|
#1
July 14th, 2011, 09:41 PM
|
|||
|
|||
|
Malware - DDS by sUBs scan results
Hi,
Once again I find myself in front of a PC owned by a teenage relative, once again it's running like a dog (this teenage relative is a boy, I feel he may have been up to no good.....). I expect that the AV and Windows updates are all out of date (an idea of how savvy the user is) However, once again I call on the good people of CTH for assistance. I've run DDS and the scans are attached, all and any assistance would be very welcome. DDS (Ver_2011-07-14.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by user3 at 21:33:03 on 2011-07-14 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.211 [GMT 1:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Documents and Settings\user3\Favorites\qttask.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\System32\DVAPTray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uWindow Title = Packard Bell uSearch Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\video downloader\ArcURLRecord.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUt il.exe -p mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [ATIPTA] c:\ati technologies\ati control panel\atiptaxx.exe mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_05\bin\jusched.exe mRun: [PCMService] "c:\apps\powercinema\PCMService.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtim e.dll,_RunDLLEntry@16 mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [TrayServer] c:\program files\magix\movie_edit_pro_15_plus_download_versio n\TrayServer.exe mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" mRun: [QuickTime Task] "c:\documents and settings\user3\favorites\qttask.exe" -atboottime mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [DVAPTray] c:\windows\system32\DVAPTray.exe mRunOnce: [GrpConv] grpconv.exe -o mRunOnce: [WMC_4] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\msnetobj.dll" mRunOnce: [WMC_12] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\wmspdmod.dll" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\user3\startm~1\programs\startup\pmbmed ~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dev ice~1.lnk - c:\program files\arcsoft\mediaconverter 3\Monitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mca fee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file> IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{96974C3D-870F-4036-B4CB-05C0A0F2B79E} : DHCPNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: ipp - <Clsid value has no data> Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: msdaipp - <Clsid value has no data> Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install IFEO: Your Image File Name Here without a path - ntsd -d Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user3\application data\mozilla\firefox\profiles\18vrb9ra.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4babbc93&v=6.010.006.004&i=23&tp=ab&iy=&ychte=u k&lng=en-GB&q= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\compone nts\xpavgtbapi.dll FF - plugin: c:\documents and settings\user3\favorites\plugins\npqtplugin.dll FF - plugin: c:\documents and settings\user3\favorites\plugins\npqtplugin2.dll FF - plugin: c:\documents and settings\user3\favorites\plugins\npqtplugin3.dll FF - plugin: c:\documents and settings\user3\favorites\plugins\npqtplugin4.dll FF - plugin: c:\documents and settings\user3\favorites\plugins\npqtplugin5.dll FF - plugin: c:\documents and settings\user3\favorites\plugins\npqtplugin6.dll FF - plugin: c:\documents and settings\user3\favorites\plugins\npqtplugin7.dll FF - plugin: c:\documents and settings\user3\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserpl us_2.9.8.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-25 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-25 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-25 243152] R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-3-14 127768] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-14 394952] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-20 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-5-6 1220608] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 947528] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2010-3-25 39984] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336] . =============== Created Last 30 ================ . 2011-07-14 20:24:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 08:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-26 13:30:08 37027 ----a-w- c:\windows\atmoUn.exe 2011-05-06 07:43:11 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2011-04-16 10:22:08 87608 ----a-w- c:\documents and settings\user3\application data\inst.exe 2011-04-16 10:22:08 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2011-04-16 10:22:08 47360 ----a-w- c:\documents and settings\user3\application data\pcouffin.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST3160021A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86F51030] 3 CLASSPNP[0xF75EEFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000087[0x86F8E9E8] 5 ACPI[0xF74E5620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x86FD3D98] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [SI], CH; JL 0x2d; JNZ 0x3b; } user != kernel MBR !!! . ============= FINISH: 21:34:36.09 =============== Last edited by VegasMAK; July 14th, 2011 at 09:43 PM. Reason: additional info 
|
|
#2
July 14th, 2011, 09:42 PM
|
|||
|
|||
|
and the attach log
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-07-14.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 07/10/2008 13:35:27 System Uptime: 14/07/2011 21:19:56 (0 hours ago) Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Socket 478 | 3416/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 143 GiB total, 112.8 GiB free. D: is FIXED (FAT32) - 149 GiB total, 148.901 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP36: 06/03/2011 17:11:39 - System Checkpoint RP37: 09/03/2011 12:54:29 - Software Distribution Service 3.0 RP38: 11/03/2011 16:05:34 - System Checkpoint RP39: 14/03/2011 15:10:39 - Avg Update RP40: 14/03/2011 15:12:21 - Avg Update RP41: 16/03/2011 18:06:12 - Software Distribution Service 3.0 RP42: 18/03/2011 08:39:33 - System Checkpoint RP43: 19/03/2011 16:58:29 - System Checkpoint RP44: 21/03/2011 07:58:21 - System Checkpoint RP45: 23/03/2011 10:58:24 - System Checkpoint RP46: 24/03/2011 09:24:46 - Software Distribution Service 3.0 RP47: 25/03/2011 20:58:48 - System Checkpoint RP48: 28/03/2011 08:54:52 - System Checkpoint RP49: 30/03/2011 10:02:05 - System Checkpoint RP50: 01/04/2011 09:07:42 - System Checkpoint RP51: 03/04/2011 11:39:49 - System Checkpoint RP52: 06/04/2011 09:08:12 - System Checkpoint RP53: 09/04/2011 17:08:36 - System Checkpoint RP54: 13/04/2011 16:26:21 - Software Distribution Service 3.0 RP55: 17/04/2011 14:09:16 - System Checkpoint RP56: 27/04/2011 16:07:08 - Software Distribution Service 3.0 RP57: 30/04/2011 20:29:56 - System Checkpoint RP58: 02/05/2011 13:48:52 - System Checkpoint RP59: 03/05/2011 14:01:19 - System Checkpoint RP60: 04/05/2011 14:03:45 - System Checkpoint RP61: 05/05/2011 14:38:33 - System Checkpoint RP62: 06/05/2011 08:43:19 - Avg Update RP63: 07/05/2011 13:32:07 - System Checkpoint RP64: 08/05/2011 14:00:31 - System Checkpoint RP65: 10/05/2011 12:51:14 - Avg Update RP66: 12/05/2011 09:26:22 - Avg Update RP67: 12/05/2011 09:26:56 - Software Distribution Service 3.0 RP68: 13/05/2011 16:38:25 - System Checkpoint RP69: 14/05/2011 16:38:42 - System Checkpoint RP70: 15/05/2011 17:20:50 - System Checkpoint RP71: 18/05/2011 16:06:29 - System Checkpoint RP72: 20/05/2011 15:23:26 - System Checkpoint RP73: 21/05/2011 15:39:34 - System Checkpoint RP74: 22/05/2011 16:35:21 - System Checkpoint RP75: 24/05/2011 09:08:26 - System Checkpoint RP76: 26/05/2011 08:17:36 - System Checkpoint RP77: 27/05/2011 15:16:17 - System Checkpoint RP78: 28/05/2011 16:25:32 - System Checkpoint RP79: 29/05/2011 18:37:56 - System Checkpoint RP80: 30/05/2011 19:10:35 - System Checkpoint RP81: 01/06/2011 12:15:43 - System Checkpoint RP82: 02/06/2011 13:18:08 - System Checkpoint RP83: 03/06/2011 13:37:13 - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 6.0 ArcSoft MediaConverter 3 ArcSoft MediaImpression 2 ArcSoft Video Downloader AVG Free 9.0 Aztech CNR2900 V.90 Modem Canon Camera Access Library Canon Camera Support Core Library Canon G.726 WMP-Decoder CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities PhotoStitch Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility ConvertXtoDVD 4.0.9.322 Dell Color Printer 725 DVAPTray ffdshow [rev 3026] [2009-07-05] Firebird SQL Server - MAGIX Edition Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_05 MAGIX 3D Maker (embeded) MAGIX Movie Edit Pro 15 Plus Download version 8.6.1.0 (UK) MAGIX Screenshare MAGIX Speed burnR Malwarebytes' Anti-Malware version 1.51.0.1200 McAfee Security Scan Plus Messenger Plus! 3 & Sponsor Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox 4.0.1 (x86 en-GB) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Primo QuickTime Runtime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sonic MyDVD Sonic RecordNow! Sony Picture Utility Spybot - Search & Destroy Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Internet Explorer 7 Windows Internet Explorer 8 Windows XP Service Pack 3 Yahoo! BrowserPlus 2.9.8 ZoneAlarm . ==== Event Viewer Messages From Past Week ======== . 14/07/2011 21:33:10, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0. 14/07/2011 21:31:23, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 14/07/2011 21:19:22, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcf_device service to connect. 14/07/2011 21:19:22, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 14/07/2011 21:19:22, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060} 14/07/2011 20:59:35, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde 10/07/2011 12:25:10, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. 10/07/2011 12:21:09, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 000D614F0379 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 10/07/2011 12:20:39, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File ===========================
|
|
#3
July 16th, 2011, 03:58 AM
|
||||
|
||||
|
Hello VegasMAK,
Better folks wait, and not start running and posting logs. As I just mentioned in a different new request, it tends to delay a reply (though I am checking multi-post new threads on a hunch right now), and here, I really need to check some different scan results. Let's do that. To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ---------- Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel. Messenger Plus! 3 & Sponsor I am not sure what their current supposed 'sponsor" is, but whatever it is, you can be sure it is not something you all want. -------------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 10:18 PM.
