Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Redirecting Issues - rundll32.exe and System Restore.

This is a discussion on Redirecting Issues - rundll32.exe and System Restore. within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi All, I suspect that my computer has recently been infected with a virus etc. Over the past several days


 
 
Thread Tools Search this Thread
Old 08-13-2011, 11:40 AM   #1
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi All,

I suspect that my computer has recently been infected with a virus etc. Over the past several days the computer has been playing up and I have noticed that I am being directed to other web sites other than those, which I have chosen.

Also, when I shut my computer down via “start” – “turn off computer” – “turn off” I get the following window message appear “End Program” – “rundll32.exe”. It gives me the option to end now or let it gradually end itself and then close down.

I have even tried to do a system restore but unfortunately it will only allow me to choose a six-day window in which to do this. I have picked the earliest date and restored it to this, but to no avail. Coincidentally, it will not allow me to choose an earlier month either. I am pretty much stuck in the month of August and from the 8th to the current date – 13th.

The computer appears to be working fine apart from the above symptoms. I am running on Windows XP Home Edition SP3 with IE7 and a google toolbar. I have even tried an alternative web browser (firefox) but it’s still exactly the same.

I am getting pretty desperate and frustrated now. Any help or suggestions would be greatly appreciated.

Thank You.

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by THOMAS DAVIES at 19:28:53 on 2011-08-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1227 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.talktalk.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~2\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110514081519.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~2\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {5a074b29-f830-49de-a31b-5bb9d7f6b407} - c:\program files\askbar\bar\bin\askBar1.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~2\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Ask Toolbar Quick View: {464d5661-3e12-415b-8df1-8d986745149f} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SacReminder] c:\documents and settings\all users\application data\officeguardian\reminder\SacReminder.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Conime] %windir%\system32\conime.exe
mRun: [YeppStudioAgent] f:\program files\samsung\samsung media studio\SamsungMediaStudioAgent.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [Qvlxhi] rundll32 "c:\windows\system32\MFC42ENUJ.dll",Lygennio
StartupFolder: c:\docume~1\thomas~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\thomas~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Save Image to Folder - c:\program files\askbar\bar\bin\askBar.dll/saveimagetofolder.html
IE: &Save Image to MyStuff - c:\program files\askbar\bar\bin\askBar.dll/saveimages.html
IE: &Save Link to Folder - c:\program files\askbar\bar\bin\askBar.dll/saveltof.html
IE: &Save Link to MyStuff - c:\program files\askbar\bar\bin\askBar.dll/savelink.html
IE: &Save Page to Folder... - c:\program files\askbar\bar\bin\askBar.dll/savepagetofolder.html
IE: &Save this Page to MyStuff - c:\program files\askbar\bar\bin\askBar.dll/savewebpage.html
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1252519910454
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223231100192
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5F8F1FE8-E155-40F7-A711-C9D492D2C17D} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~2\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~2\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: twpR32 - twpR32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-9 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-7 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67664]
R1 SSHDRV58;SSHDRV58;c:\windows\system32\drivers\SSHDRV58.sys [2006-11-19 33792]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-9-14 116608]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-5 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-11 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-11 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-11 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-11 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-29 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-29 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-11 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-11 88736]
S1 twpR64;UDP netbios mapping;\??\c:\windows\system32\twpr64.sys --> c:\windows\system32\twpR64.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S2 twpR32;UDP32 netbios mapping;\??\c:\windows\system32\twpr64.sys --> c:\windows\system32\twpR64.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\thomas~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\thomas~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-11 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-11 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-29 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-29 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
.
=============== Created Last 30 ================
.
2011-08-11 18:55:57 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-08-11 18:54:59 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-08-11 18:53:59 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-08-11 18:52:59 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-08-11 18:51:59 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-08-11 18:50:58 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-08-11 18:49:56 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-08-11 18:48:57 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-08-11 18:47:59 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2011-08-11 18:46:57 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-08-11 18:45:57 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-08-11 18:44:57 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-08-11 18:43:57 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-08-11 18:42:54 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-08-11 18:42:47 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-08-11 18:42:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-08-11 18:42:42 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-08-11 18:42:36 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-08-11 18:42:35 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-08-11 18:42:26 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-08-11 18:42:23 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-08-11 18:42:21 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-08-11 18:42:15 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-08-11 18:42:13 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-08-11 18:42:08 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-08-11 18:42:03 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-08-11 18:40:59 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-08-11 18:39:59 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-08-11 18:38:46 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-08-11 18:37:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-08-11 18:36:57 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2011-08-11 18:35:59 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2011-08-11 18:34:59 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2011-08-11 18:33:59 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-08-11 18:32:59 24648 -c--a-w- c:\windows\system32\dllcache\dfe650.sys
2011-08-11 18:31:59 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2011-08-11 18:30:59 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-08-11 18:29:59 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll
2011-08-11 18:28:59 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-08-11 18:27:59 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-08-11 18:27:59 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-08-11 18:27:58 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-08-11 18:27:57 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-08-11 18:27:56 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2011-08-11 18:27:33 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-08-11 15:04:00 388096 ----a-r- c:\documents and settings\thomas davies\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-11 15:03:58 -------- d-----w- c:\program files\Trend Micro
2011-08-11 07:43:22 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-10 19:56:52 -------- d-----w- c:\program files\Lavasoft
2011-08-10 00:21:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-10 00:21:30 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-09 10:59:02 -------- d-----w- c:\documents and settings\thomas davies\application data\ElevatedDiagnostics
2011-08-09 00:19:26 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-08-08 14:19:02 68608 --sha-r- c:\windows\system32\MFC42ENUJ.dll
2011-07-16 23:56:40 -------- d-----w- c:\documents and settings\thomas davies\application data\Canneverbe Limited
2011-07-16 23:56:40 -------- d-----w- c:\documents and settings\all users\application data\Canneverbe Limited
2011-07-16 23:56:25 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-07-16 23:50:07 5015880 ----a-w- c:\program files\cdbxp_setup_4.3.8.2568.exe
2011-07-16 22:26:56 5525504 ----a-w- c:\windows\system32\setb5.tmp
.
==================== Find3M ====================
.
2011-08-10 19:59:15 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-21 13:59:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
2011-06-21 07:42:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 20:47:48 3468472 ----a-w- c:\program files\winamp3.exe
2008-10-21 10:23:53 16479 ----a-w- c:\program files\common files\ajusyje.bat
2008-10-21 10:23:53 12979 ----a-w- c:\program files\common files\yrogymu.exe
2004-09-20 10:19:13 176832 ----a-w- c:\program files\FixWelch.exe
.
============= FINISH: 19:30:58.73 ===============[/FONT]

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2011-08-13 19:35:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.VT10
Running: gmer.exe; Driver: C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\uwlyypog.sys

[FONT=Times New Roman]
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF786D226]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF786D252]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF786D2A8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF786D1FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF786D1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF786D1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF786D23C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF786D27E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF786D2D2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF786D2BE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF786D292]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
thomasanthony is offline  
Sponsored Links
Advertisement
 
Old 08-13-2011, 02:36 PM   #2
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

Welcome to TSF.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

-------
Quote:
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
The above indicates that you have 2 AntiVirus software installed on your computer.

While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

Choose one to keep and uninstall the other via > Add/Remove program.

------

1. Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop

2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here

3. Double click on combofix.exe & follow the prompts.
Note: Windows Vista users will have to right-click on the file and select "Run as Administrator"

4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Click on Yes, to continue scanning for malware.
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
6. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


---------------------------------------------------------------------------------------------
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------
Vick is offline  
Old 08-14-2011, 05:44 AM   #3
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

Thank you so much for your quick response and assistance in helping me with this issue.

As requested, I have uninstalled the Lavasoft application. I only recently installed this application to run a scan to see if it would pick the problem up, unfortunately it didn't. I will stick with McAfee Security Centre as I've subscribe to them yearly since purchasing the computer.

I have to admit, over the past week or so, I have run many anti-virus/spyware programmes to try and solve the problem, but to no avail.

I do have all the original software installation discs that came with the computer from new should they be needed.

Please find attached Combofix log file as requested.

I can't thank you enough for your help.

Kind Regards,

Thomas.

ComboFix 11-08-14.02 - THOMAS DAVIES 14/08/2011 12:45:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT 1:00]
Running from: c:\documents and settings\THOMAS DAVIES\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\THOMAS DAVIES\GoToAssistDownloadHelper.exe
c:\documents and settings\THOMAS DAVIES\WINDOWS
c:\windows\system32\regobj.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\tmp.reg
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDSSSERV
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-11 18:33 . 2001-08-17 11:17 29531 -c--a-w- c:\windows\system32\dllcache\dgapci.sys
2011-08-11 18:33 . 2001-08-17 11:11 24649 -c--a-w- c:\windows\system32\dllcache\dfe650d.sys
2011-08-11 18:31 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2011-08-11 18:30 . 2001-08-17 21:36 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-08-11 18:29 . 2001-08-17 21:36 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll
2011-08-11 18:28 . 2001-08-17 12:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-08-11 18:27 . 2001-08-17 13:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-08-11 18:27 . 2001-08-17 11:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-08-11 18:27 . 2001-08-17 12:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-08-11 18:27 . 2001-08-17 13:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-08-11 18:27 . 2008-04-13 23:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2011-08-11 15:04 . 2011-08-11 15:04 388096 ----a-r- c:\documents and settings\THOMAS DAVIES\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-11 15:03 . 2011-08-11 15:03 -------- d-----w- c:\program files\Trend Micro
2011-08-10 00:21 . 2011-08-10 00:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-09 10:59 . 2011-08-09 10:59 -------- d-----w- c:\documents and settings\THOMAS DAVIES\Application Data\ElevatedDiagnostics
2011-08-09 00:19 . 2011-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-08 14:19 . 2011-08-08 14:19 68608 --sha-r- c:\windows\system32\MFC42ENUJ.dll
2011-07-16 23:56 . 2011-07-16 23:56 -------- d-----w- c:\documents and settings\THOMAS DAVIES\Application Data\Canneverbe Limited
2011-07-16 23:56 . 2011-07-16 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2011-07-16 23:56 . 2011-07-16 23:56 -------- d-----w- c:\program files\CDBurnerXP
2011-07-16 23:56 . 2009-11-12 13:48 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-07-16 23:50 . 2011-07-16 23:50 5015880 ----a-w- c:\program files\cdbxp_setup_4.3.8.2568.exe
2011-07-16 22:26 . 2005-01-28 12:44 5525504 ----a-w- c:\windows\system32\setb5.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-10 19:59 . 2009-11-27 17:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-15 13:29 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-12 14:01 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52 . 2008-10-23 14:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 18:52 . 2008-10-23 14:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2006-11-19 02:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2004-08-12 13:58 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-12 13:57 389120 ----a-w- c:\windows\system32\html.iec
2011-06-21 07:42 . 2011-06-07 08:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 18:14 . 2009-10-03 09:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 20:47 . 2010-09-08 20:47 3468472 ----a-w- c:\program files\winamp3.exe
2008-10-21 10:23 . 2008-10-21 10:23 16479 ----a-w- c:\program files\Common Files\ajusyje.bat
2008-10-21 10:23 . 2008-10-21 10:23 12979 ----a-w- c:\program files\Common Files\yrogymu.exe
2004-09-20 10:19 . 2004-11-16 21:19 176832 ----a-w- c:\program files\FixWelch.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminder"="c:\documents and settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe" [2009-06-26 825152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-09 652528]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\KIM DAVIES\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
.
c:\documents and settings\THOMAS DAVIES\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-10-26 42168]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-11 13:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twpR64.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [07/09/2010 19:38 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 17:17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 17:17 67664]
R1 SSHDRV58;SSHDRV58;c:\windows\system32\drivers\SSHDRV58.sys [19/11/2006 05:10 33792]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [14/09/2010 21:36 116608]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [17/05/2010 14:24 308592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/08/2009 16:22 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [07/09/2010 19:38 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [07/09/2010 19:38 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [11/08/2010 01:58 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [11/08/2010 01:58 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/08/2010 01:58 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/08/2010 01:58 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 01:58 88736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 twpR64;UDP netbios mapping;\??\c:\windows\system32\twpR64.sys --> c:\windows\system32\twpR64.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/12/2009 17:53 135664]
S2 twpR32;UDP32 netbios mapping;\??\c:\windows\system32\twpR64.sys --> c:\windows\system32\twpR64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21/12/2009 17:53 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 01:58 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/08/2010 01:58 84488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 17:17 12872]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 16:53]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 16:53]
.
2011-08-14 c:\windows\Tasks\User_Feed_Synchronization-{D90196F7-2C27-4B51-957D-9179BED91B8C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
2009-04-11 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.talktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: &Save Image to Folder - c:\program files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
IE: &Save Image to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/saveimages.html
IE: &Save Link to Folder - c:\program files\AskBar\bar\bin\askBar.dll/saveltof.html
IE: &Save Link to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/savelink.html
IE: &Save Page to Folder... - c:\program files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
IE: &Save this Page to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/savewebpage.html
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-YeppStudioAgent - f:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
SafeBoot-TDSSpqlt.sys
SafeBoot-twpR32.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-14 12:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-602609370-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~2\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-14 1312 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-14 12:06
.
Pre-Run: 80,831,139,840 bytes free
Post-Run: 80,991,842,304 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 54181D888984421439AF2B707F7C9EA4
thomasanthony is offline  
Sponsored Links
Advertisement
 
Old 08-14-2011, 12:56 PM   #4
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

I haven't quite finish reviewing the log but I need to leave to work.

Meanwhile I return from work, could you do the following:

Please go Virustotal
There is a field to add the filepath under "Upload a file". Please copy and paste this filepath:

c:\windows\system32\MFC42ENUJ.dll

Then hit " Send file"

The scan will take a while before the result comes up so please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now
Once the result is out, copy and paste the link to the results page in your next reply.

---------

Please advise me if you still having redirects.
Vick is offline  
Old 08-15-2011, 12:43 AM   #5
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

Thanks again for your time, I've followed your instructions and copied the filepath into the "field" box on the Virustotal page and sent the file yesterday afternoon. I didn't get any response back by midnight so I repeated the process and sent it again. I got a "splash" screen momentarily which said that it had been sent. I left it running all night but there was still no response back when I got up this morning.

Have I done something wrong?

My computer doesn't appear to be redirecting me now and the "rundell32.exe" shutdown window is no longer there when I turn the computer off. The computer seems to be running OK, though a little slow with a bit of surging.

Thanks once again for your time and help Vick.


Kind Regards,

Thomas
thomasanthony is offline  
Old 08-15-2011, 05:10 AM   #6
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

We are not quite done yet.

Virustotal shouldn't take very long. Approx 5-15mins depending on the file size.

Let's use another scanner this time:

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

Please go Jotti's Scan
There is a field to add the filepath under "Upload a file". Please browse to this filepath:

c:\windows\system32\MFC42ENUJ.dll

Then hit " Submit File"

The scan will take a while before the result comes up so please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now
Once the result is out, copy and paste the link to the results page in your next reply.

--------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
c:\program files\common files\ajusyje.bat
c:\program files\common files\yrogymu.exe
Save this as CFScript.txt, in the same location as ComboFix.exe




ComboFix may request an update; please allow it.
Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

--------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

--------
Vick is offline  
Old 08-15-2011, 08:15 AM   #7
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

The browsed file submitted to Jotti's scan came back as the file is empty (0 bytes). When I held the cursor over the file it indicated that its size was (67.0 KB),created 08/08/2011.

Please find the attached new Combofix Log and also the Text File you requested.

I don't know why, but after running Combofix, I appear to have two loose (non-highlighted) files on the desktop. One is a "word" document and the other is from my engineering files. Not sure why this has happened?

The word document one actually states:- "Word cannot start the convertor mswrd632.wpc" when trying to open.

I don't know whether this information is of any relevance to you, but thought that I had better mention it, just in case.

Thanks again Vick.

Kind Regards,

Thomas.


ComboFix 11-08-15.07 - THOMAS DAVIES 15/08/2011 15:22:36.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1314 [GMT 1:00]
Running from: c:\documents and settings\THOMAS DAVIES\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\THOMAS DAVIES\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\program files\common files\ajusyje.bat"
"c:\program files\common files\yrogymu.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\common files\ajusyje.bat
c:\program files\common files\yrogymu.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-11 18:55 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-08-11 18:54 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-08-11 18:53 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-08-11 18:52 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-08-11 18:51 . 2001-08-17 21:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-08-11 18:50 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-08-11 18:49 . 2008-04-13 23:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-08-11 18:48 . 2001-08-17 12:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-08-11 18:47 . 2001-08-17 11:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2011-08-11 18:46 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-08-11 18:45 . 2001-08-17 21:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-08-11 18:44 . 2001-08-17 21:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-08-11 18:43 . 2001-08-17 11:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-08-11 18:42 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-08-11 18:42 . 2008-04-13 23:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-08-11 18:42 . 2008-04-13 23:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-08-11 18:42 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-08-11 18:42 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-08-11 18:42 . 2008-04-13 23:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-08-11 18:42 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-08-11 18:42 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-08-11 18:42 . 2008-04-13 23:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-08-11 18:42 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-08-11 18:42 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-08-11 18:42 . 2001-08-17 12:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-08-11 18:42 . 2001-08-17 12:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-08-11 18:40 . 2001-08-17 12:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-08-11 18:39 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-08-11 18:38 . 2001-08-17 12:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-08-11 18:37 . 2001-08-17 21:36 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-08-11 18:36 . 2001-08-17 21:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2011-08-11 18:35 . 2001-08-17 11:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2011-08-11 18:34 . 2001-08-17 12:46 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2011-08-11 18:33 . 2001-08-17 12:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-08-11 18:32 . 2001-08-17 11:11 24648 -c--a-w- c:\windows\system32\dllcache\dfe650.sys
2011-08-11 18:31 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2011-08-11 18:30 . 2001-08-17 21:36 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-08-11 18:29 . 2001-08-17 21:36 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll
2011-08-11 18:28 . 2001-08-17 12:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-08-11 18:27 . 2001-08-17 13:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-08-11 18:27 . 2001-08-17 11:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-08-11 18:27 . 2001-08-17 12:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-08-11 18:27 . 2001-08-17 13:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-08-11 18:27 . 2008-04-13 23:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2011-08-11 18:27 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-08-11 15:04 . 2011-08-11 15:04 388096 ----a-r- c:\documents and settings\THOMAS DAVIES\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-11 15:03 . 2011-08-11 15:03 -------- d-----w- c:\program files\Trend Micro
2011-08-10 00:21 . 2011-08-10 00:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-09 10:59 . 2011-08-09 10:59 -------- d-----w- c:\documents and settings\THOMAS DAVIES\Application Data\ElevatedDiagnostics
2011-08-09 00:19 . 2011-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-08 14:19 . 2011-08-08 14:19 68608 --sha-r- c:\windows\system32\MFC42ENUJ.dll
2011-07-16 23:56 . 2011-07-16 23:56 -------- d-----w- c:\documents and settings\THOMAS DAVIES\Application Data\Canneverbe Limited
2011-07-16 23:56 . 2011-07-16 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2011-07-16 23:56 . 2011-07-16 23:56 -------- d-----w- c:\program files\CDBurnerXP
2011-07-16 23:56 . 2009-11-12 13:48 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-07-16 23:50 . 2011-07-16 23:50 5015880 ----a-w- c:\program files\cdbxp_setup_4.3.8.2568.exe
2011-07-16 22:26 . 2005-01-28 12:44 5525504 ----a-w- c:\windows\system32\setb5.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-10 19:59 . 2009-11-27 17:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-15 13:29 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-12 14:01 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52 . 2008-10-23 14:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 18:52 . 2008-10-23 14:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2006-11-19 02:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2004-08-12 13:58 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-12 13:57 389120 ----a-w- c:\windows\system32\html.iec
2011-06-21 07:42 . 2011-06-07 08:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 18:14 . 2009-10-03 09:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 20:47 . 2010-09-08 20:47 3468472 ----a-w- c:\program files\winamp3.exe
2004-09-20 10:19 . 2004-11-16 21:19 176832 ----a-w- c:\program files\FixWelch.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminder"="c:\documents and settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe" [2009-06-26 825152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-09 652528]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\KIM DAVIES\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
.
c:\documents and settings\THOMAS DAVIES\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-10-26 42168]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-11 13:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twpR64.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [07/09/2010 19:38 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 17:17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 17:17 67664]
R1 SSHDRV58;SSHDRV58;c:\windows\system32\drivers\SSHDRV58.sys [19/11/2006 05:10 33792]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [14/09/2010 21:36 116608]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [17/05/2010 14:24 308592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/08/2009 16:22 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [07/09/2010 19:38 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [07/09/2010 19:38 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [11/08/2010 01:58 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [11/08/2010 01:58 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/08/2010 01:58 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/08/2010 01:58 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 01:58 88736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 twpR64;UDP netbios mapping;\??\c:\windows\system32\twpR64.sys --> c:\windows\system32\twpR64.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/12/2009 17:53 135664]
S2 twpR32;UDP32 netbios mapping;\??\c:\windows\system32\twpR64.sys --> c:\windows\system32\twpR64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21/12/2009 17:53 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 01:58 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/08/2010 01:58 84488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 17:17 12872]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-15 08:43]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 16:53]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 16:53]
.
2011-08-15 c:\windows\Tasks\User_Feed_Synchronization-{D90196F7-2C27-4B51-957D-9179BED91B8C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
2011-08-15 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: &Save Image to Folder - c:\program files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
IE: &Save Image to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/saveimages.html
IE: &Save Link to Folder - c:\program files\AskBar\bar\bin\askBar.dll/saveltof.html
IE: &Save Link to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/savelink.html
IE: &Save Page to Folder... - c:\program files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
IE: &Save this Page to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/savewebpage.html
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-15 15:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-602609370-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-08-15 15:40:15
ComboFix-quarantined-files.txt 2011-08-15 14:40
ComboFix2.txt 2011-08-14 12:06
.
Pre-Run: 81,229,389,824 bytes free
Post-Run: 81,323,716,608 bytes free
.
- - End Of File - - CB9093E95E7D74E501565211DA690FBA







TEXT FILE.

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe® Photoshop® Album Starter Edition 3.0.1
aiofw
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar for Internet Explorer
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom Gigabit Integrated Controller
CCleaner (remove only)
CDBurnerXP
center
Chinese Traditional Fonts Support For Adobe Reader 9
ClearType Tuning Control Panel Applet
Dell Driver Download Manager
Dell Media Experience
Dell ResourceCD
Dell Solution Center
DellConnect
Digital Locker Assistant
Driver Detective
Driving Test Success 2005/6
eBay Toolbar
EPSON Printer Software
FinePixViewer Ver.4.2
Football Manager 2005
FUJIFILM USB Driver
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
ImageMixer VCD/DVD2 for OLYMPUS
ImageMixer VCD2 for FinePix
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Japanese Fonts Support For Adobe Reader 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KODAK AiO Home Centre
ksDIP
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee SecurityCenter
Media Library Management Wizard
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Works 7.0
MicroStaff WINASPI
MobileMe Control Panel
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MP3Downloading P2P 2.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
OLYMPUS Master
OpenOffice.org Installer 1.0
Personal License Update Wizard for Windows Media Player
PIF DESIGNER2.0
Plus! MP3 Audio Converter LE
PowerDVD 5.1
PreReq
QuickTime
RAW FILE CONVERTER LE
Rhapsody Player Engine
Safari
SAGEM [email protected] 800-840
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoulSeek 157 NS 13e
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Steinberg Cubase v4.1.3
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp3 (remove only)
Windows Essentials Media Codec Pack 2.2c
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
WordWeb
Yahoo! Toolbar
thomasanthony is offline  
Old 08-15-2011, 01:31 PM   #8
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

What you mean by 2 loose non highlighted files? You mean you can't open the files?

-------

I am not sure why Jotti's Scan came up with empty files.

-------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A text file should open. Please post the contents of that file in your next reply.
Vick is offline  
Old 08-15-2011, 05:23 PM   #9
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

Sorry - initial panic over, the two files that I was referring to only appeared on the desktop after following your instructions regarding changing the settings for "hidden files and folders" and unchecking "hide file extension for known file types".

I was unsure as to whether or not the above should stay "unticked" after carrying out your last instructions for the jotti scan and Combofix scan, so I returned them to their original settings just in case. It was only then that I realised that they had dissapeared and all went back to normal. They do reappear, but only if or when the settings are changed.

Sorry if I didn't explain the situation very well regarding the un-highlighted files, it was just that they remained dull in appearance to everything else on the desktop. Yes they can be opened, one is an just an engineering diagnotic fuse chart and the other one just gives a message window explained in my last post.

I'm a bit puzzled too regarding the jotti zero scan result, but it does say if you hover the cursor over the file that it contains (67.0 KB) I have checked the file again for confirmation.

Please find attached the attached text file as requested.

Thanks again Vick,

Kind Regards,

Thomas



TEXT FILE

2011-08-15 14:22:32 . 2011-08-15 14:22:32 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2011-08-14 12:05:02 . 2011-08-14 12:05:02 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-twpR32.sys.reg.dat
2011-08-14 12:05:02 . 2011-08-14 12:05:02 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-TDSSpqlt.sys.reg.dat
2011-08-14 12:04:45 . 2011-08-14 12:04:45 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-YeppStudioAgent.reg.dat
2011-08-14 11:49:42 . 2011-08-14 11:49:42 868 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.reg.dat
2011-08-14 11:49:28 . 2011-08-15 14:32:21 7,669 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-08-14 11:41:54 . 2011-08-15 14:21:22 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2008-10-23 12:48:51 . 2008-10-23 12:48:51 4,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp.reg.vir
2008-10-21 10:23:53 . 2008-10-21 10:23:53 16,479 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\ajusyje.bat.vir
2008-10-21 10:23:53 . 2008-10-21 10:23:53 12,979 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\yrogymu.exe.vir
2007-12-13 19:53:31 . 2008-10-15 13:25:00 61,224 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\THOMAS DAVIES\GoToAssistDownloadHelper.exe.vir
2006-11-19 04:41:37 . 2001-11-26 18:14:00 24,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rnaph.dll.vir
1998-01-12 08:00:00 . 1998-01-12 08:00:00 40,448 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\regobj.dll.vir
thomasanthony is offline  
Old 08-16-2011, 03:07 AM   #10
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

Quote:
Sorry - initial panic over
No more panic

------

I asked you to unhide the file setting because the file we were uploading had a hidden attribute which means you can't see it unless you unhide it. So, that's the reason I asked to unhide. One way or other, when we uninstall Combofix, it will automatically hides all files with hidden attributes.

------

About the Virustotal / jotti scan, it appears that the file is malware related and thus blocking the scanner to avoid getting scan. In another word, simply trying to escape from getting nailed
We will remove the file shortly.

------

P2P - I see you have P2P software ( SoulSeek 157 NS 13e ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
References for the risk of these programs are here and here.


I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

-------

Click > Start > Control Panel > Add or Remove Programs and uninstall the following programs (if they exist):

Viewpoint Media Player---Refer here
Ask Toolbar for Internet Explorer - Refer to here

-------

Open notepad and copy/paste the text in the quotebox below into it:

Code:
https://www.techsupportforum.com/forums/f50/redirecting-issues-rundll32-exe-and-system-restore-594059.html#post3394497

Collect::
c:\windows\system32\MFC42ENUJ.dll
Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Vick is offline  
Old 08-16-2011, 09:31 AM   #11
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

The two files that you have asked me to check and remove from my PC - Viewpoint Media Player andAsk Toolbar for Internet Explorer are in fact located as you say in add/remove programs.

I have managed to remove the Viewpoint Media Player by simply selecting the remove tab, however, the Ask Toolbar for Internet Explorer is proving to be much more difficult. When I actually select remove from add/remove programs, I get the following window uninstall message appear:-

UNINSTALL - File - "C:\Program Files\Askbar\unins000.dat" does not exist. Cannot Uninstall.

On opening the Askbar file, It would appear that the uninstall file to the program is missing, so my add/remove program is unable to uninstall it. Can you advise me how to uninstall this, I have tried a third party uninstaller and CCleaner but to no avail, I get the same message.

Also, over the past two days I have had a McAfee warning window several times "Potentially Unwanted Program Blocked" asking me to either remove, allow or close.

McAfee has quarantined the file named:

NAME - Tool-NirCmd

Quarantined From C:\System Volume Information\_restore(0DE99772-22C6-47AA-888C-78A9DDC58130)RP22\A0007390.exe

Whilst this has been quarantined, I have just left it where it is until you advise in case it is part of any of the programs that we have been using. i.e., Combofix etc and is still needed.

Thank you for the warning regarding the P2P software. Unfortunately Vick, this is a family computer used by all the family. It is a program that my son has aparently downloaded and used. He tells me that everything he downloads from this site that he runs a scan on it before he opens it. Not sure how accurate his statement is? Actually Vick, he has just bought a new MAC computer he is just setting up, so this lot along with all his other files will be coming off my computer very soon.

Thank you once again for your help Vick.

Please find the new Combofix log as requested.

Kind Regards,

Thomas

ComboFix 11-08-16.02 - THOMAS DAVIES 16/08/2011 13:51:43.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1432 [GMT 1:00]
Running from: c:\documents and settings\THOMAS DAVIES\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\THOMAS DAVIES\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
file zipped: c:\windows\system32\MFC42ENUJ.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\MFC42ENUJ.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-11 18:35 . 2001-08-17 11:19 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2011-08-11 18:35 . 2001-08-17 21:36 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe
2011-08-11 18:35 . 2001-08-17 21:36 51200 -c--a-w- c:\windows\system32\dllcache\eqnlogr.exe
2011-08-11 18:35 . 2001-08-17 21:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-08-11 18:35 . 2001-08-17 11:17 629952 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2011-08-11 18:35 . 2001-08-17 12:50 114944 -c--a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-08-11 18:35 . 2001-08-17 11:12 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2011-08-11 18:35 . 2001-08-17 12:50 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys
2011-08-11 18:33 . 2001-08-17 12:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-08-11 18:32 . 2001-08-17 11:11 24648 -c--a-w- c:\windows\system32\dllcache\dfe650.sys
2011-08-11 18:31 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2011-08-11 18:30 . 2001-08-17 21:36 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-08-11 18:29 . 2001-08-17 21:36 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll
2011-08-11 18:28 . 2001-08-17 12:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-08-11 18:27 . 2001-08-17 13:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-08-11 18:27 . 2001-08-17 11:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-08-11 18:27 . 2001-08-17 12:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-08-11 18:27 . 2001-08-17 13:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-08-11 18:27 . 2008-04-13 23:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2011-08-11 15:04 . 2011-08-11 15:04 388096 ----a-r- c:\documents and settings\THOMAS DAVIES\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-11 15:03 . 2011-08-11 15:03 -------- d-----w- c:\program files\Trend Micro
2011-08-10 00:21 . 2011-08-10 00:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-09 10:59 . 2011-08-09 10:59 -------- d-----w- c:\documents and settings\THOMAS DAVIES\Application Data\ElevatedDiagnostics
2011-08-09 00:19 . 2011-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-10 19:59 . 2009-11-27 17:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-16 23:50 . 2011-07-16 23:50 5015880 ----a-w- c:\program files\cdbxp_setup_4.3.8.2568.exe
2011-07-15 13:29 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-12 14:01 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52 . 2008-10-23 14:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 18:52 . 2008-10-23 14:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 14:10 . 2006-11-19 02:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2004-08-12 13:58 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-12 13:57 389120 ----a-w- c:\windows\system32\html.iec
2011-06-21 07:42 . 2011-06-07 08:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 18:14 . 2009-10-03 09:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 20:47 . 2010-09-08 20:47 3468472 ----a-w- c:\program files\winamp3.exe
2004-09-20 10:19 . 2004-11-16 21:19 176832 ----a-w- c:\program files\FixWelch.exe
.
.
((((((((((((((((((((((((((((( [email protected]_14.37.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-16 13:07 . 2011-08-16 13:07 16384 c:\windows\Temp\Perflib_Perfdata_2d8.dat
+ 2011-08-16 13:07 . 2011-08-16 13:07 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
+ 2006-11-19 02:20 . 2011-08-15 19:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-19 02:20 . 2011-08-15 13:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-19 02:20 . 2011-08-15 19:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-11-19 02:20 . 2011-08-15 13:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-15 23:46 . 2011-08-15 19:40 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-08-14 15:57 . 2011-08-15 13:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminder"="c:\documents and settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe" [2009-06-26 825152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-09 652528]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\KIM DAVIES\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
.
c:\documents and settings\THOMAS DAVIES\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-10-26 42168]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-11 13:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twpR64.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [07/09/2010 19:38 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 17:17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 17:17 67664]
R1 SSHDRV58;SSHDRV58;c:\windows\system32\drivers\SSHDRV58.sys [19/11/2006 05:10 33792]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [14/09/2010 21:36 116608]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [17/05/2010 14:24 308592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/08/2009 16:22 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [07/09/2010 19:38 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [07/09/2010 19:38 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [11/08/2010 01:58 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [11/08/2010 01:58 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/08/2010 01:58 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/08/2010 01:58 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 01:58 88736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 twpR64;UDP netbios mapping;\??\c:\windows\system32\twpR64.sys --> c:\windows\system32\twpR64.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/12/2009 17:53 135664]
S2 twpR32;UDP32 netbios mapping;\??\c:\windows\system32\twpR64.sys --> c:\windows\system32\twpR64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21/12/2009 17:53 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/08/2010 01:58 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/08/2010 01:58 84488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 17:17 12872]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-08-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-15 08:43]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 16:53]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 16:53]
.
2011-08-16 c:\windows\Tasks\User_Feed_Synchronization-{D90196F7-2C27-4B51-957D-9179BED91B8C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
2011-08-16 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: &Save Image to Folder - c:\program files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
IE: &Save Image to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/saveimages.html
IE: &Save Link to Folder - c:\program files\AskBar\bar\bin\askBar.dll/saveltof.html
IE: &Save Link to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/savelink.html
IE: &Save Page to Folder... - c:\program files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
IE: &Save this Page to MyStuff - c:\program files\AskBar\bar\bin\askBar.dll/savewebpage.html
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-16 14:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-602609370-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~2\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-16 14:15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-16 13:15
ComboFix2.txt 2011-08-15 14:40
ComboFix3.txt 2011-08-14 12:06
.
Pre-Run: 81,231,613,952 bytes free
Post-Run: 81,262,104,576 bytes free
.
- - End Of File - - 76D03D1396E1CFB98101A3BDF0859212
Upload was successful
thomasanthony is offline  
Old 08-16-2011, 12:57 PM   #12
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

Let's use Revo Uninstaller to remove the Ask Toolbar.

Please download 30days trial version of Revo Uninstaller and save to your desktop. Double click on the saved file to install the program.

Double click the program to run and it will list all the programs from Add/Remove Programs. Select:
Ask Toolbar for Internet Explorer

Click Uninstall and follow the prompts. Remove all the left over files, folders and registry items.

Note: If you still can't uninstall, you may need to download the toolbar and then uninstall the program.

-------

The file that McAfee quarantine is from system restore where Windows keeps old system restore points. It won't infect your system unless you run a system restore. We shall delete it when we uninstall Combofix later.

--------

Next, we will need to run MBAM, it is a quick scanner which scan for active infection.
  • Please double click Malwarebytes' Anti-Malware icon and launch the program. Go to Update tab, check for updates and download it.
  • Once the updates is completed, go to scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

-------

I am still concern about 2 files on your system.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *twpR64.sys*
    *twpR32.dll*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
Vick is offline  
Old 08-17-2011, 05:39 AM   #13
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

Managed to uninstall the Ask Toolbar and associated files as instructed, but did have to download a new Ask Toolbar before Revo could uninstall it as you said.

Ran MBAM, please find attached results below. It came up clear so didn't have to remove anything.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7484
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
17/08/2011 12:08:19
mbam-log-2011-08-17 (12-08-19).txt
Scan type: Quick scan
Objects scanned: 200345
Time elapsed: 3 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

-----------------------------

Regarding your concern about the other two files.

I downloaded the the SystemLook and followed your instructions but it came back with the following results:-

SystemLook 30.07.11 by jpshortstuff
Log created at 12:45 on 17/08/2011 by THOMAS DAVIES
Administrator - Elevation successful
========== filefind ==========
Searching for "*twpR64.sys*"
No files found.
Searching for "*twpR32.dll*"
No files found.
-= EOF =-

Following the above result, I did a search for the files to see if they were still on the computer. It did find the two files as being located in:-

C:\Documents and Settings\THOMAS DAVIES\Local Settings\Temporary Internet Files

I then looked manually for these files in the location above to reveal the following:-

Internet Address

https://translate.googleapis.com/translate_a/st?client=tb&format=text&hl=en&q=twpR32.dll&tl=en&tt=w&v=2.0


https://translate.googleapis.com/translate_a/st?client=tb&format=text&hl=en&q=twpR64.sys&tl=en&tt=w&v=2.0

Vick, I am somewhat puzzled as to why there is such a hugh amount of Tempory Internet Files at this location when I frequently clear them out using Tools> Delete Browsing History> Temporary Internet Files > Cookies> History> Form Data> and Passwords.

I don't know if all the above info. on the two files is of any help.

Thanks again.

Kind Regards,

Thomas
thomasanthony is offline  
Old 08-17-2011, 12:56 PM   #14
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

Please post a new DDS log as you did in post 1.

-----

It appears both the files are not on your system. The address appears to be suspicious especially when it prompts me to download the file.
We will clear that shortly.

The Temporary Internet Files (or cache) folder contains Web page content that is stored on your hard disk for quick viewing. This cache permits Internet Explorer or MSN Explorer to download only the content that has changed since you last viewed a Web page, instead of downloading all the content for a page every time it is displayed. Saying that, you can end up with hundreds of files within minutes of surfing.

-----

It's important to run an online scan to search for remnants. It can take some time to complete, so please be patient and allow it to run the full course.
Ensure your external and/or USB drives are inserted during the scan.
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
Vick is offline  
Old 08-18-2011, 06:33 AM   #15
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

Thanks for the explanation regarding the Temporary Internet Files, you make it all sound so simple. The computer seems to be running fine at the moment with no redirects or rundll32.exe problems on shutdown. However, after running the scans etc late last night, on turning the computer on this morning I received an error message, I don't know what this is, but thought I had better send it to you just in case it was important.

DELIVERY MANAGER SERVICE.

Error Signature.

sZAppName:KService.exe sZAppVer.5.12.707.160

sZModName:KService.exe sZModVer:5.12.707.160offset:0021215a

ERROR REPORT CONTENTS.

C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\WERecf9.dir00\KService.exe.mdmp

C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\WERecf9.dir00\appcompat.txt

Vick, I do have an external hard drive (ClickFree) for storage of important work\personal files and photographs. This is not connected to the computer all the time, only when I want to transfer any important data\information. Basically, its only a backup in case the computer ever goes down completely and to save losing all my information.

I did plug it in via a USB port prior to running the ESET scan as you said, but for some reason it appears not to have included it in the scan. This morning when I checked the (clickfree), it didn't autorun as it normally does, so I then checked my other USB flash memory pens etc, they are pretty much the same, no autorun function. The devices are being recognised and I can access them manually, but they no longer autorun via the option window as they normally would.

Please find the attached logs as requested.

Thanks again for all your time, I am very grateful.

Kind Regards,

Thomas.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by THOMAS DAVIES at 23:05:11 on 2011-08-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1581 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\WordWeb\wweb32.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.talktalk.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~2\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110514081519.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~2\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~2\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {464D5661-3E12-415B-8DF1-8D986745149F} - No File
uRun: [SacReminder] c:\documents and settings\all users\application data\officeguardian\reminder\SacReminder.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Conime] %windir%\system32\conime.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\thomas~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\thomas~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1252519910454
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223231100192
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5F8F1FE8-E155-40F7-A711-C9D492D2C17D} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~2\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~2\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-7 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67664]
R1 SSHDRV58;SSHDRV58;c:\windows\system32\drivers\SSHDRV58.sys [2006-11-19 33792]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-9-14 116608]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-5 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-11 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-11 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-11 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-11 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-29 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-11 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-11 88736]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 twpR64;UDP netbios mapping;\??\c:\windows\system32\twpr64.sys --> c:\windows\system32\twpR64.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S2 twpR32;UDP32 netbios mapping;\??\c:\windows\system32\twpr64.sys --> c:\windows\system32\twpR64.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\thomas~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\thomas~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-29 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-11 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-11 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-29 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-29 40552]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-16 27064]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
.
=============== Created Last 30 ================
.
2011-08-16 22:37:17 -------- d-----w- c:\documents and settings\thomas davies\local settings\application data\VS Revo Group
2011-08-16 22:36:48 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-16 22:36:46 -------- d-----w- c:\program files\VS Revo Group
2011-08-14 11:43:56 -------- d-sha-r- C:\cmdcons
2011-08-14 11:42:02 98816 ----a-w- c:\windows\sed.exe
2011-08-14 11:42:02 518144 ----a-w- c:\windows\SWREG.exe
2011-08-14 11:42:02 256000 ----a-w- c:\windows\PEV.exe
2011-08-14 11:42:02 208896 ----a-w- c:\windows\MBR.exe
2011-08-11 18:55:57 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-08-11 18:54:59 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-08-11 18:53:59 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-08-11 18:52:59 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-08-11 18:51:59 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-08-11 18:50:58 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-08-11 18:49:56 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-08-11 18:48:57 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-08-11 18:47:59 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2011-08-11 18:46:57 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-08-11 18:45:57 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-08-11 18:44:57 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-08-11 18:43:57 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-08-11 18:42:54 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-08-11 18:42:47 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-08-11 18:42:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-08-11 18:42:42 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-08-11 18:42:36 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-08-11 18:42:35 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-08-11 18:42:26 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-08-11 18:42:23 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-08-11 18:42:21 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-08-11 18:42:15 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-08-11 18:42:13 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-08-11 18:42:08 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-08-11 18:42:03 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-08-11 18:40:59 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-08-11 18:39:59 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-08-11 18:38:46 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-08-11 18:37:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2011-08-11 18:36:57 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2011-08-11 18:35:59 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2011-08-11 18:34:59 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2011-08-11 18:33:59 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-08-11 18:32:59 24648 -c--a-w- c:\windows\system32\dllcache\dfe650.sys
2011-08-11 18:31:59 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2011-08-11 18:30:59 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-08-11 18:29:59 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll
2011-08-11 18:28:59 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-08-11 18:27:59 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-08-11 18:27:59 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-08-11 18:27:58 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-08-11 18:27:57 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-08-11 18:27:56 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2011-08-11 18:27:33 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-08-11 15:04:00 388096 ----a-r- c:\documents and settings\thomas davies\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-11 15:03:58 -------- d-----w- c:\program files\Trend Micro
2011-08-10 00:21:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-10 00:21:30 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-09 10:59:02 -------- d-----w- c:\documents and settings\thomas davies\application data\ElevatedDiagnostics
2011-08-09 00:19:26 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
.
==================== Find3M ====================
.
2011-08-10 19:59:15 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-16 23:50:27 5015880 ----a-w- c:\program files\cdbxp_setup_4.3.8.2568.exe
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
2011-06-21 07:42:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 20:47:48 3468472 ----a-w- c:\program files\winamp3.exe
2004-09-20 10:19:13 176832 ----a-w- c:\program files\FixWelch.exe
.
============= FINISH: 2329.81 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 07/09/2010 17:31:02
System Uptime: 17/08/2011 17:20:45 (6 hours ago)
.
Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 75.254 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 229 GiB total, 111.128 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X300 Series Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 Series Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108
Service: ati2mtag
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10416D21&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10416D21&0&08F0
Service:
.
==== System Restore Points ===================
.
RP1: 08/08/2011 15:30:04 - System Checkpoint
RP2: 09/08/2011 10:41:31 - Removed Windows Defender
RP3: 09/08/2011 10:57:17 - Installed Windows Defender
RP4: 09/08/2011 11:00:50 - Installed Windows Defender
RP5: 09/08/2011 11:57:34 - Installed %1 %2.
RP6: 09/08/2011 12:05:43 - Installed Windows Defender
RP7: 09/08/2011 22:08:27 - Software Distribution Service 3.0
RP8: 09/08/2011 22:09:50 - Installed Windows NLSDownlevelMapping.
RP9: 09/08/2011 22:10:18 - Installed Windows IDNMitigationAPIs.
RP10: 09/08/2011 22:10:35 - Installed Windows Internet Explorer 7.
RP11: 09/08/2011 22:10:48 - Software Distribution Service 3.0
RP12: 09/08/2011 23:17:35 - Software Distribution Service 3.0
RP13: 10/08/2011 01:11:18 - 6 august 2011
RP14: 10/08/2011 01:21:00 - Restore Operation
RP15: 10/08/2011 01:52:36 - Installed Windows Defender
RP16: 10/08/2011 08:02:54 - Software Distribution Service 3.0
RP17: 10/08/2011 20:56:38 - Installed Ad-Aware
RP18: 10/08/2011 20:56:51 - Installed Ad-Aware
RP19: 11/08/2011 09:18:32 - Installed Windows Defender
RP20: 11/08/2011 16:03:57 - Installed HiJackThis
RP21: 13/08/2011 15:17:31 - System Checkpoint
RP22: 14/08/2011 09:25:23 - Removed Ad-Aware
RP23: 14/08/2011 15:27:49 - Installed Windows Defender
RP24: 15/08/2011 20:34:33 - System Checkpoint
RP25: 16/08/2011 23:41:21 - Revo Uninstaller Pro's restore point - Ask Toolbar for Internet Explorer
RP26: 16/08/2011 23:43:42 - Revo Uninstaller Pro's restore point - Ask Toolbar for Internet Explorer
RP27: 16/08/2011 23:44:27 - Revo Uninstaller Pro's restore point - Ask Toolbar for Internet Explorer
RP28: 16/08/2011 23:50:31 - Installed Ask Toolbar.
RP29: 17/08/2011 00:01:45 - Revo Uninstaller Pro's restore point - Ask Toolbar for Internet Explorer
RP30: 17/08/2011 00:09:14 - Revo Uninstaller Pro's restore point - Ask Toolbar
RP31: 17/08/2011 00:10:23 - Revo Uninstaller Pro's restore point - Ask Toolbar
RP32: 17/08/2011 00:10:35 - Removed Ask Toolbar.
RP33: 17/08/2011 00:12:11 - Revo Uninstaller Pro's restore point - EPSON Printer Software
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe® Photoshop® Album Starter Edition 3.0.1
aiofw
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom Gigabit Integrated Controller
CCleaner (remove only)
CDBurnerXP
center
Chinese Traditional Fonts Support For Adobe Reader 9
ClearType Tuning Control Panel Applet
Dell Driver Download Manager
Dell Media Experience
Dell ResourceCD
Dell Solution Center
DellConnect
Digital Locker Assistant
Driver Detective
Driving Test Success 2005/6
eBay Toolbar
FinePixViewer Ver.4.2
Football Manager 2005
FUJIFILM USB Driver
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
ImageMixer VCD/DVD2 for OLYMPUS
ImageMixer VCD2 for FinePix
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Japanese Fonts Support For Adobe Reader 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KODAK AiO Home Centre
ksDIP
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee SecurityCenter
Media Library Management Wizard
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Works 7.0
MicroStaff WINASPI
MobileMe Control Panel
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MP3Downloading P2P 2.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
OLYMPUS Master
OpenOffice.org Installer 1.0
Personal License Update Wizard for Windows Media Player
PIF DESIGNER2.0
Plus! MP3 Audio Converter LE
PowerDVD 5.1
PreReq
QuickTime
RAW FILE CONVERTER LE
Revo Uninstaller Pro 2.5.3
Rhapsody Player Engine
Safari
SAGEM [email protected] 800-840
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoulSeek 157 NS 13e
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Steinberg Cubase v4.1.3
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp3 (remove only)
Windows Essentials Media Codec Pack 2.2c
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
WordWeb
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
14/08/2011 12:56:30, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
12/08/2011 08:19:03, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/08/2011 21:04:55, error: Service Control Manager [7022] - The KService service hung on starting.
10/08/2011 21:03:52, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified.
10/08/2011 10:04:58, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/08/2011 07:57:59, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001111B104D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=28c4fdc60a73a845bf40a3000d08294a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-18 01:21:07
# local_time=2011-08-18 02:21:07 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 544774 544774 0 0
# compatibility_mode=5121 16777189 100 75 8262430 42878332 0 0
# compatibility_mode=8192 67108863 100 0 238 238 0 0
# scanned=436134
# found=2
# cleaned=0
# scan_time=10657
C:\Program Files\cdbxp_setup_4.3.8.2568.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
F:\RESOURCE_CD (D)\HDDUTIL\FORMAT\FORMATC.BAT BAT/FormatC trojan (unable to clean) 00000000000000000000000000000000
thomasanthony is offline  
Old 08-19-2011, 05:34 AM   #16
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

Please post the content of this file:
c:\documents and settings\thomas davies\local settings\Temp\WERecf9.dir00\appcompat.txt

-----

Regarding the autorun no working, try if this works:
  • Open Windows Explorer by pressing the Windows + "e" key.
  • Right-click the desired external hard disk/USB and select Properties from the menu.
  • Select the AutoPlay tab.
  • Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.
  • Select OK.

----

One of the scan results from ESET might be false positive. Let's confirm that before removing the file.

Please ensure, your external drive is connected before following the instruction below:

Please go Virustotal
There is a field to add the filepath under "Upload a file". Please copy and paste this filepath:

F:\RESOURCE_CD (D)\HDDUTIL\FORMAT\FORMATC.BAT

Then hit " Send file"

The scan will take a while before the result comes up so please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now
Once the result is out, copy and paste the link to the results page in your next reply.

Next, repeat the scan with this file:
C:\Program Files\cdbxp_setup_4.3.8.2568.exe

-----
Vick is offline  
Old 08-19-2011, 08:12 AM   #17
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

The file: c:\documents and settings\thomas davies\local settings\Temp\WERecf9.dir00\appcompat.txt

I have searched everywhere manually to find the above file, but to no avail. I have also tried the computers search facility but this also turns up no results. I have even searched the "ClickFree" backup drive, again no result.

Regarding the "Autorun" facility, I have followed your instructions, but unfortunately this does'nt appear to be able to fix the problem. I have also noticed that autorun does not work on the CD/DVD players either. It does appear that the autorun facility on everything is no longer working.


Please find below the links to the VirusTotal results:-

https://www.virustotal.com/file-scan/report.html?id=b4cfb1d61f6aecde499558ebb7b2026ff2bc66518fc39cac8875eaed9e4095bf-1313762594

https://www.virustotal.com/file-scan/report.html?id=bf0d3a16efcb25b80e0488353b3c3ddbaff6ba5689714637514ba5cc0af99188-1313762398


I am so sorry to be taking up so much of your time Vick, it really is very much appreciated.

Kind Regards,

Thomas
thomasanthony is offline  
Old 08-19-2011, 01:52 PM   #18
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

Nothing to be sorry

------

Regarding the autoplay, let me find another method. Otherwise, I might direct you to XP department.

------

Quote:
DELIVERY MANAGER SERVICE.

Error Signature.

sZAppName:KService.exe sZAppVer.5.12.707.160

sZModName:KService.exe sZModVer:5.12.707.160offset:0021215a

ERROR REPORT CONTENTS.

C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\WERecf9.dir00\KService.exe.mdmp

C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\WERecf9.dir00\appcompat.txt
Are you still having the problem above?
Do you get the error each time you turn the computer on?

I don't think the above issue is a malware related but let me consult my colleagues.

----
Vick is offline  
Old 08-19-2011, 02:11 PM   #19
Security Team
Analyst
 
Join Date: Jan 2008
Location: Queensland, Australia
Posts: 1,479
OS: XP SP3



Hi Thomas,

Please follow the instruction below:
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *Iplayer*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
Vick is offline  
Old 08-19-2011, 04:33 PM   #20
Registered Member
 
Join Date: Aug 2011
Location: United Kingdon
Posts: 26
OS: Windows XP Home Edition SP3



Hi Vick,

Please find the results of the scan as requested.

Kind Regards,

Thomas

SystemLook 30.07.11 by jpshortstuff
Log created at 00:20 on 20/08/2011 by THOMAS DAVIES
Administrator - Elevation successful
========== filefind ==========
Searching for "*Iplayer*"
C:\Documents and Settings\THOMAS DAVIES\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1\Local Store\iPlayer.log --a---- 5128 bytes [15:56 12/05/2009] [22:52 20/02/2010] F8EF67CF8DBDFFF26D354D11E819CA11
C:\Documents and Settings\THOMAS DAVIES\Favorites\BBC TV PROGRAMMES\BBC iPlayer - Home.url --a---- 232 bytes [15:00 07/03/2009] [22:51 15/07/2011] 61C67E91B84CDB9D0990EF81AFFE56B9
C:\Program Files\iTunes\iTunesMiniPlayer.dll --a---- 124200 bytes [14:33 07/03/2011] [14:33 07/03/2011] A2DA1222FA7C5D921CE34E691AF4E7BB
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll --a---- 134944 bytes [14:33 07/03/2011] [14:33 07/03/2011] 333B93558909FF4B5FC90A3F2658B604
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\da.lproj\iTunesMiniPlayerLocalized.dll --a---- 48416 bytes [14:34 07/03/2011] [14:34 07/03/2011] 0C376CAA03486C6C2F14AB96FFDF73E4
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 146F117576769A3A82FB326F71990F10
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll --a---- 48416 bytes [14:33 07/03/2011] [14:33 07/03/2011] 368B9D2A2DF8EA48BCCFE6D1CCA1B0EE
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en_GB.lproj\iTunesMiniPlayerLocalized.dll --a---- 48416 bytes [14:34 07/03/2011] [14:34 07/03/2011] C813F5154936B3209FBE213843CDB108
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\es.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 5165D092DACEB334D481C45942143D4D
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fi.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 999FBA1B44DC20E5C3B63517919D4F24
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 79C52FBCFC386B7182AB56A525DB1E13
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\it.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 527AFF188755DA380DB8BB40BC11F98A
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ja.lproj\iTunesMiniPlayerLocalized.dll --a---- 48416 bytes [14:34 07/03/2011] [14:34 07/03/2011] 5340796739B5DACB22FFAC5E49A76599
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ko.lproj\iTunesMiniPlayerLocalized.dll --a---- 48416 bytes [14:34 07/03/2011] [14:34 07/03/2011] 7918FF23653E3F074605F1000710F7D0
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nb.lproj\iTunesMiniPlayerLocalized.dll --a---- 48416 bytes [14:34 07/03/2011] [14:34 07/03/2011] 3C83DF1CF9018B2F645678020FEC8F22
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 0C588D8D80E4373E37F333A323FF5249
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pl.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 91C7E3DB854AD7915638CF02C15D2B90
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] E3B24A64DF25CD6F59046DE44DA3A2A7
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 629B9B2A784BE83985280DEEBABB7B4B
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ru.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 1C43A159D540158299C38C04FDB2A320
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\sv.lproj\iTunesMiniPlayerLocalized.dll --a---- 48928 bytes [14:34 07/03/2011] [14:34 07/03/2011] 565AAF775AB0375EB78146C280AF9AB1
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_CN.lproj\iTunesMiniPlayerLocalized.dll --a---- 48416 bytes [14:34 07/03/2011] [14:34 07/03/2011] 666943705F5861911D9815EE2632E433
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_TW.lproj\iTunesMiniPlayerLocalized.dll --a---- 48416 bytes [14:34 07/03/2011] [14:34 07/03/2011] 4D3C0D47EC77AB893492138DA6C5A580
-= EOF =-
thomasanthony is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[BSOD] Several Crashes
Frankly I'm a bit stumped, what I've done up to this point was pointless so I'd like to start fresh in finding out what's wrong with my hardware/software. Firstly, the problem at hand is that I'm randomly facing BSODS often times while I'm playing games but I don't think the games have much to...
Devilize BSOD, App Crashes And Hangs 15 08-25-2011 04:42 AM
BSOD Help
I'm a bit of a noob, so I hope I did the correctly. I'm running windows 7. 64 bit. This computer has always had Windows7 on it, and it came with the computer. The computer is 1.5 years old and has always done this. Intel(r) Core(tm)2 Quad CPU [email protected] 2.66GHz 2.67GHz Video Card: Nvidia...
sasarai1987 BSOD, App Crashes And Hangs 4 06-15-2011 11:46 PM
slow running and then just freezes
hello i need some pro help here. i deleted some files out of my vault in my antivirus and now the computer is running slow and sometimes freezes. what can i do? and im new to the world of computers
erionracing Virus/Trojan/Spyware Help 2 04-17-2011 03:46 PM
Driver IRQL Blue Screen - BSOD [moved from Vista/ Windows 7]
As requested, I have made a new post containing the Performance run, and the System Dump files. Also, I'm running Windows 7 32 bit I originally had XP on my machine. Then a while back I switched to Windows 7 Ultimate, after that messed up, I went down to a version of Windows 7 Professional...
Arbiterjim BSOD, App Crashes And Hangs 5 02-23-2011 12:14 AM
Blue Screen [moved from Vista/7]
I don't know much about the pain in the bum Blue Screen but i have it. I was told to get the info from the Blue screen when it came up. Here it is - 0x00000077 (0xc000009d, 0xc000009d, 0x00000000, 0x289f4000) I just don't know where i got go from here lol. Can anyone help? Please :P
Death Keeper 34 BSOD, App Crashes And Hangs 4 02-02-2011 07:44 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:03 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts