Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page problem with infections, rootkits
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 10-06-2009, 01:43 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


problem with infections, rootkits
Cannot get computer to stop detecting infections.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:15 AM, on 10/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {8228f484-3783-497f-81e6-54056e27f875} - c:\windows\system32\zenatosi.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6180 bytes


GMER 1.0.15.15125 - http://www.gmer.net
Rootkit quick scan 2009-10-06 00:22:45
Windows 5.1.2600 Service Pack 3
Running: tske70dl.exe; Driver: C:\DOCUME~1\XXXXAD~1\LOCALS~1\Temp\fgloapoc.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF7346C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7346FF6]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 871D2940
Device \FileSystem\Fastfat \Fat 8674A7C0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/06 00:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000063
Image Path: \Driver\00000063
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF72FB000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xECAAE000 Size: 19008 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEC445000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF72B3000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: atksgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xB8724000 Size: 272384 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xEFC32000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF0363000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7922000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF1069000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF67F1000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7552000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7542000 Size: 36352 File Visible: - Signed: -
Status: -

Name: DLABOIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Address: 0xF2975000 Size: 25568 File Visible: - Signed: -
Status: -

Name: DLACDBHM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Address: 0xF0367000 Size: 5568 File Visible: - Signed: -
Status: -

Name: DLADResN.SYS
Image Path: C:\WINDOWS\System32\DLA\DLADResN.SYS
Address: 0xF7B59000 Size: 2432 File Visible: - Signed: -
Status: -

Name: DLAIFS_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0xB87EA000 Size: 86464 File Visible: - Signed: -
Status: -

Name: DLAOPIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Address: 0xF59CB000 Size: 14624 File Visible: - Signed: -
Status: -

Name: DLAPoolM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Address: 0xF7A6E000 Size: 6304 File Visible: - Signed: -
Status: -

Name: DLARTL_N.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Address: 0xECB50000 Size: 22624 File Visible: - Signed: -
Status: -

Name: DLAUDF_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Address: 0xB87BC000 Size: 86976 File Visible: - Signed: -
Status: -

Name: DLAUDFAM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Address: 0xB87D2000 Size: 94272 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xED0B1000 Size: 61440 File Visible: - Signed: -
Status: -

Name: DRVMCDB.SYS
Image Path: DRVMCDB.SYS
Address: 0xF7196000 Size: 87104 File Visible: - Signed: -
Status: -

Name: DRVNDDM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Address: 0xF76C2000 Size: 38304 File Visible: - Signed: -
Status: -

Name: dtscsi.sys
Image Path: C:\WINDOWS\System32\Drivers\dtscsi.sys
Address: 0xF4F7E000 Size: 303104 File Visible: - Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xEC2D5000 Size: 872448 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xED3B6000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF0499000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xF51E9000 Size: 176128 File Visible: - Signed: -
Status: -

Name: enodpl.sys
Image Path: C:\WINDOWS\System32\drivers\enodpl.sys
Address: 0xEF91D000 Size: 7552 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB7393000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF78E2000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xEC934000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xECB60000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF71BE000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF0365000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF72CB000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF78EA000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF5214000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF1079000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xECB48000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xEF796000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF4FC8000 Size: 680704 File Visible: - Signed: -
Status: -

Name: HSF_DP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xF506F000 Size: 1042432 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xF5191000 Size: 212224 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB8197000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xED3A6000 Size: 8576 File Visible: - Signed: -
Status: -

Name: iastor.sys
Image Path: iastor.sys
Address: 0xF71DE000 Size: 872064 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF6801000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF6811000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xEC467000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xEC50E000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7512000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF28A0000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xEF68D000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A12000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB7311000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF516E000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF717F000 Size: 92928 File Visible: - Signed: -
Status: -

Name: lirsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xEC7C0000 Size: 18560 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xF703E000 Size: 11840 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF0361000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF78DA000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xEF669000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF2898000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xEF792000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7522000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB878F000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xEC3AA000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xECB38000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF0422000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xEFE39000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF70AB000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF70C5000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xEFE49000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xF2581000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xEF8CA000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xEFBD2000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xECC81000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xEC48D000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xECB30000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF70F2000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xECBD6000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000 Size: 5844992 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xF5250000 Size: 7741664 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF779A000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF72EA000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7ADA000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7792000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xEC958000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xEF869000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF28B0000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7562000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xECD65000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF0452000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF0442000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF0432000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF28A8000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xEC41A000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF035F000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF67E1000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB80AA000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCDEmu.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Address: 0xECB28000 Size: 24800 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xEFB06000 Size: 98304 File Visible: - Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xF28FB000 Size: 40960 File Visible: - Signed: -
Status: -

Name: sptd.sys
Image Path: sptd.sys
Address: 0xF7341000 Size: 851968 File Visible: - Signed: -
Status: -

Name: SPTD2765.SYS
Image Path: C:\WINDOWS\System32\Drivers\SPTD2765.SYS
Address: 0xF7329000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF71AC000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB86AA000 Size: 333952 File Visible: - Signed: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xEC97C000 Size: 1013216 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A4E000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB856A000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tandpl.sys
Image Path: C:\WINDOWS\System32\drivers\tandpl.sys
Address: 0xEF6A7000 Size: 4736 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xEC4B5000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF28C0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF2A05000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xEF7B6000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF036D000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF78D2000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xECED5000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF51C5000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF0D9E000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78CA000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xECB40000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF523C000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7532000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xECC71000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF0DA6000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB84B5000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7A14000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -



Malwarebytes' Anti-Malware 1.41
Database version: 2912
Windows 5.1.2600 Service Pack 3

10/5/2009 9:17:01 PM
mbam-log-2009-10-05 (21-16-53).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 269797
Time elapsed: 1 hour(s), 14 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MSN Gaming Zone\Windows\bckg.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022170.sys (Worm.Agent) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022216.exe (Trojan.Banker) -> No action taken.
C:\WINDOWS\ServicePackFiles\i386\lang\voicesub.dll (Spyware.Zbot) -> No action taken.
C:\WINDOWS\system32\ufat.dll (Spyware.Zbot) -> No action taken.
C:\WINDOWS\system32\dllcache\bckg.dll (Spyware.Zbot) -> No action taken.
C:\WINDOWS\system32\dllcache\ufat.dll (Spyware.Zbot) -> No action taken.


Malwarebytes' Anti-Malware 1.41
Database version: 2912
Windows 5.1.2600 Service Pack 3

10/5/2009 10:34:35 PM
mbam-log-2009-10-05 (22-34-35).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 269741
Time elapsed: 1 hour(s), 13 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MSN Gaming Zone\Windows\bckg.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022227.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022221.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022223.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022224.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022225.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022226.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022228.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022229.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022236.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022237.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022238.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022239.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022240.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022241.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022242.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022243.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufat.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\bckg.dll (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\ufat.dll (Spyware.Zbot) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.41
Database version: 2912
Windows 5.1.2600 Service Pack 3

10/6/2009 12:15:28 AM
mbam-log-2009-10-06 (00-15-25).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 269785
Time elapsed: 1 hour(s), 14 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MSN Gaming Zone\Windows\bckg.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022247.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022248.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022249.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP100\A0022250.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0022257.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0022258.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0022259.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0022260.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0022261.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0022262.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0022263.dll (Spyware.Zbot) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0022264.dll (Spyware.Zbot) -> No action taken.
C:\WINDOWS\system32\ufat.dll (Spyware.Zbot) -> No action taken.
C:\WINDOWS\system32\dllcache\bckg.dll (Spyware.Zbot) -> No action taken.
C:\WINDOWS\system32\dllcache\ufat.dll (Spyware.Zbot) -> No action taken.




Need help. Succesive scans of mbam after restart continue to detect items. RootRepeal gave me a PE error, but scanned anyway. Do not have access to a boot CD, but have an additional computer with ability to burn CDs/DVDs if it is commercially available.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-11-2009, 10:32 PM   #2 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Persisant infection present on restart
I was successful in running mbam when an infection prevented it from installing, but now I have a persistent infection that is continually present after restarting. During a startup the error messages

Error loading kemepiga.dll
The specified module could not be found



DDS (Ver_09-10-12.01) - NTFSx86
Run by X at 21:15:03.59 on Sun 10/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.693 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\x\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=1607
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {590680af-b07c-4708-9675-f73bf67da164} - bulimane.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [nobipipisa] Rundll32.exe "kemepiga.dll",s
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: avgrsstarter - avgrsstx.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: dozipujen - {80682536-d220-4433-91d5-59fe0b4eb8f2} - c:\windows\system32\vosegusa.dll
STS: gahurihor: {8228f484-3783-497f-81e6-54056e27f875} - c:\windows\system32\zenatosi.dll
STS: jugezatag: {80682536-d220-4433-91d5-59fe0b4eb8f2} - c:\windows\system32\vosegusa.dll
LSA: Notification Packages = scecli sazuduwe.dll kemepiga.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owenad~1\applic~1\mozilla\firefox\profiles\y3bblt0q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=ign
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\x\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\x\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-4-17 61526]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 o1394bul;o1394bul;\??\c:\docume~1\owenad~1\locals~1\temp\o1394bul.sys --> c:\docume~1\owenad~1\locals~1\temp\o1394bul.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-3 24652]
S4 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2007-10-14 53307]

=============== Created Last 30 ================

2009-10-11 17:02 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 17:02 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-11 02:14 2,098 ---sh--- c:\windows\system32\muvetuvo.exe
2009-10-09 22:38 4,252 ---sh--- c:\windows\system32\wavowibi.exe
2009-10-09 02:41 <DIR> --d----- C:\Programmi
2009-10-08 19:44 389,120 a------- c:\windows\system32\CF6038.exe
2009-10-08 19:44 <DIR> --d----- C:\ComboFix
2009-10-08 19:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 13:57 <DIR> --d----- c:\docume~1\owenad~1\applic~1\AVG8
2009-10-06 00:35 <DIR> --d----- c:\program files\Trend Micro
2009-10-03 15:34 <DIR> --d----- c:\program files\MSECache
2009-09-29 23:49 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-09-29 15:10 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-09-29 01:40 0 a------- c:\windows\EEventManager.INI
2009-09-25 15:34 <DIR> --d----- c:\program files\EpsonNet
2009-09-25 15:34 <DIR> --d----- c:\program files\common files\EPSON
2009-09-25 15:33 <DIR> --d----- c:\program files\Epson Software
2009-09-25 15:33 93,696 a------- c:\windows\system32\E_FLBFIA.DLL
2009-09-25 15:33 79,360 a------- c:\windows\system32\E_FD4BFIA.DLL
2009-09-25 15:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-09-25 15:32 342,016 a------- c:\windows\system32\eswiaud.dll
2009-09-25 15:32 9,216 a------- c:\windows\system32\escdev.dll
2009-09-25 15:32 <DIR> --d----- c:\program files\epson
2009-09-25 15:31 60 a------- c:\windows\EPNX510.ini
2009-09-22 22:17 <DIR> --d----- c:\program files\iPod
2009-09-22 22:17 <DIR> --d----- c:\program files\iTunes
2009-09-20 13:28 <DIR> --d----- c:\program files\Paradox Interactive
2009-09-15 22:29 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-15 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-09-29 16:12 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-09-14 02:12 229,888 a------- c:\windows\PEV.exe
2009-09-07 13:10 3,558 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-13 08:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 02:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 09:05 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 09:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-14 14:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 14:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-07-14 11:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 11:54 7,741,664 a------- c:\windows\system32\dllcache\nv4_mini.sys
2009-07-14 11:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 11:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 11:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 11:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 11:54 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-07-14 11:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 10:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 10:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 10:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 10:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 10:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 10:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 10:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 10:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 10:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 10:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 10:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 10:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 10:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-08 18:40 107,520 a--sh--- c:\windows\system32\bulimane.dll
2009-07-08 18:40 107,520 a--sh--- c:\windows\system32\sazuduwe.dll

============= FINISH: 21:15:40.64 ===============

DDS (Ver_09-10-12.01) - NTFSx86
Run by x at 21:15:03.59 on Sun 10/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.693 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\x\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=1607
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {590680af-b07c-4708-9675-f73bf67da164} - bulimane.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [nobipipisa] Rundll32.exe "kemepiga.dll",s
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: avgrsstarter - avgrsstx.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: dozipujen - {80682536-d220-4433-91d5-59fe0b4eb8f2} - c:\windows\system32\vosegusa.dll
STS: gahurihor: {8228f484-3783-497f-81e6-54056e27f875} - c:\windows\system32\zenatosi.dll
STS: jugezatag: {80682536-d220-4433-91d5-59fe0b4eb8f2} - c:\windows\system32\vosegusa.dll
LSA: Notification Packages = scecli sazuduwe.dll kemepiga.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owenad~1\applic~1\mozilla\firefox\profiles\y3bblt0q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=ign
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\x\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\x\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-4-17 61526]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 o1394bul;o1394bul;\??\c:\docume~1\owenad~1\locals~1\temp\o1394bul.sys --> c:\docume~1\owenad~1\locals~1\temp\o1394bul.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-3 24652]
S4 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2007-10-14 53307]

=============== Created Last 30 ================

2009-10-11 17:02 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 17:02 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-11 02:14 2,098 ---sh--- c:\windows\system32\muvetuvo.exe
2009-10-09 22:38 4,252 ---sh--- c:\windows\system32\wavowibi.exe
2009-10-09 02:41 <DIR> --d----- C:\Programmi
2009-10-08 19:44 389,120 a------- c:\windows\system32\CF6038.exe
2009-10-08 19:44 <DIR> --d----- C:\ComboFix
2009-10-08 19:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 13:57 <DIR> --d----- c:\docume~1\owenad~1\applic~1\AVG8
2009-10-06 00:35 <DIR> --d----- c:\program files\Trend Micro
2009-10-03 15:34 <DIR> --d----- c:\program files\MSECache
2009-09-29 23:49 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-09-29 15:10 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-09-29 01:40 0 a------- c:\windows\EEventManager.INI
2009-09-25 15:34 <DIR> --d----- c:\program files\EpsonNet
2009-09-25 15:34 <DIR> --d----- c:\program files\common files\EPSON
2009-09-25 15:33 <DIR> --d----- c:\program files\Epson Software
2009-09-25 15:33 93,696 a------- c:\windows\system32\E_FLBFIA.DLL
2009-09-25 15:33 79,360 a------- c:\windows\system32\E_FD4BFIA.DLL
2009-09-25 15:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-09-25 15:32 342,016 a------- c:\windows\system32\eswiaud.dll
2009-09-25 15:32 9,216 a------- c:\windows\system32\escdev.dll
2009-09-25 15:32 <DIR> --d----- c:\program files\epson
2009-09-25 15:31 60 a------- c:\windows\EPNX510.ini
2009-09-22 22:17 <DIR> --d----- c:\program files\iPod
2009-09-22 22:17 <DIR> --d----- c:\program files\iTunes
2009-09-20 13:28 <DIR> --d----- c:\program files\Paradox Interactive
2009-09-15 22:29 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-15 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-09-29 16:12 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-09-14 02:12 229,888 a------- c:\windows\PEV.exe
2009-09-07 13:10 3,558 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-13 08:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 02:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 09:05 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 09:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-14 14:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 14:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-07-14 11:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 11:54 7,741,664 a------- c:\windows\system32\dllcache\nv4_mini.sys
2009-07-14 11:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 11:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 11:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 11:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 11:54 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-07-14 11:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 10:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 10:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 10:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 10:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 10:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 10:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 10:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 10:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 10:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 10:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 10:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 10:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 10:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-08 18:40 107,520 a--sh--- c:\windows\system32\bulimane.dll
2009-07-08 18:40 107,520 a--sh--- c:\windows\system32\sazuduwe.dll

============= FINISH: 21:15:40.64 ===============
Attached Files
File Type: rar Attach.rar (3.9 KB, 0 views)
File Type: zip ark.zip (1.9 KB, 1 views)
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2009, 03:53 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: Persisant infection present on restart
Bump Please.

Also, I do not have a windows boot disc, but I have an additional computer that I can use to download or burn any files necessary.
Last edited by drkhrs2020; 10-16-2009 at 03:58 PM.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-20-2009, 06:39 AM   #4 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,165
OS: XP sp3


Re: problem with infections, rootkits
Hi,

Please do the following:

Download ComboFix from either of these locations:
Link 1
Link 2


VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 08:23 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
Running Combofix

Combofix prepares to run, creates a system restore point, scans for files, restarted. Upon restart, I received a windows error messages “kemepiga.dll could not be loaded” while the combofix program was finishing.


ComboFix 09-10-20.03 - 10/21/2009 19:04.15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.673 [GMT -7:00]
Running from: c:\documents and \Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\bopomija.exe
c:\windows\system32\dutisihu.exe
c:\windows\system32\huvifima.exe
c:\windows\system32\jutizowi.exe
c:\windows\system32\kipilopa.exe
c:\windows\system32\ludotoja.exe
c:\windows\system32\muvetuvo.exe
c:\windows\system32\rozisibu.exe
c:\windows\system32\sazuduwe.dll
c:\windows\system32\tafusabe.exe
c:\windows\system32\tubakile.exe
c:\windows\system32\wamejulu.exe
c:\windows\system32\wavowibi.exe
c:\windows\system32\zobumava.exe

----- BITS: Possible infected sites -----

hxxp://82.98.235.208
.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-18 02:54 . 2009-10-21 19:14 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\The Witcher
2009-10-18 01:40 . 2009-10-19 00:08 -------- d-----w- c:\program files\The Witcher Enhanced Edition
2009-10-15 13:11 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-10-15 13:11 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-10-15 13:11 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-10-15 13:11 . 2008-10-27 17:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-10-15 13:11 . 2008-10-27 17:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-10-15 13:11 . 2008-10-27 17:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-10-15 13:11 . 2008-10-27 17:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-10-15 12:54 . 2009-10-18 00:21 -------- d-----w- c:\program files\Drakensang
2009-10-13 22:07 . 2009-10-13 22:07 -------- d-----w- c:\program files\Common Files\BioWare
2009-10-13 22:04 . 2009-10-13 22:06 -------- d-----w- c:\program files\Dragon Age Origins Character Creator
2009-10-12 16:41 . 2009-10-12 16:41 -------- d-----w- c:\documents and settings\Random\Application Data\Malwarebytes
2009-10-12 16:41 . 2009-10-12 16:41 -------- d-----w- c:\documents and settings\Random\Application Data\Epson
2009-10-12 00:02 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 00:02 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 17:36 . 2009-10-09 17:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Viewpoint
2009-10-09 09:41 . 2009-10-09 09:41 -------- d-----w- C:\Programmi
2009-10-09 02:00 . 2009-10-12 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 20:57 . 2009-10-06 20:57 -------- d-----w- c:\documents and settings\\Application Data\AVG8
2009-10-06 07:35 . 2009-10-06 07:35 -------- d-----w- c:\program files\Trend Micro
2009-10-03 22:34 . 2009-10-03 22:34 -------- d-----w- c:\program files\MSECache
2009-09-30 06:49 . 2009-09-30 06:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-30 06:49 . 2009-09-30 06:49 -------- d-----w- c:\documents and settings\\Application Data\SystemRequirementsLab
2009-09-29 22:10 . 2009-09-29 22:10 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-29 04:24 . 2009-09-29 04:24 -------- d-----w- c:\documents and settings\\Application Data\Epson
2009-09-25 22:33 . 2009-09-25 22:33 -------- d-----w- c:\program files\Epson Software
2009-09-25 22:33 . 2008-11-12 02:00 93696 ----a-w- c:\windows\system32\E_FLBFIA.DLL
2009-09-25 22:33 . 2008-11-12 02:00 79360 ----a-w- c:\windows\system32\E_FD4BFIA.DLL
2009-09-25 22:32 . 2009-09-25 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-25 22:32 . 2008-11-17 07:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2009-09-25 22:32 . 2006-08-25 00:00 9216 ----a-w- c:\windows\system32\escdev.dll
2009-09-25 22:32 . 2009-09-25 22:33 -------- d-----w- c:\program files\epson
2009-09-23 05:17 . 2009-09-23 05:17 -------- d-----w- c:\program files\iPod
2009-09-23 05:17 . 2009-09-23 05:17 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 00:07 . 2006-04-18 04:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:04 . 2009-02-13 02:22 -------- d-----w- c:\program files\AVG
2009-10-17 21:04 . 2009-05-10 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-15 04:11 . 2009-07-19 00:06 -------- d-----w- c:\documents and settings\\Application Data\vlc
2009-10-09 09:16 . 2006-04-29 20:11 -------- d-----w- c:\program files\LucasArts
2009-10-08 19:42 . 2006-09-14 22:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-07 08:53 . 2006-04-19 22:43 -------- d-----w- c:\documents and settings\\Application Data\Azureus
2009-10-05 08:50 . 2006-04-20 01:21 78856 -c--a-w- c:\documents and settings\s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 23:12 . 2006-04-24 17:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-25 23:24 . 2009-09-25 22:34 -------- d-----w- c:\program files\EpsonNet
2009-09-25 22:34 . 2009-09-25 22:34 -------- d-----w- c:\program files\Common Files\EPSON
2009-09-25 22:34 . 2009-09-25 22:34 -------- d-----w- c:\documents and settings\s\Application Data\InstallShield
2009-09-23 05:17 . 2008-08-03 23:14 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 20:28 . 2009-09-20 20:28 -------- d-----w- c:\program files\Paradox Interactive
2009-09-20 18:56 . 2006-09-11 23:51 -------- d-----w- c:\program files\Azureus
2009-09-20 05:56 . 2007-04-29 15:40 -------- d-----w- c:\program files\Black Isle
2009-09-18 03:00 . 2007-09-05 19:31 -------- d-----w- c:\documents and settings\Xxx\Application Data\EndNote
2009-09-18 03:00 . 2007-09-05 19:30 -------- d-----w- c:\program files\EndNote X
2009-09-16 05:30 . 2007-06-13 16:57 -------- d-----w- c:\documents and settings\Xxx\Application Data\Apple Computer
2009-09-16 05:29 . 2009-09-16 05:29 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-16 05:28 . 2009-09-16 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 05:26 . 2009-09-16 05:26 -------- d-----w- c:\program files\QuickTime
2009-09-10 21:28 . 2009-09-10 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Cabela's African Safari Saves
2009-09-10 21:17 . 2009-09-10 21:17 -------- d-----w- c:\program files\Activision Value
2009-09-10 21:12 . 2009-09-10 21:12 -------- d-----w- c:\program files\MagicISO
2009-09-07 20:10 . 2006-04-20 01:20 3558 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-07 20:10 . 2006-04-20 01:20 88 --sh--r- c:\windows\system32\2EF13ECD68.sys
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 09:23 . 2009-07-03 20:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 01:40 . 2009-07-09 01:40 107520 --sha-w- c:\windows\system32\bulimane.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-05_07.15.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 07:46 . 2006-12-02 07:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-07-12 03:54 . 2009-07-12 03:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 04:08 . 2006-12-02 04:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2006-12-02 07:26 . 2006-12-02 07:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 04:26 . 2006-12-02 04:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-02 04:25 . 2006-12-02 04:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2009-07-12 08:07 . 2009-07-12 08:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 08:19 . 2009-07-12 08:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
- 2006-12-02 02:56 . 2006-12-02 02:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:56 . 2006-12-02 05:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-07-12 02:41 . 2009-07-12 02:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-10-22 02:12 . 2009-10-22 02:12 16384 c:\windows\temp\Perflib_Perfdata_630.dat
+ 2006-04-18 04:37 . 2003-04-10 00:01 90112 c:\windows\system32\mdmxsdk.dll
+ 2006-04-18 04:37 . 2003-04-09 23:48 11043 c:\windows\system32\drivers\mdmxsdk.sys
+ 2006-04-19 21:47 . 2009-10-21 18:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-04-19 21:47 . 2009-05-07 20:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-04-19 21:47 . 2009-05-07 20:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-04-19 21:47 . 2009-10-21 18:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-09 17:36 . 2009-10-21 18:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-18 02:02 . 2009-10-18 02:02 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-07-12 08:12 . 2009-07-12 08:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 08:09 . 2009-07-12 08:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 08:08 . 2009-07-12 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 331264 c:\windows\Installer\df5dd6.msi
+ 2009-10-13 22:07 . 2009-10-13 22:07 424960 c:\windows\Installer\12787f.msi
- 2009-09-20 20:30 . 2009-09-20 20:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2006-12-02 04:25 . 2006-12-02 04:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-02 04:25 . 2006-12-02 04:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2009-07-12 03:46 . 2009-07-12 03:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 03:46 . 2009-07-12 03:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-20 20:30 . 2009-09-20 20:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-18 02:02 . 2009-10-18 02:02 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{590680af-b07c-4708-9675-f73bf67da164}]
2009-07-09 01:40 107520 --sha-w- c:\windows\system32\bulimane.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nobipipisa"="kemepiga.dll" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{8228f484-3783-497f-81e6-54056e27f875}"= "c:\windows\system32\zenatosi.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 01:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
backup=c:\windows\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB300NSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"LightScribeService"=2 (0x2)
"LexBceS"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AVP"=2 (0x2)
".norton2009Reset"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Xxx\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Xxx\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Paradox Interactive\\Majesty 2\\majesty2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"=

R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [4/17/2006 9:59 PM 61526]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 8:11 AM 10664]
S3 o1394bul;o1394bul;\??\c:\docume~1\OWENAD~1\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\OWENAD~1\LOCALS~1\Temp\o1394bul.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/3/2009 9:33 AM 24652]
S4 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [10/14/2007 12:30 PM 53307]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-699628974-1119387528-3528249899-1006Core.job
- c:\documents and settings\Xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-17 03:51]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-699628974-1119387528-3528249899-1006UA.job
- c:\documents and settings\Xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-17 03:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=1607
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Xxx\Application Data\Mozilla\Firefox\Profiles\y3bblt0q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=ign
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Xxx\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Xxx\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{80682536-d220-4433-91d5-59fe0b4eb8f2} - c:\windows\system32\vosegusa.dll
SSODL-dozipujen-{80682536-d220-4433-91d5-59fe0b4eb8f2} - c:\windows\system32\vosegusa.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 19:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-699628974-1119387528-3528249899-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:90,39,4f,ed,5d,c1,2a,c7,cf,5a,19,3d,1d,ee,3a,45,69,9b,ce,a5,61,a2,b6,
a2,64,d2,e0,fb,c8,19,5f,79,a6,63,15,83,c9,99,10,bc,ba,81,77,68,0a,c1,3e,25,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

[HKEY_USERS\S-1-5-21-699628974-1119387528-3528249899-1006\Software\SecuROM\License information*]
"datasecu"=hex:51,6e,c9,ff,92,dd,0b,e6,ed,d0,b5,98,5d,0b,2f,3f,f6,bd,24,1b,d4,
74,8d,9c,c8,0b,2e,7c,ba,05,c5,ff,65,19,d1,bc,2a,a6,cd,9d,09,d7,0d,2c,93,75,\
"rkeysecu"=hex:96,ae,8a,41,2d,65,38,fc,e9,a5,54,53,21,81,76,0e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3704)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\PRISMSVR.EXE
c:\combofix\CF19352.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-22 02:17
ComboFix2.txt 2009-10-06 18:57
ComboFix3.txt 2009-10-06 02:57
ComboFix4.txt 2009-10-05 10:41
ComboFix5.txt 2009-10-09 02:27

Pre-Run: 48,626,692,096 bytes free
Post-Run: 48,807,391,232 bytes free

- - End Of File - - E81EA486F45CE90CE720766D2232B9AD


The computer runs fine, I just have it disconnect from the internet because I was continuously detecting rootkits and mbam keeping returning an infection scan even after restart.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 08:41 PM   #6 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,165
OS: XP sp3


Re: problem with infections, rootkits
Hi,

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/420001-problem-infections-rootkits.html#post2403576

Collect::
c:\windows\system32\bulimane.dll
c:\windows\system32\zenatosi.dll
c:\docume~1\OWENAD~1\LOCALS~1\Temp\o1394bul.sys

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{590680af-b07c-4708-9675-f73bf67da164}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nobipipisa"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{8228f484-3783-497f-81e6-54056e27f875}"=-

Driver::
o1394bul
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.



NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • ComboFix Log
  • MBAM Log
  • Kaspersky report
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 02:37 AM   #7 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
I followed the directions as listed, but Combofix never opened another window after running, and Kapersky has scanned 10% after 30 minutes. I will post the Kapersky report in when it finishes.



ComboFix 09-10-20.03 - Xxxx 10/22/2009 0:13.16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.748 [GMT -7:00]
Running from: c:\documents and settings\Xxxx\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xxxx\Desktop\CFScript.txt

file zipped: c:\windows\system32\bulimane.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bulimane.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_O1394BUL
-------\Service_o1394bul


((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-18 02:54 . 2009-10-22 06:39 -------- d-----w- c:\documents and settings\Xxxx\Local Settings\Application Data\The Witcher
2009-10-18 01:40 . 2009-10-19 00:08 -------- d-----w- c:\program files\The Witcher Enhanced Edition
2009-10-15 13:11 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-10-15 13:11 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-10-15 13:11 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-10-15 13:11 . 2008-10-27 17:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-10-15 13:11 . 2008-10-27 17:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-10-15 13:11 . 2008-10-27 17:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-10-15 13:11 . 2008-10-27 17:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-10-15 12:54 . 2009-10-18 00:21 -------- d-----w- c:\program files\Drakensang
2009-10-13 22:07 . 2009-10-13 22:07 -------- d-----w- c:\program files\Common Files\BioWare
2009-10-13 22:04 . 2009-10-13 22:06 -------- d-----w- c:\program files\Dragon Age Origins Character Creator
2009-10-12 16:41 . 2009-10-12 16:41 -------- d-----w- c:\documents and settings\Random\Application Data\Malwarebytes
2009-10-12 16:41 . 2009-10-12 16:41 -------- d-----w- c:\documents and settings\Random\Application Data\Epson
2009-10-12 00:02 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 00:02 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 17:36 . 2009-10-09 17:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Viewpoint
2009-10-09 09:41 . 2009-10-09 09:41 -------- d-----w- C:\Programmi
2009-10-09 02:00 . 2009-10-12 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 20:57 . 2009-10-06 20:57 -------- d-----w- c:\documents and settings\Xxxx\Application Data\AVG8
2009-10-06 07:35 . 2009-10-06 07:35 -------- d-----w- c:\program files\Trend Micro
2009-10-03 22:34 . 2009-10-03 22:34 -------- d-----w- c:\program files\MSECache
2009-09-30 06:49 . 2009-09-30 06:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-30 06:49 . 2009-09-30 06:49 -------- d-----w- c:\documents and settings\Xxxx\Application Data\SystemRequirementsLab
2009-09-29 22:10 . 2009-09-29 22:10 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-29 04:24 . 2009-09-29 04:24 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Epson
2009-09-25 22:33 . 2009-09-25 22:33 -------- d-----w- c:\program files\Epson Software
2009-09-25 22:33 . 2008-11-12 02:00 93696 ----a-w- c:\windows\system32\E_FLBFIA.DLL
2009-09-25 22:33 . 2008-11-12 02:00 79360 ----a-w- c:\windows\system32\E_FD4BFIA.DLL
2009-09-25 22:32 . 2009-09-25 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-25 22:32 . 2008-11-17 07:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2009-09-25 22:32 . 2006-08-25 00:00 9216 ----a-w- c:\windows\system32\escdev.dll
2009-09-25 22:32 . 2009-09-25 22:33 -------- d-----w- c:\program files\epson
2009-09-23 05:17 . 2009-09-23 05:17 -------- d-----w- c:\program files\iPod
2009-09-23 05:17 . 2009-09-23 05:17 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 00:07 . 2006-04-18 04:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:04 . 2009-02-13 02:22 -------- d-----w- c:\program files\AVG
2009-10-17 21:04 . 2009-05-10 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-15 04:11 . 2009-07-19 00:06 -------- d-----w- c:\documents and settings\Xxxx\Application Data\vlc
2009-10-09 09:16 . 2006-04-29 20:11 -------- d-----w- c:\program files\LucasArts
2009-10-08 19:42 . 2006-09-14 22:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-07 08:53 . 2006-04-19 22:43 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Azureus
2009-10-05 08:50 . 2006-04-20 01:21 78856 -c--a-w- c:\documents and settings\Xxxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 23:12 . 2006-04-24 17:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-25 23:24 . 2009-09-25 22:34 -------- d-----w- c:\program files\EpsonNet
2009-09-25 22:34 . 2009-09-25 22:34 -------- d-----w- c:\program files\Common Files\EPSON
2009-09-25 22:34 . 2009-09-25 22:34 -------- d-----w- c:\documents and settings\Xxxx\Application Data\InstallShield
2009-09-23 05:17 . 2008-08-03 23:14 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 20:28 . 2009-09-20 20:28 -------- d-----w- c:\program files\Paradox Interactive
2009-09-20 18:56 . 2006-09-11 23:51 -------- d-----w- c:\program files\Azureus
2009-09-20 05:56 . 2007-04-29 15:40 -------- d-----w- c:\program files\Black Isle
2009-09-18 03:00 . 2007-09-05 19:31 -------- d-----w- c:\documents and settings\Xxxx\Application Data\EndNote
2009-09-18 03:00 . 2007-09-05 19:30 -------- d-----w- c:\program files\EndNote X
2009-09-16 05:30 . 2007-06-13 16:57 -------- d-----w- c:\documents and settings\Xxxx\Application Data\Apple Computer
2009-09-16 05:29 . 2009-09-16 05:29 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-16 05:28 . 2009-09-16 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 05:26 . 2009-09-16 05:26 -------- d-----w- c:\program files\QuickTime
2009-09-10 21:28 . 2009-09-10 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Cabela's African Safari Saves
2009-09-10 21:17 . 2009-09-10 21:17 -------- d-----w- c:\program files\Activision Value
2009-09-10 21:12 . 2009-09-10 21:12 -------- d-----w- c:\program files\MagicISO
2009-09-07 20:10 . 2006-04-20 01:20 3558 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-07 20:10 . 2006-04-20 01:20 88 --sh--r- c:\windows\system32\2EF13ECD68.sys
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 09:23 . 2009-07-03 20:40 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 01:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
backup=c:\windows\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB300NSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"LightScribeService"=2 (0x2)
"LexBceS"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AVP"=2 (0x2)
".norton2009Reset"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Xxxx\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Xxxx\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Paradox Interactive\\Majesty 2\\majesty2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [4/17/2006 9:59 PM 61526]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 8:11 AM 10664]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/3/2009 9:33 AM 24652]
S4 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [10/14/2007 12:30 PM 53307]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-699628974-1119387528-3528249899-1006Core.job
- c:\documents and settings\Xxxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-17 03:51]

2009-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-699628974-1119387528-3528249899-1006UA.job
- c:\documents and settings\Xxxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-17 03:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=1607
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Xxxx\Application Data\Mozilla\Firefox\Profiles\y3bblt0q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=ign
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Xxxx\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Xxxx\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 00:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-699628974-1119387528-3528249899-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:90,39,4f,ed,5d,c1,2a,c7,cf,5a,19,3d,1d,ee,3a,45,69,9b,ce,a5,61,a2,b6,
a2,64,d2,e0,fb,c8,19,5f,79,a6,63,15,83,c9,99,10,bc,ba,81,77,68,0a,c1,3e,25,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

[HKEY_USERS\S-1-5-21-699628974-1119387528-3528249899-1006\Software\SecuROM\License information*]
"datasecu"=hex:51,6e,c9,ff,92,dd,0b,e6,ed,d0,b5,98,5d,0b,2f,3f,f6,bd,24,1b,d4,
74,8d,9c,c8,0b,2e,7c,ba,05,c5,ff,65,19,d1,bc,2a,a6,cd,9d,09,d7,0d,2c,93,75,\
"rkeysecu"=hex:96,ae,8a,41,2d,65,38,fc,e9,a5,54,53,21,81,76,0e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4016)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\PRISMSVR.EXE
c:\combofix\CF15284.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 0:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-22 07:27
ComboFix2.txt 2009-10-22 02:17
ComboFix3.txt 2009-10-06 18:57
ComboFix4.txt 2009-10-06 02:57
ComboFix5.txt 2009-10-22 07:11

Pre-Run: 48,422,559,744 bytes free
Post-Run: 48,277,475,328 bytes free

- - End Of File - - 8E18480935770D6D372B043F1B520CD8


Malwarebytes' Anti-Malware 1.41
Database version: 3009
Windows 5.1.2600 Service Pack 3

10/22/2009 12:34:03 AM
mbam-log-2009-10-22 (00-34-01).txt

Scan type: Quick Scan
Objects scanned: 117741
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\PEV.exe (Trojan.PWS) -> No action taken.


I did as followed with mbam and removed all checked problems. I don’t know why it says no action taken.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 06:09 AM   #8 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 22, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 22, 2009 09:20:29
Records in database: 3044203
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 131853
Threats found: 4
Infected objects found: 6
Suspicious objects found: 1
Scan duration: 04:07:18


File name / Threat / Threats count
C:\Documents and Settings\\Application Data\Thunderbird\Profiles\4qymd5lo.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\Documents and Settings\\Application Data\Thunderbird\Profiles\4qymd5lo.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kemepiga.dll.vir Infected: Trojan.Win32.Stuh.afas 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sazuduwe.dll.vir Infected: Trojan.Win32.Stuh.afas 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zenatosi.dll.vir Infected: Trojan.Win32.Plapon.uw 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-22_00.13.09.zip Infected: Trojan.Win32.Stuh.afas 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000033.dll Infected: Trojan.Win32.Stuh.afas 1

Selected area has been scanned.



The scan took 4 hours.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 06:43 AM   #9 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
After the restart, windows update automatically ran and installed several security updates. I am now unable to connect via wireless or through a cable to the internet. I have verified that the router works for both wireless and hard line with other computers.

edit: Whatever was infecting my computer was blocking windows update. When it was removed, it loaded the security fixes, so I went to windows update in IE and loaded the fixes that had not yet been installed, such as upgrading to IE 8, Activex fixes, 13 security fixes, etc. During the installation of the updates, my computer automatically disconnected from the wireless, and after restarting, I was unable to connect back. The device reads the network with full signal, but cannot make a connection.
Last edited by drkhrs2020; 10-22-2009 at 06:53 AM.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 07:43 AM   #10 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,165
OS: XP sp3


Re: problem with infections, rootkits
Hi,

There are a couple of things to try.

See if there is a system restore point available to before the updates were installed - ComboFix creates one so there should be one available, see if that fixes it.

If not there are a few trouble shooting things to try:

First makesure the firewall is not blocking the connection:

Next:

Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns
Tap Enter
If you are typing this in, note the space between the g /f
It needs to be there.

Next type in: ipconfig /release
Tap Enter

Next type in: ipconfig /renew
Tap Enter

Now lets check some settings on your system.
Enter your Control Panel and double-click on Network Connections

Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Note: Do this for all Network Connections
Press OK twice to get out of the properties screen and reboot if it asks

NEXT::

For these commands press Start, > Run, type CMD, press OK to open a command prompt.

To reset WINSOCK entries to installation defaults: type: netsh winsock reset catalog at the command prompt > enter

then to reset TCP/IP stack to installation defaults. type netsh int ip reset reset.log at the command prompt > exit

Reboot the machine.

NEXT

1. Open IE >> Tools>> Internet Options
2. Click the Connections tab
3. Click to highlight the first entry under Dialup and Virtual Private Networks settings, then click the Settings button.
4. Place a checkmark in the Automatically detect settings checkbox, then click OK.
5. Repeat steps 3 and 4 for all listed Dialup and Virtual Private Networks
6. With the Connections tab still selected, click the LAN Settings button.
7. Place a checkmark in the Automatically detect settings checkbox, then click OK.
8. Close IE and restart the browser.


Hopefully now you will be able to access the internet.
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 11:52 AM   #11 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
Computer would not let me restore to an earlier date

Command ipconfig /release yields

“no operation can be performed on wireless network connection 11 while it has its media disconnected”

There are no listings under dial-up and virtual private network settings

Attempting to connect using IE diagnostic tools tells me to turn modem/router on/off. Did that and had no success. My wireless card is detecting the networks, but will not connect.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 12:09 PM   #12 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,165
OS: XP sp3


Re: problem with infections, rootkits
Hi,

If you google “no operation can be performed on wireless network connection 11 while it has its media disconnected” you will notice that yours seems to be a common problem after failed windows updates.

I will need to research this issue a little more and see if I can find a solution.

I will get back to you as soon as possible.
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 08:12 PM   #13 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,165
OS: XP sp3


Re: problem with infections, rootkits
Hi,

Please do the following:

Go to Start > Control Panel > Add/Remove programs and check the box 'Show Updates'

scroll through the list and find the updates that were just installed and remove them.

make sure you restart the computer after removing them.


if your connection is back, set the automatic updates to download but not install.

when it pops up a message that updates are ready to install, click the message, then Custom install only 1 update at a time and restart

repeat for each update as long as your connection still works

that will tell us which update is causing the issue.
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 09:37 PM   #14 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
I've removed everything with a use date of 10/22 or 10/23. Trying to use Microsoft recovery console results in a blue screen. I can't find any more updates to remove with the same date, and I'm not sure how what was specifically installed. I considered uninstalling sp3, but it seems that it won't remove all the features. The only one I can't uninstall is the windows validation tool.

I still can't get ipconfig /release to detect.

Blue screen after recovery console syas

Technical Information

*** Stop: 0x0000007B (0xF7CAF524, 0xC0000034, 0x00000000, 0x00000000)
Last edited by drkhrs2020; 10-22-2009 at 10:03 PM.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 10:21 PM   #15 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,165
OS: XP sp3


Re: problem with infections, rootkits
Hi,

Please do the following:


connect the wired connection,

open device manager and expand Network Adapters

disable the wireless connection,


then uninstall the wired network adapter in device manager and reboot

The adapter should reinstall.


If you are not certain which is the wireless connection do this:

go to show all connections from start menu

right click the local area connection > properties

it will show the adapter.

now, after reboot and the adapter is installed, check for an internet connection

if not, open show all connections again, then right click Local Area Connection and select Status
Select the Support tab, then Details
post the information shown.
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 12:01 AM   #16 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
Could not connect through a wired connection

physical address 00-13-72-13-66-76
ip address 169.254.157.167
subnet mask 255.255..0.0
default gateway 169.254.157.167
dns server
wins server
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 05:20 AM   #17 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,165
OS: XP sp3


Re: problem with infections, rootkits
open device manager and expand Network Adapters

do you see any red or yellow warning triangles?
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 03:07 PM   #18 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
I do not see any warning triangles by either the Wireless or the wired connection.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 03:54 PM   #19 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 17
OS: win xp sp3


Re: problem with infections, rootkits
Sidenote: Comp Specs

Pentium (R) D CPU 3.20 GHz
3.19 GHz, 1.00 GB RAM

I can get windows 7 on the student discount, but I have some concerns about my computer's ability to handle it.
drkhrs2020 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2009, 04:50 PM   #20 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,165
OS: XP sp3


Re: problem with infections, rootkits
The microsoft site has a compatibility tool available for download that will measure the specs of your computer to see if it can handle it.

Download it to another computer and transfer via USB


Tool available HERE


There is still a couple of things to try to get your connection back.

Is it a DSL or Cable modem?


If your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.



If you have no task bar icon do this:
  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.



Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.


If that doesn't work, try this:


contact your ISP provider to reset their end to see if that restores your connection.


Have them walk you through a reset of your modem.

Then reset your router:
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:12 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85