Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page PC infected-Please help
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
LinkBack Thread Tools
Old 04-25-2009, 05:15 PM   #1 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 4
OS: XP


PC infected-Please help
ComboFix 09-04-25.03 - ramroumma 04/24/2009 23:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.567 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Antivirus BitDefender *On-access scanning enabled* (Outdated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Pare-feu BitDefender *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Temp\CF17661.exe
c:\documents and settings\Administrator\Local Settings\Temp\CF18043.exe
c:\documents and settings\Administrator\Local Settings\Temp\CF4354.exe
c:\documents and settings\Administrator\Local Settings\Temp\CF4893.exe
c:\documents and settings\Administrator\Local Settings\Temp\Perflib_Perfdata__755.dat
c:\windows\system32\drivers\gxvxcwljebuhtarrnlmpafkkyocskkylatvgd.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcxevttjnjdxgqroyrxddmdjborsdfuhwe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-25 03:45 . 2009-04-25 03:45 850 ----a-w c:\windows\system32\ProductTweaks.xml
2009-04-25 03:45 . 2009-04-25 03:45 385 ----a-w c:\windows\system32\user_gensett.xml
2009-04-25 03:25 . 2009-04-25 03:50 121 ----a-w c:\windows\bdagent.INI
2009-04-25 01:39 . 2009-04-25 01:39 -------- d-s---w c:\documents and settings\Administrator\UserData
2009-04-25 01:34 . 2009-04-25 01:37 -------- d-----w c:\windows\BDOSCAN8
2009-04-25 01:17 . 2009-04-25 01:17 -------- d-----w c:\documents and settings\Administrator\Application Data\Bitdefender
2009-04-25 01:12 . 2009-04-25 01:12 -------- d-----w c:\documents and settings\ramroumma\Application Data\BitDefender
2009-04-25 01:11 . 2009-04-25 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-04-23 05:16 . 2009-04-23 05:16 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-23 03:26 . 2009-04-23 03:26 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-04-23 03:24 . 2009-04-23 03:24 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-04-23 03:01 . 2008-06-19 23:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-17 20:58 . 2009-04-17 20:58 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-17 05:35 . 2009-04-17 05:35 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-16 17:41 . 2008-04-14 07:15 26112 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-04-16 17:41 . 2008-04-14 07:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-04-16 02:05 . 2002-06-07 01:13 1077344 ----a-w c:\windows\system32\MSCOMCTL.OCX
2009-04-16 02:05 . 2000-08-21 18:22 1388544 ----a-w c:\windows\system32\msvbvm60.dll
2009-04-16 02:05 . 1998-06-18 07:00 89360 ----a-w c:\windows\system32\VB5DB.DLL
2009-04-15 20:32 . 2001-08-18 05:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-15 20:32 . 2008-04-14 12:42 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-15 20:32 . 2008-04-14 07:15 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-15 20:32 . 2008-04-14 07:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-15 20:08 . 2009-04-15 20:08 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-15 20:08 . 2009-04-15 20:08 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-15 13:24 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 13:24 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 13:24 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 13:24 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 13:24 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 13:24 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 13:24 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 13:24 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 13:24 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 13:23 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 13:23 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 13:23 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 16:20 . 2009-04-16 02:19 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-12 15:12 . 2009-04-15 17:56 -------- d-----w c:\documents and settings\ramroumma\Application Data\TeamViewer
2009-04-12 15:10 . 2009-04-12 15:10 -------- d-----w c:\documents and settings\ramroumma\temp
2009-04-12 07:58 . 2009-04-12 07:58 -------- d-----w c:\documents and settings\ramroumma\Local Settings\Application Data\tjnet
2009-04-10 11:34 . 2009-04-10 11:34 -------- d-----w c:\windows\system32\KB905474
2009-04-10 11:34 . 2009-03-11 05:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-10 11:34 . 2009-03-11 05:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-10 11:34 . 2009-02-10 01:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-08 20:00 . 2009-04-09 19:48 -------- d-----w c:\documents and settings\ramroumma\Application Data\mjusbsp
2009-04-08 20:00 . 2008-04-14 07:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-08 15:26 . 2009-04-08 15:26 -------- d-----w c:\documents and settings\ramroumma\Local Settings\Application Data\Identities
2009-04-07 15:37 . 2009-04-07 15:37 0 ----a-w c:\windows\nsreg.dat
2009-04-07 15:36 . 2009-04-07 15:36 -------- d-----w c:\documents and settings\ramroumma\Local Settings\Application Data\Mozilla
2009-04-07 03:29 . 2009-04-18 19:26 116 ----a-w c:\windows\NeroDigital.ini
2009-04-07 03:24 . 2009-04-07 03:24 -------- d-----w c:\documents and settings\ramroumma\Application Data\AVS4YOU
2009-04-07 03:24 . 2009-04-07 03:24 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-07 03:01 . 2009-04-07 03:01 -------- d-----w c:\windows\system32\drivers\umdf
2009-04-07 02:58 . 2009-01-29 03:49 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-04-07 02:58 . 2009-01-29 03:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-04-07 01:55 . 2009-04-07 01:55 -------- d-----w c:\documents and settings\ramroumma\Local Settings\Application Data\Ahead
2009-04-05 13:08 . 2008-04-14 07:17 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-05 13:08 . 2008-04-14 07:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-05 02:58 . 2004-03-03 01:37 125184 ------w c:\windows\system32\drivers\imagesrv.sys
2009-04-05 02:58 . 2004-03-03 01:37 5504 ------w c:\windows\system32\drivers\imagedrv.sys
2009-04-05 02:58 . 2000-06-26 19:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-04-05 02:58 . 2004-07-27 01:16 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-04-05 02:58 . 2004-07-27 01:16 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-04-05 02:58 . 2004-07-27 01:16 262144 ------w c:\windows\system32\ImagXR7.dll
2009-04-05 02:58 . 2004-07-27 01:16 1568768 ------w c:\windows\system32\ImagX7.dll
2009-04-05 02:58 . 2001-07-09 19:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-04-05 02:27 . 2009-04-05 02:38 -------- d-----w c:\documents and settings\ramroumma\Local Settings\Application Data\Adobe
2009-04-05 02:27 . 2009-04-05 02:51 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-05 02:19 . 2009-04-05 02:19 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-05 02:19 . 2009-04-05 02:19 -------- d-----w c:\documents and settings\ramroumma\Local Settings\Application Data\Apple
2009-04-05 02:18 . 2009-04-05 02:18 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-05 02:18 . 2009-04-05 02:18 -------- d-----w c:\documents and settings\ramroumma\Local Settings\Application Data\Apple Computer
2009-04-05 02:13 . 2009-04-18 19:24 175 ----a-w c:\windows\cdplayer.ini
2009-04-04 17:26 . 2009-04-04 17:26 -------- d-s---w c:\documents and settings\ramroumma\UserData
2009-04-04 13:25 . 2009-04-04 13:25 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-04 13:25 . 2009-04-25 02:14 -------- d-----w c:\documents and settings\ramroumma\Application Data\skypePM
2009-04-04 11:03 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-04 11:03 . 2009-02-20 08:11 3068416 -c----w c:\windows\system32\dllcache\mshtml.dll
2009-04-04 11:03 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-04 11:03 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-04 11:03 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-04-04 11:03 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-04 11:03 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-04 11:03 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-04 11:03 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-04 11:03 . 2009-02-08 02:02 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-04 11:02 . 2009-02-20 08:10 666112 -c----w c:\windows\system32\dllcache\wininet.dll
2009-04-04 11:02 . 2009-02-20 08:10 619520 -c----w c:\windows\system32\dllcache\urlmon.dll
2009-04-04 11:02 . 2009-03-02 23:04 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll
2009-04-04 11:02 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-04 11:00 . 2009-04-16 10:01 -------- d--h--w c:\windows\$hf_mig$
2009-04-04 10:57 . 2009-04-25 03:51 -------- d-----w c:\documents and settings\ramroumma\Application Data\Skype
2009-04-04 10:56 . 2009-04-04 10:56 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-04 10:45 . 2008-12-05 06:54 144896 -c----w c:\windows\system32\dllcache\schannel.dll
2009-04-04 10:44 . 2008-04-14 13:42 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-04 06:18 . 2005-12-19 17:08 69632 ----a-w c:\windows\system32\bcmwlpkt.dll
2009-04-04 06:18 . 2005-12-19 17:08 33664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS
2009-04-04 06:18 . 2006-08-17 16:55 44544 ----a-r c:\windows\system32\drivers\bcm4sbxp.sys
2009-04-04 06:18 . 2005-12-19 17:08 3096576 ----a-w c:\windows\system32\BCMWLCPL.CPL
2009-04-04 06:18 . 2005-12-19 17:08 757760 ----a-w c:\windows\system32\bcm1xsup.dll
2009-04-04 06:18 . 2005-12-19 17:08 44032 ----a-w c:\windows\system32\wltrynt.dll
2009-04-04 06:18 . 2005-12-19 17:08 18944 ----a-w c:\windows\system32\WLTRYSVC.EXE
2009-04-04 06:18 . 2005-12-19 17:08 1347584 ----a-w c:\windows\system32\WLTRAY.EXE
2009-04-04 06:18 . 2005-12-19 17:08 86016 ----a-w c:\windows\system32\preflib.dll
2009-04-04 06:18 . 2005-12-19 17:08 2129920 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL
2009-04-04 06:18 . 2005-12-19 17:08 253952 ----a-w c:\windows\system32\bcmwlu00.exe
2009-04-04 06:18 . 2005-12-19 17:08 1200128 ----a-w c:\windows\system32\BCMWLTRY.EXE
2009-04-04 06:17 . 2009-04-04 02:32 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-04 06:17 . 2005-07-15 02:58 28544 ----a-w c:\windows\system32\drivers\rimmptsk.sys
2009-04-04 06:16 . 2006-09-14 02:41 3456 ----a-w c:\windows\system32\drivers\atiide.sys
2009-04-04 06:16 . 2009-04-04 06:16 -------- d-----w C:\dell
2009-04-04 06:16 . 2009-04-04 06:16 -------- d-----w c:\windows\system32\vmm32
2009-04-04 06:15 . 2009-04-04 06:15 0 ----a-w c:\windows\VPC32.INI
2009-04-04 06:14 . 2009-04-04 06:14 -------- d-----w c:\documents and settings\ramroumma\Local Settings\Application Data\Symantec
2009-04-04 06:14 . 2009-04-04 06:14 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-04 06:14 . 2009-04-04 06:14 8014 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-04 06:14 . 2009-04-04 06:14 48768 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-04 06:14 . 2009-04-04 06:14 110952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-04 06:14 . 2009-04-04 06:14 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-04 06:13 . 2009-04-04 02:48 13104 ----a-w c:\documents and settings\ramroumma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 06:10 . 2009-04-04 06:10 -------- d-s---w c:\windows\system32\Microsoft
2009-04-04 05:59 . 2009-04-07 03:01 316640 ----a-w c:\windows\WMSysPr9.prx
2009-04-04 05:59 . 2008-04-14 13:42 53248 ------w c:\windows\system32\vbicodec.ax
2009-04-04 05:59 . 2008-04-14 13:42 239616 ------w c:\windows\system32\wstrenderer.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 06:17 . 2009-04-04 12:17 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-25 06:10 . 2009-04-04 06:13 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-25 01:23 . 2009-04-03 19:40 90112 ----a-w c:\windows\DUMP71d4.tmp
2009-04-25 01:12 . 2009-04-25 01:11 -------- d-----w c:\program files\BitDefender
2009-04-25 01:12 . 2009-04-25 01:09 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-23 02:55 . 2009-04-23 02:55 -------- d-----w c:\program files\Panda Security
2009-04-19 20:23 . 2009-04-04 06:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 20:22 . 2009-04-04 11:00 -------- d-----w c:\program files\Common Files\LogiShrd
2009-04-19 20:22 . 2009-04-04 02:38 -------- d-----w c:\program files\Logitech
2009-04-19 20:20 . 2009-04-04 10:56 -------- d-----w c:\program files\Google
2009-04-17 05:47 . 2009-04-15 20:06 -------- d-----w c:\program files\CardRecovery
2009-04-12 16:21 . 2009-04-12 16:21 -------- d-----w c:\program files\GetData
2009-04-12 15:12 . 2009-04-12 15:12 -------- d-----w c:\program files\TeamViewer
2009-04-07 05:13 . 2009-04-07 03:01 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-07 05:13 . 2009-04-07 02:58 -------- d-----w c:\program files\AVS4YOU
2009-04-07 05:10 . 2009-04-07 05:10 -------- d-----w c:\program files\Movie Rotator
2009-04-05 13:08 . 2009-04-05 13:08 -------- d-----w c:\program files\MSXML 4.0
2009-04-05 02:58 . 2009-04-05 02:58 -------- d-----w c:\program files\Ahead
2009-04-05 02:58 . 2009-04-05 02:58 -------- d-----w c:\program files\Common Files\Ahead
2009-04-05 02:51 . 2009-04-05 02:27 -------- d-----w c:\program files\NOS
2009-04-05 02:35 . 2009-04-05 02:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-05 02:34 . 2009-04-05 02:32 -------- d-----w c:\program files\Common Files\Adobe
2009-04-05 02:19 . 2009-04-05 02:19 -------- d-----w c:\program files\QuickTime
2009-04-05 02:18 . 2009-04-05 02:18 -------- d-----w c:\program files\Apple Software Update
2009-04-05 02:13 . 2009-04-05 02:13 -------- d-----w c:\program files\Common Files\xing shared
2009-04-05 02:12 . 2009-04-05 02:12 -------- d-----w c:\program files\Common Files\Real
2009-04-05 02:12 . 2009-04-05 02:12 -------- d-----w c:\program files\Real
2009-04-04 11:01 . 2009-04-04 11:01 -------- d-----w c:\program files\Common Files\Logitech
2009-04-04 10:56 . 2009-04-04 10:56 -------- d-----w c:\program files\Skype
2009-04-04 10:56 . 2009-04-04 10:56 -------- d-----w c:\program files\Common Files\Skype
2009-04-04 06:18 . 2009-04-04 06:18 -------- d-----w c:\program files\Broadcom
2009-04-04 06:17 . 2009-04-04 06:17 -------- d-----w c:\program files\DIFX
2009-04-04 06:15 . 2009-04-04 06:13 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-04 06:14 . 2009-04-04 06:14 -------- d-----w c:\program files\Symantec
2009-04-04 04:00 . 2009-04-04 04:00 -------- d-----w c:\program files\microsoft frontpage
2009-04-04 04:00 . 2009-04-04 04:00 558142 ----a-w c:\windows\java\Packages\135ZXBLN.ZIP
2009-04-04 04:00 . 2009-04-04 04:00 2678 ----a-w c:\windows\java\Packages\Data\XNXZV3LR.DAT
2009-04-04 04:00 . 2009-04-04 04:00 2678 ----a-w c:\windows\java\Packages\Data\4YIKD7B9.DAT
2009-04-04 04:00 . 2009-04-04 04:00 155995 ----a-w c:\windows\java\Packages\E3B1FZLB.ZIP
2009-04-04 04:00 . 2009-04-04 04:00 2678 ----a-w c:\windows\java\Packages\Data\PRZ7BN97.DAT
2009-04-04 04:00 . 2009-04-04 04:00 2678 ----a-w c:\windows\java\Packages\Data\MKAC0UAU.DAT
2009-04-04 04:00 . 2009-04-04 04:00 2678 ----a-w c:\windows\java\Packages\Data\7PZNHF1R.DAT
2009-04-04 03:57 . 2009-04-04 03:57 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-04 03:14 . 2009-04-04 03:59 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-04 03:03 . 2002-08-29 12:00 250048 --sha-r C:\ntldr
2009-04-04 02:49 . 2009-04-04 02:49 -------- d-----w c:\program files\CONEXANT
2009-04-04 02:35 . 2009-04-04 02:35 132 ----a-w c:\documents and settings\ramroumma\Local Settings\Application Data\fusioncache.dat
2009-04-04 02:35 . 2009-04-04 02:35 -------- d-----w c:\documents and settings\ramroumma\Application Data\ATI
2009-04-04 02:35 . 2009-04-04 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-04 02:34 . 2009-04-04 02:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-04 02:34 . 2009-04-04 02:34 -------- d-----w c:\program files\Java
2009-04-04 02:34 . 2009-04-04 02:34 5 ----a-w c:\windows\system32\drivers\DELL_INS_1501.MRK
2009-04-04 02:34 . 2009-04-04 02:34 5 ----a-w c:\windows\system32\drivers\1028_DELL_INS_1501.MRK
2009-04-04 02:33 . 2009-04-04 02:33 -------- d-----w c:\program files\Common Files\Java
2009-04-04 02:32 . 2009-04-04 02:32 -------- d-----w c:\program files\Synaptics
2009-04-04 02:32 . 2009-04-04 02:32 -------- d-----w c:\program files\AMD
2009-04-04 02:29 . 2009-04-04 02:26 -------- d-----w c:\program files\ATI Technologies
2009-04-04 02:27 . 2009-04-04 02:27 -------- d-----w c:\program files\SigmaTel
2009-04-04 02:26 . 2009-04-04 06:16 -------- d-----w c:\program files\Dell
2009-04-04 02:19 . 2009-04-04 06:16 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-06 14:22 . 2002-08-29 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2002-08-29 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2009-04-04 05:58 81920 ------w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2002-08-29 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2002-08-29 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2002-08-29 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2002-08-29 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2002-08-29 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2002-08-29 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2002-08-29 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2002-08-29 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2002-08-29 01:04 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2002-08-29 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-03-06 01:2009-04-25 02:14 08:04 . c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"cdloader"="c:\documents and settings\ramroumma\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-24 1032192]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-05 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\ramroumma\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-21 172032]
R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 SavRoam;SavRoam; [x]
S0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2006-09-14 3456]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-07 82696]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab43a05f-2459-11de-a496-0015c5cace13}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\phone\command - E:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-04-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 05:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-vptray - c:\progra~1\SYMANT~1\VPTray.exe
HKLM-Run-BDAgent - c:\program files\BitDefender\BitDefender 2009\bdagent.exe
HKLM-Run-BitDefender Antiphishing Helper - c:\program files\BitDefender\BitDefender 2009\IEShow.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mmu27orh.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 23:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1364)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-04-25 23:22
ComboFix-quarantined-files.txt 2009-04-25 06:22

Pre-Run: 55,170,756,608 bytes free
Post-Run: 57,563,398,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

322 --- E O F --- 2009-04-19 03:36
coucoucbm is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-25-2009, 05:16 PM   #2 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 4
OS: XP


Re: PC infected-Please help
this is the log generated by DDS, please help me to remove this infection.

DDS LOG

DDS (Ver_09-03-16.01) - NTFSx86
Run by ramroumma at 8:52:56.07 on Sat 04/25/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.279 [GMT -7:00]

AV: Antivirus BitDefender *On-access scanning enabled* (Outdated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Pare-feu BitDefender *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ramroumma\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cdloader] "c:\documents and settings\ramroumma\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ramrou~1\applic~1\mozilla\firefox\profiles\ev4rsjo2.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2009-4-3 3456]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-22 28544]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-24 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\naveng.sy s [2009-4-24 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\navex15 .sys [2009-4-24 876144]
S2 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\rtvscan.exe" --> c:\program files\symantec antivirus\Rtvscan.exe [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]

=============== Created Last 30 ================

2009-04-24 23:14 <DIR> a-dshr-- C:\cmdcons
2009-04-24 23:13 161,792 a------- c:\windows\SWREG.exe
2009-04-24 23:13 98,816 a------- c:\windows\sed.exe
2009-04-24 23:13 <DIR> --d----- C:\ComboFix
2009-04-24 20:45 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-24 20:45 385 a------- c:\windows\system32\user_gensett.xml
2009-04-24 20:25 121 a------- c:\windows\bdagent.INI
2009-04-24 18:12 <DIR> --d----- c:\docume~1\ramrou~1\applic~1\BitDefender
2009-04-24 18:11 <DIR> --d----- c:\program files\BitDefender
2009-04-24 18:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-04-24 18:09 <DIR> --d----- c:\program files\common files\BitDefender
2009-04-22 20:01 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-22 19:55 <DIR> --d----- c:\program files\Panda Security
2009-04-19 13:22 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-16 10:41 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
2009-04-16 10:41 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-04-15 19:05 1,388,544 a------- c:\windows\system32\msvbvm60.dll
2009-04-15 19:05 1,077,344 a------- c:\windows\system32\MSCOMCTL.OCX
2009-04-15 19:05 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-04-15 13:32 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-15 13:32 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-15 13:32 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-15 13:32 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-15 13:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-15 13:08 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-15 13:06 <DIR> --d----- c:\program files\CardRecovery
2009-04-15 06:23 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 06:23 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 06:23 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-12 09:21 <DIR> --d----- c:\program files\GetData
2009-04-12 08:12 <DIR> --d----- c:\docume~1\ramrou~1\applic~1\TeamViewer
2009-04-12 08:12 <DIR> --d----- c:\program files\TeamViewer
2009-04-12 08:10 <DIR> --d----- c:\documents and settings\ramroumma\temp
2009-04-10 04:34 <DIR> --d----- c:\windows\system32\KB905474
2009-04-08 13:00 <DIR> --d----- c:\docume~1\ramrou~1\applic~1\mjusbsp
2009-04-08 13:00 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-04-06 22:10 <DIR> --d----- c:\program files\Movie Rotator
2009-04-06 20:29 116 a------- c:\windows\NeroDigital.ini
2009-04-06 20:24 <DIR> --d----- c:\docume~1\ramrou~1\applic~1\AVS4YOU
2009-04-06 20:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-04-06 20:01 <DIR> --d----- c:\program files\common files\AVSMedia
2009-04-06 19:58 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-04-06 19:58 24,576 a------- c:\windows\system32\msxml3a.dll
2009-04-06 19:58 <DIR> --d----- c:\program files\AVS4YOU
2009-04-05 06:08 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-05 06:08 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-05 06:08 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-04 19:58 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-04-04 19:58 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-04-04 19:58 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-04-04 19:58 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-04-04 19:58 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-04-04 19:58 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-04-04 19:58 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-04-04 19:58 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-04-04 19:13 175 a------- c:\windows\cdplayer.ini
2009-04-04 19:13 <DIR> --d----- c:\program files\common files\xing shared
2009-04-04 19:12 <DIR> --d----- c:\program files\common files\Real
2009-04-04 10:26 <DIR> --ds---- c:\documents and settings\ramroumma\UserData
2009-04-04 06:25 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-04-04 04:03 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-04 04:02 666,112 -c------ c:\windows\system32\dllcache\wininet.dll
2009-04-04 04:02 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-04-04 04:02 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-04-04 04:02 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-04 04:01 <DIR> --d----- c:\program files\common files\Logitech
2009-04-04 04:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-04 04:00 <DIR> --d-h--- c:\windows\$hf_mig$
2009-04-04 03:56 <DIR> --d----- c:\program files\Skype
2009-04-04 03:45 144,896 -c------ c:\windows\system32\dllcache\schannel.dll
2009-04-04 03:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-03 23:18 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-04-03 23:18 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-04-03 23:18 44,544 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-04-03 23:18 3,096,576 a------- c:\windows\system32\BCMWLCPL.CPL
2009-04-03 23:18 757,760 a------- c:\windows\system32\bcm1xsup.dll
2009-04-03 23:18 1,347,584 a------- c:\windows\system32\WLTRAY.EXE
2009-04-03 23:18 44,032 a------- c:\windows\system32\wltrynt.dll
2009-04-03 23:18 18,944 a------- c:\windows\system32\WLTRYSVC.EXE
2009-04-03 23:18 2,129,920 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-04-03 23:18 86,016 a------- c:\windows\system32\preflib.dll
2009-04-03 23:18 <DIR> --d----- c:\program files\Broadcom
2009-04-03 23:18 1,200,128 a------- c:\windows\system32\BCMWLTRY.EXE
2009-04-03 23:18 253,952 a------- c:\windows\system32\bcmwlu00.exe
2009-04-03 23:17 28,544 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-04-03 23:16 3,456 a------- c:\windows\system32\drivers\atiide.sys
2009-04-03 23:16 <DIR> --d----- C:\dell
2009-04-03 23:16 <DIR> --d----- c:\windows\system32\vmm32
2009-04-03 23:16 <DIR> --d----- c:\program files\Dell
2009-04-03 23:15 0 a------- c:\windows\VPC32.INI
2009-04-03 23:14 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-03 23:14 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-03 23:14 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-03 23:14 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-03 23:14 <DIR> --d----- c:\windows\RegisteredPackages
2009-04-03 23:14 <DIR> --d----- c:\program files\Symantec
2009-04-03 23:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-04-03 23:13 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-03 23:13 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-03 23:10 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-03 22:59 316,640 a------- c:\windows\WMSysPr9.prx
2009-04-03 22:59 239,616 -------- c:\windows\system32\wstrenderer.ax
2009-04-03 22:59 164,352 -------- c:\windows\system32\wstpager.ax
2009-04-03 22:59 53,248 -------- c:\windows\system32\vbicodec.ax
2009-04-03 22:59 46,592 -------- c:\windows\system32\drivers\irbus.sys
2009-04-03 22:59 9,728 -------- c:\windows\system32\comsdupd.exe
2009-04-03 22:57 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-03 22:55 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-04-03 22:53 19,528 a------- c:\windows\002258_.tmp
2009-04-03 22:53 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-04-03 22:53 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-03 22:51 <DIR> --d----- c:\windows\EHome
2009-04-03 21:15 <DIR> --dsh--- c:\windows\Installer
2009-04-03 21:15 <DIR> --d----- c:\documents and settings\ramroumma
2009-04-03 21:03 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-03 21:01 5,632 ac------ c:\windows\system32\dllcache\kbdinhin.dll
2009-04-03 21:00 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-04-03 20:59 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-03 20:59 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-04-03 20:59 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-04-03 20:59 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-04-03 20:59 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-04-03 20:59 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-04-03 20:58 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-03 20:56 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-03 20:56 <DIR> --d----- c:\program files\Online Services
2009-04-03 20:56 <DIR> --d----- c:\program files\Messenger
2009-04-03 20:56 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-03 20:55 <DIR> --d----- c:\program files\Windows NT
2009-04-03 19:49 <DIR> --d----- c:\program files\CONEXANT
2009-04-03 19:34 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-03 19:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-03 19:32 <DIR> --d----- c:\program files\Synaptics
2009-04-03 19:32 <DIR> --d----- c:\program files\AMD
2009-04-03 19:27 <DIR> --d----- c:\program files\SigmaTel
2009-04-03 19:26 <DIR> --d----- c:\program files\ATI Technologies
2009-04-03 12:47 <DIR> --d----- c:\program files\common files\ODBC
2009-04-03 12:47 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-03 12:47 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-25 08:19 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-04-24 18:23 90,112 a------- c:\windows\DUMP71d4.tmp
2009-04-03 21:00 558,142 a------- c:\windows\java\packages\135ZXBLN.ZIP
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\XNXZV3LR.DAT
2009-04-03 21:00 155,995 a------- c:\windows\java\packages\E3B1FZLB.ZIP
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\4YIKD7B9.DAT
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\PRZ7BN97.DAT
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\MKAC0UAU.DAT
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\7PZNHF1R.DAT
2009-04-03 20:57 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-03 20:14 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-03 19:34 5 a------- c:\windows\system32\drivers\DELL_INS_1501.MRK
2009-04-03 19:34 5 a------- c:\windows\system32\drivers\1028_DELL_INS_1501.MRK
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 01:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 -------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 8:53:19.64 ===============



Attach Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/3/2009 9:02:50 PM
System Uptime: 4/25/2009 5:37:22 AM (3 hours ago)

Motherboard: Dell Inc. | | Inspiron 1501
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1596/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 53.416 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AMD Processor Driver
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BitDefender Total Security 2009
Broadcom 440x 10/100 Integrated Controller
CardRecovery 5.20
Conexant HDA D110 MDC V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 6
LiveUpdate 3.1 (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech Video Enumerator
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Movie Rotator 1.2
Mozilla Firefox (3.0.9)
MSXML 4.0 SP2 (KB954430)
MVision
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Panda ActiveScan 2.0
QuickSet
QuickTime
RealPlayer
Recover My Files
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SigmaTel Audio
Skype™ 3.8
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
TeamViewer 4
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Media Format 11 runtime
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

4/24/2009 944 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 940 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 940 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 940 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/24/2009 938 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 8:55:45 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 8:55:37 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 8:50:16 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 ee1ade67, parameter3 ba781428, parameter4 00000000.
4/24/2009 7:12:39 PM, error: AmdK8 [2] - The Acpi 2.0 _PCT object returned an invalid value of 3
4/24/2009 6:42:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/24/2009 6:41:19 PM, error: SRService [104] - The System Restore initialization process failed.
4/24/2009 6:41:19 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
4/24/2009 6:25:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 APPDRV eeCtrl Fips pavboot SAVRT SAVRTPEL SPBBCDrv SYMTDI
4/24/2009 6:17:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 APPDRV eeCtrl Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip
4/24/2009 6:17:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2009 6:17:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2009 6:17:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2009 6:17:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2009 6:17:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/24/2009 4:36:12 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 ee45be67, parameter3 f793198c, parameter4 f7931688.
4/24/2009 4:35:40 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eddc9e67, parameter3 ba6caeec, parameter4 00000000.
4/24/2009 4:35:31 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eddc9e67, parameter3 eb22f668, parameter4 00000000.
4/24/2009 4:35:28 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eddc9e67, parameter3 f7043668, parameter4 00000000.
4/24/2009 4:35:26 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 edc18e67, parameter3 eb6d5eec, parameter4 00000000.
4/24/2009 4:35:13 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 edc18e67, parameter3 ee9ed368, parameter4 00000000.
4/24/2009 11:18:14 PM, error: Service Control Manager [7000] - The BitDefender Virus Shield service failed to start due to the following error: The system cannot find the file specified.
4/24/2009 11:05:08 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
4/22/2009 8:25:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 APPDRV eeCtrl Fips SAVRT SAVRTPEL SPBBCDrv SYMTDI
4/22/2009 8:24:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/22/2009 8:24:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/22/2009 7:12:41 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 ed8a7e67, parameter3 bab713fc, parameter4 00000000.
4/22/2009 4:14:21 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 edbe7e67, parameter3 f697c368, parameter4 00000000.
4/22/2009 10:40:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
4/20/2009 10:10:16 AM, error: Service Control Manager [7000] - The Process Monitor service failed to start due to the following error: The system cannot find the file specified.
4/18/2009 6:20:52 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

==== End Of File ===========================
coucoucbm is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:00 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85