Hi guys, I would really like some advice and instructions on what I should do for the results below. Also, if you could provide some insight and answer some of my questions, that would be really nice.
Some background: Today, my NOD32 antivirus was screwing up so I decided to reinstall it (I think this was my biggest mistake because there were some quarantine files). Do quarantined files affect me after I uninstall my antivirus?
The major malwares were from this webcam installer of mine that is a freeware I got from an Australian site (which I believe should have been trustable) since I lost my original installation disk. The malwares ran at startup in the form of edr.exe and efixaa.exe (these were files that my Eset had quaratined and I realised they were slowing me down, using 100% of my CPU process at startup).
These were my results:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7032
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/7/2011 12:08:55 AM
mbam-log-2011-07-07 (00-08-55).txt
Scan type: Quick scan
Objects scanned: 163608
Time elapsed: 19 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OHCFC34QK3 (Trojan.FraudPack.Gen) -> Value: OHCFC34QK3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JRPP572441 (Trojan.FraudPack.Gen) -> Value: JRPP572441 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java system update (Trojan.Agent) -> Value: java system update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate system (Trojan.Agent) -> Value: winupdate system -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Backdoor.IRCBot) -> Value: windows updater -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java checksys (Trojan.Agent) -> Value: java checksys -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\administrator\local settings\Temp\Edr.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Efixaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\132.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Edq.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Eds.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gpkhdi\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\eumlm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\icvcc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\gaspci.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\rtpmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
dds results:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/30/2011 1:15:40 PM
System Uptime: 7/7/2011 12:51:46 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-8S648FX
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2813/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 52.225 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 7/7/2011 12:16:24 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
3 Mobile Broadband
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced SystemCare 4
C-Media WDM Audio Driver
Chuzzle Deluxe
Conduit Engine
EPSON Printer Software
EPSON Scan
ESET Smart Security
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 24
K-Lite Mega Codec Pack 7.0.0
Lyrics Plugin for Windows Media Player
MapleStory
Messenger Plus! 5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nexon Game Manager
PANDA-EGG
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Smart Defrag Server 2010 Trail
Tumblebugs
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
Varmintz Deluxe
VLC media player 1.1.9
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 5 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 12:12:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/7/2011 12:12:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde uagp35
7/6/2011 9:50:53 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/6/2011 9:50:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
7/6/2011 12:59:06 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
7/6/2011 11:54:23 AM, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
.
==== End Of File ===========================
and
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 0:53:18 on 2011-07-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.230 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\WINDOWS\system32\wscntfy.exe
svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vnexpress.net/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Mobile Partner] "c:\program files\3 mobile broadband\3 Mobile Broadband.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\giuwch7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
.
FF - user.js: accessibility.blockautorefresh - true
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1308958311
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1308961538
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1308961418
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1308744676
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1307100386
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1308994998
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 640000
FF - user.js: browser.download.dir - c:\\documents and settings\\administrator\\Desktop
FF - user.js: browser.download.folderList - 0
FF - user.js: browser.download.lastDir - c:\\documents and settings\\administrator\\Desktop
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
FF - user.js: browser.startup.homepage_override.buildID - 20110615151330
FF - user.js: browser.startup.homepage_override.mstone - rv:5.0
FF - user.js: extensions.blocklist.pingCountTotal - 20
FF - user.js: extensions.blocklist.pingCountVersion - 3
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 3
FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{972ce4c6-7e08-4474-a285-3208198ce6fd}:5.0
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1307239442531},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1306823376156}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1308836872343},\{cafeefac-0016-0000-0024-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0024-abcdeffedcba}\,\mtime\:1306823387781},\{cafeefac-0016-0000-0026-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0026-abcdeffedcba}\,\mtime\:1307868115406}}}]
FF - user.js: extensions.lastAppVersion - 5.0
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1308963423
FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1252, Shift_JIS, ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1308963423
FF - user.js: places.history.expiration.transient_current_max_pages - 10726
FF - user.js: places.last_vacuum - 1307017819
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1307149454
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1309517650
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-6-21 100736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-6 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-06 14:19:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 14:19:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 14:19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-06 13:43:35 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-07-06 13:43:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-06 11:49:03 195072 --sha-r- c:\windows\system32\l_intl9.dll
2011-07-06 03:07:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VS Revo Group
2011-07-06 03:07:07 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-06 03:01:12 -------- d-----w- c:\program files\Advanced System Care
2011-07-06 01:58:10 -------- d-----w- c:\program files\UlisesSoft
2011-07-06 01:48:55 -------- d-----w- c:\program files\VS Revo Group
2011-06-30 07:37:53 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VT_Software
2011-06-30 05:55:57 -------- d-----w- c:\program files\Warkeys
2011-06-26 13:42:04 349472 ----a-w- c:\windows\WindowsXP-KB822603-x86.exe
2011-06-26 13:42:03 344064 ----a-w- c:\windows\vsnp2std.exe
2011-06-26 13:42:03 270336 ----a-w- c:\windows\tsnp2std.exe
2011-06-26 13:42:02 25472 ----a-w- c:\windows\system32\drivers\sncamd.sys
2011-06-26 13:41:58 12212864 ----a-w- c:\windows\system32\drivers\snp2sxp.sys
2011-06-26 13:41:57 77824 ----a-w- c:\windows\system32\csnp2std.dll
2011-06-26 13:41:57 73728 ----a-w- c:\windows\system32\vsnp2std.dll
2011-06-26 13:41:57 151552 ----a-w- c:\windows\system32\rsnp2std.dll
2011-06-26 13:41:57 -------- d-----w- c:\program files\common files\snp2std
2011-06-23 13:47:50 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-23 13:47:49 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 09:36:01 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-23 08:50:00 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-06-23 08:50:00 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-06-23 08:48:52 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-06-23 08:26:28 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-23 08:26:15 -------- d-----w- c:\windows\Logs
2011-06-21 08:14:43 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-21 08:14:43 114432 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-21 08:14:43 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-21 08:14:43 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-06-19 03:14:29 -------- d-----w- c:\documents and settings\administrator\glGo
2011-06-19 03:03:11 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-19 03:03:11 233472 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-19 03:02:47 -------- d-----w- c:\program files\glGo
2011-06-17 11:34:17 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-06-17 11:34:17 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-06-17 11:34:12 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2011-06-17 11:34:12 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-06-17 11:34:10 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2011-06-17 11:34:10 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-06-17 11:34:09 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-06-17 11:34:07 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-06-17 11:34:07 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-06-17 11:34:05 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-06-17 11:34:05 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-06-17 11:33:59 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2011-06-17 11:33:59 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-06-17 11:33:57 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2011-06-17 11:33:57 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-06-17 11:33:05 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-06-17 11:33:04 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-06-17 11:33:03 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-06-17 11:33:01 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-06-17 11:33:01 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-06-17 11:32:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-06-17 11:20:11 81920 ----a-w- c:\windows\amcap.exe
2011-06-17 07:27:08 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Howei
2011-06-12 08:37:24 -------- d-----w- c:\documents and settings\administrator\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-06-12 08:24:20 -------- d-----w- c:\documents and settings\administrator\application data\HTC
2011-06-12 08:23:23 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations
2011-06-12 08:23:01 -------- d-----w- c:\program files\Spirent Communications
2011-06-12 08:22:27 -------- d-----w- c:\program files\HTC
2011-06-12 08:21:56 -------- d-----w- c:\program files\MSXML 4.0
2011-06-08 10:16:42 -------- d-----w- c:\windows\system32\winrm
2011-06-08 10:16:42 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-08 10:16:25 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-07 13:45:40 -------- d-----w- c:\documents and settings\administrator\application data\uTorrent
2011-06-07 13:21:04 -------- d-----w- c:\documents and settings\administrator\application data\Easeware
2011-06-07 13:14:09 -------- d-----w- c:\documents and settings\all users\application data\Driver Whiz
2011-06-07 03:53:52 -------- d-----w- c:\documents and settings\all users\application data\IObit
.
==================== Find3M ====================
.
2011-06-23 05:49:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-04 02:51:11 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-03 18:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 16:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82F514D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f577d0]; MOV EAX, [0x82f5784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F6EAB8]
3 CLASSPNP[0xF8775FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005a[0x82F739E8]
5 ACPI[0xF86EC620] -> nt!IofCallDriver[0x804E37D5] -> [0x82FD8940]
\Driver\atapi[0x82F4DF38] -> IRP_MJ_CREATE -> 0x82F514D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F5131B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:56:05.00 ===============
I am unable to provide a GMER log as my computer freezes at the point in which it scans C:\WINDOWS\system\32\dhcpcsvc.dll. In addition, I have noted that there was one particular file/location which was highlited in red. It was \Device\Harddisk0\DR0 and it was something called TDL4@MBR code bas been found.
Please give me advice and I was wondering if installation of Eset (which I have yet to install again) will crash my computer if I have Malwarebytes as well. Malwarebytes has also blocked off 'outgoing' IP addresses. If you would like me to provide this as well, please ask.
*edited*
I forgot to mention, my computer has been unable to update properly in the past few weeks. I choose to update, it downloads and installs but it comes back up every time I restart computer.
Thanks in advance.
Some background: Today, my NOD32 antivirus was screwing up so I decided to reinstall it (I think this was my biggest mistake because there were some quarantine files). Do quarantined files affect me after I uninstall my antivirus?
The major malwares were from this webcam installer of mine that is a freeware I got from an Australian site (which I believe should have been trustable) since I lost my original installation disk. The malwares ran at startup in the form of edr.exe and efixaa.exe (these were files that my Eset had quaratined and I realised they were slowing me down, using 100% of my CPU process at startup).
These were my results:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7032
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/7/2011 12:08:55 AM
mbam-log-2011-07-07 (00-08-55).txt
Scan type: Quick scan
Objects scanned: 163608
Time elapsed: 19 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OHCFC34QK3 (Trojan.FraudPack.Gen) -> Value: OHCFC34QK3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JRPP572441 (Trojan.FraudPack.Gen) -> Value: JRPP572441 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java system update (Trojan.Agent) -> Value: java system update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate system (Trojan.Agent) -> Value: winupdate system -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Backdoor.IRCBot) -> Value: windows updater -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java checksys (Trojan.Agent) -> Value: java checksys -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\administrator\local settings\Temp\Edr.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Efixaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\132.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Edq.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\Eds.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gpkhdi\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\eumlm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\icvcc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\gaspci.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\rtpmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
dds results:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/30/2011 1:15:40 PM
System Uptime: 7/7/2011 12:51:46 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-8S648FX
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2813/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 52.225 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 7/7/2011 12:16:24 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
3 Mobile Broadband
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced SystemCare 4
C-Media WDM Audio Driver
Chuzzle Deluxe
Conduit Engine
EPSON Printer Software
EPSON Scan
ESET Smart Security
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 24
K-Lite Mega Codec Pack 7.0.0
Lyrics Plugin for Windows Media Player
MapleStory
Messenger Plus! 5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nexon Game Manager
PANDA-EGG
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Smart Defrag Server 2010 Trail
Tumblebugs
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
Varmintz Deluxe
VLC media player 1.1.9
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 5 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 12:12:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/7/2011 12:12:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde uagp35
7/6/2011 9:50:53 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/6/2011 9:50:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
7/6/2011 12:59:06 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
7/6/2011 11:54:23 AM, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
.
==== End Of File ===========================
and
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 0:53:18 on 2011-07-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.230 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\WINDOWS\system32\wscntfy.exe
svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vnexpress.net/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Mobile Partner] "c:\program files\3 mobile broadband\3 Mobile Broadband.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\giuwch7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
.
FF - user.js: accessibility.blockautorefresh - true
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1308958311
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1308961538
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1308961418
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1308744676
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1307100386
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1308994998
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 640000
FF - user.js: browser.download.dir - c:\\documents and settings\\administrator\\Desktop
FF - user.js: browser.download.folderList - 0
FF - user.js: browser.download.lastDir - c:\\documents and settings\\administrator\\Desktop
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
FF - user.js: browser.startup.homepage_override.buildID - 20110615151330
FF - user.js: browser.startup.homepage_override.mstone - rv:5.0
FF - user.js: extensions.blocklist.pingCountTotal - 20
FF - user.js: extensions.blocklist.pingCountVersion - 3
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 3
FF - user.js: extensions.enabledAddons - jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{972ce4c6-7e08-4474-a285-3208198ce6fd}:5.0
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1307239442531},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1306823376156}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1308836872343},\{cafeefac-0016-0000-0024-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0024-abcdeffedcba}\,\mtime\:1306823387781},\{cafeefac-0016-0000-0026-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0026-abcdeffedcba}\,\mtime\:1307868115406}}}]
FF - user.js: extensions.lastAppVersion - 5.0
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1308963423
FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1252, Shift_JIS, ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1308963423
FF - user.js: places.history.expiration.transient_current_max_pages - 10726
FF - user.js: places.last_vacuum - 1307017819
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1307149454
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1309517650
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-6-21 100736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-6 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-06 14:19:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 14:19:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 14:19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-06 13:43:35 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-07-06 13:43:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-06 11:49:03 195072 --sha-r- c:\windows\system32\l_intl9.dll
2011-07-06 03:07:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VS Revo Group
2011-07-06 03:07:07 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-06 03:01:12 -------- d-----w- c:\program files\Advanced System Care
2011-07-06 01:58:10 -------- d-----w- c:\program files\UlisesSoft
2011-07-06 01:48:55 -------- d-----w- c:\program files\VS Revo Group
2011-06-30 07:37:53 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VT_Software
2011-06-30 05:55:57 -------- d-----w- c:\program files\Warkeys
2011-06-26 13:42:04 349472 ----a-w- c:\windows\WindowsXP-KB822603-x86.exe
2011-06-26 13:42:03 344064 ----a-w- c:\windows\vsnp2std.exe
2011-06-26 13:42:03 270336 ----a-w- c:\windows\tsnp2std.exe
2011-06-26 13:42:02 25472 ----a-w- c:\windows\system32\drivers\sncamd.sys
2011-06-26 13:41:58 12212864 ----a-w- c:\windows\system32\drivers\snp2sxp.sys
2011-06-26 13:41:57 77824 ----a-w- c:\windows\system32\csnp2std.dll
2011-06-26 13:41:57 73728 ----a-w- c:\windows\system32\vsnp2std.dll
2011-06-26 13:41:57 151552 ----a-w- c:\windows\system32\rsnp2std.dll
2011-06-26 13:41:57 -------- d-----w- c:\program files\common files\snp2std
2011-06-23 13:47:50 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-23 13:47:49 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 09:36:01 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-23 08:50:00 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-06-23 08:50:00 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-06-23 08:48:52 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-06-23 08:26:28 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-23 08:26:15 -------- d-----w- c:\windows\Logs
2011-06-21 08:14:43 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-06-21 08:14:43 114432 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-06-21 08:14:43 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-06-21 08:14:43 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-06-19 03:14:29 -------- d-----w- c:\documents and settings\administrator\glGo
2011-06-19 03:03:11 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-19 03:03:11 233472 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-19 03:02:47 -------- d-----w- c:\program files\glGo
2011-06-17 11:34:17 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-06-17 11:34:17 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-06-17 11:34:12 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2011-06-17 11:34:12 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-06-17 11:34:10 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2011-06-17 11:34:10 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-06-17 11:34:09 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-06-17 11:34:07 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-06-17 11:34:07 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-06-17 11:34:05 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-06-17 11:34:05 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-06-17 11:33:59 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2011-06-17 11:33:59 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-06-17 11:33:57 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2011-06-17 11:33:57 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-06-17 11:33:05 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-06-17 11:33:04 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-06-17 11:33:03 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-06-17 11:33:01 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-06-17 11:33:01 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-06-17 11:32:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-06-17 11:20:11 81920 ----a-w- c:\windows\amcap.exe
2011-06-17 07:27:08 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Howei
2011-06-12 08:37:24 -------- d-----w- c:\documents and settings\administrator\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-06-12 08:24:20 -------- d-----w- c:\documents and settings\administrator\application data\HTC
2011-06-12 08:23:23 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations
2011-06-12 08:23:01 -------- d-----w- c:\program files\Spirent Communications
2011-06-12 08:22:27 -------- d-----w- c:\program files\HTC
2011-06-12 08:21:56 -------- d-----w- c:\program files\MSXML 4.0
2011-06-08 10:16:42 -------- d-----w- c:\windows\system32\winrm
2011-06-08 10:16:42 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-08 10:16:25 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-07 13:45:40 -------- d-----w- c:\documents and settings\administrator\application data\uTorrent
2011-06-07 13:21:04 -------- d-----w- c:\documents and settings\administrator\application data\Easeware
2011-06-07 13:14:09 -------- d-----w- c:\documents and settings\all users\application data\Driver Whiz
2011-06-07 03:53:52 -------- d-----w- c:\documents and settings\all users\application data\IObit
.
==================== Find3M ====================
.
2011-06-23 05:49:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-04 02:51:11 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-03 18:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 16:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82F514D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f577d0]; MOV EAX, [0x82f5784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F6EAB8]
3 CLASSPNP[0xF8775FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005a[0x82F739E8]
5 ACPI[0xF86EC620] -> nt!IofCallDriver[0x804E37D5] -> [0x82FD8940]
\Driver\atapi[0x82F4DF38] -> IRP_MJ_CREATE -> 0x82F514D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F5131B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:56:05.00 ===============
I am unable to provide a GMER log as my computer freezes at the point in which it scans C:\WINDOWS\system\32\dhcpcsvc.dll. In addition, I have noted that there was one particular file/location which was highlited in red. It was \Device\Harddisk0\DR0 and it was something called TDL4@MBR code bas been found.
Please give me advice and I was wondering if installation of Eset (which I have yet to install again) will crash my computer if I have Malwarebytes as well. Malwarebytes has also blocked off 'outgoing' IP addresses. If you would like me to provide this as well, please ask.
*edited*
I forgot to mention, my computer has been unable to update properly in the past few weeks. I choose to update, it downloads and installs but it comes back up every time I restart computer.
Thanks in advance.