194.43.39, 173.194.43.38
173.194.43.35, 173.194.43.40



Pinging google.com [173.194.43.36] with 32 bytes of data:



Reply from 173.194.43.36: bytes=32 time=18ms TTL=55

Reply from 173.194.43.36: bytes=32 time=16ms TTL=55



Ping statistics for 173.194.43.36:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 18ms, Average = 17ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=67ms TTL=49

Reply from 209.191.122.70: bytes=32 time=68ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 67ms, Maximum = 68ms, Average = 67ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f ae 8f b9 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.102 192.168.0.102 20
192.168.0.0 255.255.255.0 192.168.0.102 192.168.0.102 20
192.168.0.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.102 192.168.0.102 20
224.0.0.0 240.0.0.0 192.168.0.102 192.168.0.102 20
255.255.255.255 255.255.255.255 192.168.0.102 192.168.0.102 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/08/2012 07:54:36 AM) (Source: Application Error) (User: )
Description: Faulting application sttray.exe, version 1.0.5607.0, faulting module unknown, version 0.0.0.0, fault address 0x00000004.
Processing media-specific event for [sttray.exe!ws!]

Error: (07/08/2012 07:51:43 AM) (Source: STacSV) (User: NT AUTHORITY)NT AUTHORITY
Description: Connection to the Storage interface failed

Error: (07/07/2012 09:19:55 PM) (Source: Application Error) (User: )
Description: Faulting application sttray.exe, version 1.0.5607.0, faulting module unknown, version 0.0.0.0, fault address 0x00000004.
Processing media-specific event for [sttray.exe!ws!]

Error: (07/07/2012 09:13:58 PM) (Source: STacSV) (User: NT AUTHORITY)NT AUTHORITY
Description: Connection to the Storage interface failed

Error: (07/06/2012 05:28:18 PM) (Source: Application Error) (User: )
Description: Faulting application sttray.exe, version 1.0.5607.0, faulting module unknown, version 0.0.0.0, fault address 0x00000004.
Processing media-specific event for [sttray.exe!ws!]

Error: (07/06/2012 05:23:00 PM) (Source: STacSV) (User: NT AUTHORITY)NT AUTHORITY
Description: Connection to the Storage interface failed

Error: (07/06/2012 00:27:08 PM) (Source: Application Error) (User: )
Description: Faulting application sttray.exe, version 1.0.5607.0, faulting module unknown, version 0.0.0.0, fault address 0x00000004.
Processing media-specific event for [sttray.exe!ws!]

Error: (07/06/2012 00:25:10 PM) (Source: STacSV) (User: NT AUTHORITY)NT AUTHORITY
Description: Connection to the Storage interface failed

Error: (07/06/2012 11:06:58 AM) (Source: Application Error) (User: )
Description: Faulting application sttray.exe, version 1.0.5607.0, faulting module unknown, version 0.0.0.0, fault address 0x00000004.
Processing media-specific event for [sttray.exe!ws!]

Error: (07/06/2012 11:05:12 AM) (Source: STacSV) (User: NT AUTHORITY)NT AUTHORITY
Description: Connection to the Storage interface failed


System errors:
=============
Error: (07/08/2012 09:51:04 AM) (Source: DCOM) (User: DELL-5150)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/08/2012 09:50:34 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2149896199

Error: (07/08/2012 09:50:27 AM) (Source: DCOM) (User: DELL-5150)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/08/2012 09:49:58 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2149896199

Error: (07/08/2012 09:47:07 AM) (Source: DCOM) (User: DELL-5150)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/08/2012 09:46:38 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2149896199

Error: (07/08/2012 07:52:52 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2149896199

Error: (07/07/2012 10:35:40 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.

Error: (07/07/2012 09:10:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/07/2012 09:09:39 PM) (Source: DCOM) (User: DELL-5150)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Microsoft Office Sessions:
=========================
Error: (01/11/2011 01:23:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1539 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

8 Queens
Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 2.5.1.17730)
Adobe Download Assistant (Version: 1.0.5)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AIM for Windows
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5183)
ATI Display Driver (Version: 8.23-060209a1-030546C-Dell)
Baldur's Gate
Bonjour (Version: 3.0.0.10)
Browntech Image Plugin 2.02 (Version: 2.02.0000)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.6.0.12)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.2.7)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities RemoteCapture DC (Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CBLight 2009 (Version: 2009)
CCScore (Version: 8.02.0000.0001)
Championship Chess
CutePDF Writer 2.8
Dell Driver Download Manager (Version: 1.1.0.0)
Dell ResourceCD
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.03.0000.0001)
ESScore (Version: 8.03.0000.0001)
ESSgui (Version: 8.03.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
Fast Browser Search (My Web Tattoo) (Version: 2.0)
Google Chrome (Version: 20.0.1132.47)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.111)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Kodak EasyShare software
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark S300-S400 Series
Lexmark Toolbar (Version: 4.13.37.0)
Lexmark Tools for Office (Version: 1.29.0.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Mplayer.com
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
netbrdg (Version: 7.01.0000.0001)
Norton Security Scan (Version: 3.0.1.8)
Norton Security Suite (Version: 4.4.0.12)
OfotoXMI (Version: 8.03.0000.0001)
PC Tools Registry Mechanic 11.0 (Version: 11.0)
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Power Challenge Game Plugin
PowerDVD (Version: 8.1)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Risk® (Version: 32.0.0.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
RuntimeLibsVC05 (Version: 1.2.0)
Safari (Version: 5.34.50.0)
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
SigmaTel Audio (Version: 5.10.4600.0)
skin0001 (Version: 8.02.0000.0001)
SKINXSDK (Version: 8.02.0000.0001)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 8.02.0000.0001)
SUPERAntiSpyware (Version: 5.0.1144)
swMSM (Version: 12.0.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VPRINTOL (Version: 8.02.0000.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 8.02.0000.0001)
Wizard101 (Version: 1.0.0)
Wizard101 Test (Version: 1.0.0)

========================= Devices: ================================

Name: RADEON X300 SE 128MB HyperMemory Secondary
Description: RADEON X300 SE 128MB HyperMemory Secondary
Class Guid: TI Technologies Inc.
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 75%
Total physical RAM: 3710.07 MB
Available physical RAM: 900.67 MB
Total Pagefile: 5081.23 MB
Available Pagefile: 2407.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.62 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.22 GB) (Free:33.95 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0


**** End of log ****

#6 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 02:05 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DELL-5150 [administrator]

7/8/2012 2:40:01 PM
mbam-log-2012-07-08 (14-40-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269650
Time elapsed: 23 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 08:06 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 15:07:17
-----------------------------
15:07:17.500 OS Version: Windows 5.1.2600 Service Pack 3
15:07:17.500 Number of processors: 2 586 0x403
15:07:17.500 ComputerName: DELL-5150 UserName: Owner
15:07:18.218 Initialize success
15:09:17.718 AVAST engine defs: 12070801
15:09:37.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:09:37.187 Disk 0 Vendor: ST380013AS 8.12 Size: 76293MB BusType: 3
15:09:37.187 Device \Driver\atapi -> DriverStartIo 8b3802e2
15:09:37.187 Disk 0 MBR read successfully
15:09:37.187 Disk 0 MBR scan
15:09:37.250 Disk 0 unknown MBR code
15:09:37.250 Disk 0 MBR hidden
15:09:37.250 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
15:09:37.265 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 72927 MB offset 112455
15:09:37.296 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3302 MB offset 149468760
15:09:37.312 Disk 0 scanning sectors +156232125
15:09:37.359 Disk 0 scanning C:\WINDOWS\system32\drivers
15:09:54.531 Service scanning
15:10:15.890 Modules scanning
15:10:25.250 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
15:10:26.203 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
15:10:26.203 Disk 0 trace - called modules:
15:10:26.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b3804b1]<<
15:10:26.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b568ab8]
15:10:26.203 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8b3ed6f8]
15:10:26.203 \Driver\atapi[0x8b4a7680] -> IRP_MJ_CREATE -> 0x8b3804b1
15:10:26.515 AVAST engine scan C:\WINDOWS
15:10:38.875 AVAST engine scan C:\WINDOWS\system32
15:14:10.328 AVAST engine scan C:\WINDOWS\system32\drivers
15:14:25.265 AVAST engine scan C:\Documents and Settings\Owner
15:25:24.171 AVAST engine scan C:\Documents and Settings\All Users
15:31:04.140 Scan finished successfully
21:05:29.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:05:29.046 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:53 PM

Posted 08 July 2012 - 08:15 PM

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\System32\drivers\dxgthk.sys
- C:\WINDOWS\system32\ntdll.dll
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 08:54 PM

ntdll.dll

× Cookies are disabled! This site requires cookies to be enabled to work properly
CommunityStatisticsDocumentationFAQAboutJoin our community
Sign in


Analysis completed.
SHA256: 54df909101aaec63234a5c33b51d6689fef58b943942bffa9606864f43ec1085
SHA1: 66e2618e7aaf0b59e44aea5431893f3a765bb87b
MD5: f8f0d25ca553e39dde485d8fc7fcce89
File size: 701.5 KB ( 718336 bytes )
File name: ntdll.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-07-09 01:50:49 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120708
AntiVir - 20120708
Antiy-AVL - 20120709
Avast - 20120708
AVG - 20120708
BitDefender - 20120709
ByteHero - 20120704
CAT-QuickHeal - 20120708
ClamAV - 20120709
Commtouch - 20120709
Comodo - 20120708
DrWeb - 20120709
Emsisoft - 20120709
eSafe - 20120708
F-Prot - 20120709
F-Secure - 20120708
Fortinet - 20120707
GData - 20120709
Ikarus - 20120709
Jiangmin - 20120708
K7AntiVirus - 20120706
Kaspersky - 20120708
McAfee - 20120709
McAfee-GW-Edition - 20120708
Microsoft - 20120709
NOD32 - 20120708
Norman - 20120708
nProtect - 20120709
Panda - 20120708
PCTools - 20120709
Rising - 20120706
Sophos - 20120709
SUPERAntiSpyware - 20120708
Symantec - 20120709
TheHacker - 20120708
TotalDefense - 20120707
TrendMicro - 20120709
TrendMicro-HouseCall - 20120708
VBA32 - 20120706
VIPRE - 20120709
ViRobot - 20120708
VirusBuster - 20120708

Comments
Votes
Additional information
No comments

#10 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 08:57 PM

SHA256: c36486504c3a596fdca487143f6d3b43c0bee01321f6f1f3071976556533c419
SHA1: 6f9f663cdfbc2592eab4c43fee359effd37d60f2
MD5: a73f5d6705b1d820c19b18782e176efd
File size: 3.3 KB ( 3328 bytes )
File name: dxgthk.sys
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-07-09 01:55:27 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120708
AntiVir - 20120708
Antiy-AVL - 20120709
Avast - 20120708
AVG - 20120708
BitDefender - 20120709
ByteHero - 20120704
CAT-QuickHeal - 20120708
ClamAV - 20120709
Commtouch - 20120709
Comodo - 20120708
DrWeb - 20120709
Emsisoft - 20120709
eSafe - 20120708
F-Prot - 20120709
F-Secure - 20120708
Fortinet - 20120707
GData - 20120709
Ikarus - 20120709
Jiangmin - 20120708
K7AntiVirus - 20120706
Kaspersky - 20120708
McAfee - 20120709
McAfee-GW-Edition - 20120708
Microsoft - 20120709
NOD32 - 20120708
Norman - 20120708
nProtect - 20120709
Panda - 20120708
PCTools - 20120709
Rising - 20120706
Sophos - 20120709
SUPERAntiSpyware - 20120708
Symantec - 20120709
TheHacker - 20120708
TotalDefense - 20120707
TrendMicro - 20120709
TrendMicro-HouseCall - 20120708
VBA32 - 20120706
VIPRE - 20120709
ViRobot - 20120708
VirusBuster - 20120708

Comments
Votes
Additional information
No comments

Tagged automatically
#goodware
Posted 5 months ago by tigzy
#goodware
Posted 8 months ago by angel1973

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:53 PM

Posted 08 July 2012 - 09:01 PM

So far I don't see anything malicious but you definitely have some crucial services disabled.
Is this a result of some past infection or you're still infected?
Let's run couple more checks.

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

======================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 09:06 PM

SHA256: c36486504c3a596fdca487143f6d3b43c0bee01321f6f1f3071976556533c419
SHA1: 6f9f663cdfbc2592eab4c43fee359effd37d60f2
MD5: a73f5d6705b1d820c19b18782e176efd
File size: 3.3 KB ( 3328 bytes )
File name: dxgthk.sys
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-07-09 01:55:27 UTC ( 0 minutes ago )

00More details
Antivirus Result Update
AhnLab-V3 - 20120708
AntiVir - 20120708
Antiy-AVL - 20120709
Avast - 20120708
AVG - 20120708
BitDefender - 20120709
ByteHero - 20120704
CAT-QuickHeal - 20120708
ClamAV - 20120709
Commtouch - 20120709
Comodo - 20120708
DrWeb - 20120709
Emsisoft - 20120709
eSafe - 20120708
F-Prot - 20120709
F-Secure - 20120708
Fortinet - 20120707
GData - 20120709
Ikarus - 20120709
Jiangmin - 20120708
K7AntiVirus - 20120706
Kaspersky - 20120708
McAfee - 20120709
McAfee-GW-Edition - 20120708
Microsoft - 20120709
NOD32 - 20120708
Norman - 20120708
nProtect - 20120709
Panda - 20120708
PCTools - 20120709
Rising - 20120706
Sophos - 20120709
SUPERAntiSpyware - 20120708
Symantec - 20120709
TheHacker - 20120708
TotalDefense - 20120707
TrendMicro - 20120709
TrendMicro-HouseCall - 20120708
VBA32 - 20120706
VIPRE - 20120709
ViRobot - 20120708
VirusBuster - 20120708

Comments
Votes
Additional information
No comments

Tagged automatically
#goodware
Posted 5 months ago by tigzy
#goodware
Posted 8 months ago by angel1973

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:53 PM

Posted 08 July 2012 - 09:25 PM

Go ahead with my previous reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 GavintheGreat

GavintheGreat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 08 July 2012 - 09:39 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-08 22:35:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST380013AS rev.8.12
Running: dzknxbd4gamer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kftcypob.sys


---- System - GMER 1.0.15 ----

SSDT 8AF4C050 ZwAlertResumeThread
SSDT 8A87A050 ZwAlertThread
SSDT 8B356268 ZwAllocateVirtualMemory
SSDT 8AF4A050 ZwAssignProcessToJobObject
SSDT 8B4587D8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6F43210]
SSDT 8A7228C0 ZwCreateMutant
SSDT 8A7223A8 ZwCreateSymbolicLinkObject
SSDT 8B45DCB8 ZwCreateThread
SSDT 8A878050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6F43490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6F439F0]
SSDT 8B470D28 ZwDuplicateObject
SSDT 8B08CD38 ZwFreeVirtualMemory
SSDT 8A936050 ZwImpersonateAnonymousToken
SSDT 8AF8D050 ZwImpersonateThread
SSDT 8B500C98 ZwLoadDriver
SSDT 8B08CC58 ZwMapViewOfSection
SSDT 8A879050 ZwOpenEvent
SSDT 8B348F78 ZwOpenProcess
SSDT 8AF31050 ZwOpenProcessToken
SSDT 8AF8C050 ZwOpenSection
SSDT 8B3F3C60 ZwOpenThread
SSDT 8A722478 ZwProtectVirtualMemory
SSDT 8A937050 ZwResumeThread
SSDT 8AF53050 ZwSetContextThread
SSDT 8AF2F308 ZwSetInformationProcess
SSDT 8A935050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6F43C40]
SSDT 8AF4B050 ZwSuspendProcess
SSDT 8AF51050 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6D28640]
SSDT 8AF52050 ZwTerminateThread
SSDT 8AF54050 ZwUnmapViewOfSection
SSDT 8B4F3F08 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3984
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A42DC
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A432B
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A438B
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A43B2
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1140] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 001A43EA
.text C:\WINDOWS\System32\svchost.exe[1140] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A43B8
.text C:\WINDOWS\System32\svchost.exe[1140] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A4278
.text C:\WINDOWS\system32\SearchIndexer.exe[2016] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\program files\real\realplayer\update\realsched.exe[2444] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8B0332E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8B0332E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8B0332E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8B0332E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8B0332E2

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B27E4D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore@DisableSR \t 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:53 PM

Posted 08 July 2012 - 09:56 PM

Bootkit Remover?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users