TechSpot

Browser Hijack / Hidden iexplore.exe processes

By Zeemox
Sep 9, 2011
  1. Hello there. I've been having various issues and I was hoping someone could help me out.

    Here's the logs:


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7678

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/9/2011 1:23:13 PM
    mbam-log-2011-09-09 (13-23-12).txt

    Scan type: Quick scan
    Objects scanned: 211825
    Time elapsed: 58 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-09 13:35:52
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-53CAA0 rev.16.06V16
    Running: m2v4sj8x.exe; Driver: C:\DOCUME~1\Terri\LOCALS~1\Temp\pxtdrpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT spfc.sys ZwEnumerateKey [0xF843CDA4]
    SSDT spfc.sys ZwEnumerateValueKey [0xF843D132]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 82051AF1
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F8378B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 82051AF1
    Device \Driver\atapi \Device\Ide\IdePort0 [F8378B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 82051AF1
    Device \Driver\atapi \Device\Ide\IdePort1 [F8378B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 82051AF1
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F8378B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\avbxel4f \Device\Scsi\avbxel4f1 82103500
    Device \Driver\avbxel4f \Device\Scsi\avbxel4f1Port2Path0Target1Lun0 82103500
    Device \Driver\avbxel4f \Device\Scsi\avbxel4f1Port2Path0Target0Lun0 82103500
    Device \FileSystem\Ntfs \Ntfs 8236F1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Fastfat \Fat FF5BA1F8

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-53CAA0______________________16.06V16#4457572d414d4538343237343138_036_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
    Run by Terri at 13:38:27 on 2011-09-09
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.258 [GMT -4:00]
    .
    AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    C:\Program Files\Belkin\F5D7050v5011\Belkinwcui.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Tunngle\TnglCtrl.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\MSSWCHX.EXE
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyServer = 192.168.1.1:80
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d7050v5011\Belkinwcui.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\terri\application data\mozilla\firefox\profiles\ieffrqxf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/
    FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\terri\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\terri\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\byond\bin\npbyond.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-8-16 5264736]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;c:\program files\belkin usb wireless monitor\WLService.exe [2011-8-7 49152]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2011-8-29 38144]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-6-18 737016]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22712]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-11 136176]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-8 366640]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
    S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2011-8-29 273280]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-11 136176]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-8-9 81168]
    S3 nenum13E;nenum13E;\??\c:\docume~1\terri\locals~1\temp\nenum13e.sys --> c:\docume~1\terri\locals~1\temp\nenum13E.sys [?]
    S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-6-18 27136]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-09-09 06:32:16 -------- d--h--w- C:\$AVG
    2011-09-09 06:17:20 -------- d-----w- c:\documents and settings\terri\application data\AVG2012
    2011-09-09 06:12:57 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-09-09 06:01:48 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-09-09 06:01:47 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-09-09 05:59:06 -------- d-----w- c:\program files\AVG
    2011-09-09 05:56:37 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-09-09 05:26:52 667136 ----a-w- c:\windows\system32\OGACheckControl.dll.bak
    2011-09-09 05:26:52 667136 ----a-w- c:\windows\system32\OGACheckControl.dll
    2011-09-09 05:26:52 3072 ----a-w- c:\windows\system32\OGAVerify.exe.bak
    2011-09-09 05:26:52 3072 ----a-w- c:\windows\system32\OGAVerify.exe
    2011-09-09 05:26:52 3072 ----a-w- c:\windows\system32\OGAExec.exe.bak
    2011-09-09 05:26:52 3072 ----a-w- c:\windows\system32\OGAExec.exe
    2011-09-09 05:26:52 3072 ----a-w- c:\windows\system32\OGAAddin.dll.bak
    2011-09-09 05:26:52 3072 ----a-w- c:\windows\system32\OGAAddin.dll
    2011-09-09 04:24:34 388096 ----a-r- c:\documents and settings\terri\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-09-09 04:24:26 -------- d-----w- c:\program files\hjt
    2011-09-09 02:14:07 1446264 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
    2011-09-09 02:03:25 -------- d-----w- c:\program files\CCleaner
    2011-08-29 17:37:21 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
    2011-08-29 17:37:11 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-08-29 17:37:01 273280 ----a-w- c:\windows\system32\drivers\BLKWGU.sys
    2011-08-29 17:37:01 273280 ----a-w- c:\windows\system\BLKWGU.sys
    2011-08-29 17:37:01 -------- d-----w- c:\windows\OPTIONS
    2011-08-29 17:35:51 -------- d-----w- c:\windows\system32\Belkin Wireless G USB Adapter Software
    2011-08-29 17:35:51 -------- d-----w- c:\program files\Belkin
    2011-08-24 03:57:59 -------- d-----w- c:\documents and settings\terri\application data\dekovir
    2011-08-24 03:50:58 -------- d-----w- c:\program files\Trade Mania
    2011-08-24 03:14:00 -------- d-----w- C:\Blocks That Matter
    2011-08-19 21:32:13 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-08-19 06:59:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-17 22:37:12 -------- d-----w- c:\documents and settings\terri\local settings\application data\Ubisoft
    2011-08-16 06:47:12 -------- d-----w- c:\documents and settings\terri\application data\Meridian93
    2011-08-16 06:44:15 -------- d-----w- c:\program files\Magic Life
    2011-08-12 15:40:35 -------- d-----w- c:\program files\JoWooD
    2011-08-12 02:43:02 40960 ----a-r- c:\documents and settings\terri\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2011-08-12 02:43:02 40960 ----a-r- c:\documents and settings\terri\application data\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
    2011-08-11 22:54:35 -------- d-----w- c:\program files\Piranha-Bytes
    2011-08-11 18:51:14 -------- d-----w- c:\program files\Triumph Studios
    2011-08-11 17:34:58 -------- d-----w- c:\program files\Age of Wonders Shadow Magic
    2011-08-11 17:29:09 -------- d-----w- c:\program files\Age of Wonders II
    .
    ==================== Find3M ====================
    .
    2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-24 03:15:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-08-24 03:15:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-08-07 16:06:59 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2011-08-07 16:06:58 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2011-07-11 05:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-07-11 05:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
    2011-07-11 05:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2011-07-11 05:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-07-11 05:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-07-10 18:09:45 94208 ----a-w- c:\windows\DIIUnin.exe
    2011-07-10 18:09:45 2829 ----a-w- c:\windows\DIIUnin.pif
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-16 01:37:12 249856 ------w- c:\windows\Setup1.exe
    2011-06-16 01:37:09 73216 ----a-w- c:\windows\ST6UNST.EXE
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800BB-53CAA0 rev.16.06V16 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82051ECC]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0xf8d04879; SUB DWORD [EBP-0x4], 0xf8d04135; PUSH EDI; CALL 0xffffffffffffdf2c; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x822ECAB8]
    3 CLASSPNP[0xF8577FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000071[0x823E2530]
    5 ACPI[0xF83E3620] -> nt!IofCallDriver[0x804E37D5] -> [0x82345940]
    [0x81F13030] -> IRP_MJ_CREATE -> 0x82051ECC
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-53CAA0______________________16.06V16#4457572d414d4538343237343138_036_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x82051AF1
    user & kernel MBR OK
    sectors 156301486 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 13:40:59.35 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/31/2010 1:35:43 PM
    System Uptime: 9/9/2011 10:46:21 AM (3 hours ago)
    .
    Motherboard: Intel Corporation | | D845GRG
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | X1 | 2400/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 3.255 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Ethernet Controller
    Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_4000107B&REV_81\4&2AF9ED5&0&40F0
    Manufacturer:
    Name: Ethernet Controller
    PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_4000107B&REV_81\4&2AF9ED5&0&40F0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Multimedia Audio Controller
    Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_4000107B&REV_01\3&267A616A&0&FD
    Manufacturer:
    Name: Multimedia Audio Controller
    PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_4000107B&REV_01\3&267A616A&0&FD
    Service:
    .
    ==== System Restore Points ===================
    .
    RP376: 7/27/2011 4:44:00 AM - System Checkpoint
    RP377: 7/28/2011 8:34:31 AM - System Checkpoint
    RP378: 7/29/2011 9:14:25 AM - System Checkpoint
    RP379: 7/29/2011 4:12:51 PM - Installed Singles2
    RP380: 7/30/2011 5:57:51 PM - System Checkpoint
    RP381: 7/31/2011 11:32:43 PM - System Checkpoint
    RP382: 8/1/2011 11:43:36 PM - System Checkpoint
    RP383: 8/2/2011 7:31:38 AM - Installed Call of Duty - United Offensive
    RP384: 8/2/2011 7:35:00 AM - Installed Call of Duty - United Offensive
    RP385: 8/2/2011 11:21:49 AM - Installed GTA San Andreas
    RP386: 8/3/2011 10:30:47 PM - System Checkpoint
    RP387: 8/5/2011 3:30:26 AM - System Checkpoint
    RP388: 8/5/2011 8:10:28 AM - Installed Stronghold Crusader
    RP389: 8/5/2011 8:19:29 AM - Installed Crusader Kings
    RP390: 8/5/2011 8:21:41 AM - Installed Crusader Kings
    RP391: 8/6/2011 2:32:21 PM - System Checkpoint
    RP392: 8/7/2011 6:38:55 PM - System Checkpoint
    RP393: 8/7/2011 11:27:33 PM - Installed Belkin 54Mbps Wireless USB Network Adapter
    RP394: 8/8/2011 11:41:26 PM - System Checkpoint
    RP395: 8/9/2011 4:14:04 PM - Removed Angry Birds Rio
    RP396: 8/9/2011 4:14:29 PM - Installed Angry Birds Rio
    RP397: 8/9/2011 7:31:49 PM - Installed Windows XP Wdf01009.
    RP398: 8/9/2011 11:55:12 PM - Installed Civilization III: Conquests
    RP399: 8/10/2011 3:00:25 AM - Software Distribution Service 3.0
    RP400: 8/11/2011 5:07:19 AM - System Checkpoint
    RP401: 8/11/2011 10:42:54 PM - Installed Project64 1.6
    RP402: 8/13/2011 3:16:48 AM - System Checkpoint
    RP403: 8/14/2011 3:58:19 AM - System Checkpoint
    RP404: 8/15/2011 6:57:36 AM - System Checkpoint
    RP405: 8/16/2011 6:58:33 AM - System Checkpoint
    RP406: 8/17/2011 7:58:35 AM - System Checkpoint
    RP407: 8/18/2011 8:58:34 AM - System Checkpoint
    RP408: 8/19/2011 6:37:30 PM - System Checkpoint
    RP409: 8/20/2011 5:38:57 PM - Installed Angry Birds Seasons
    RP410: 8/21/2011 8:10:46 PM - System Checkpoint
    RP411: 8/22/2011 8:33:45 PM - System Checkpoint
    RP412: 8/24/2011 7:21:58 AM - System Checkpoint
    RP413: 8/25/2011 3:00:25 AM - Software Distribution Service 3.0
    RP414: 8/26/2011 3:05:13 AM - System Checkpoint
    RP415: 8/27/2011 4:18:56 AM - System Checkpoint
    RP416: 8/28/2011 4:23:45 AM - System Checkpoint
    RP417: 8/29/2011 1:35:50 PM - Installed Belkin Wireless G USB Adapter Software
    RP418: 8/30/2011 2:21:56 PM - System Checkpoint
    RP419: 8/31/2011 3:00:50 PM - System Checkpoint
    RP420: 9/1/2011 4:59:06 AM - Restore Operation
    RP421: 9/1/2011 5:11:59 AM - Restore Operation
    RP422: 9/1/2011 5:15:03 AM - Restore Operation
    RP423: 9/2/2011 11:41:11 AM - System Checkpoint
    RP424: 9/3/2011 12:14:41 PM - System Checkpoint
    RP425: 9/4/2011 5:43:02 PM - System Checkpoint
    RP426: 9/5/2011 10:01:13 PM - System Checkpoint
    RP427: 9/7/2011 3:00:37 AM - Software Distribution Service 3.0
    RP428: 9/8/2011 3:59:36 AM - System Checkpoint
    RP429: 9/9/2011 12:21:18 AM - Removed Windows Live ID Sign-in Assistant
    RP430: 9/9/2011 12:24:21 AM - Installed HiJackThis
    RP431: 9/9/2011 1:59:04 AM - Installed AVG 2012
    RP432: 9/9/2011 2:01:13 AM - Installed AVG 2012
    .
    ==== Installed Programs ======================
    .
    '8th Wonder of the World'
    µTorrent
    32 Bit HP CIO Components Installer
    7-Zip 9.20
    Ace of Spades
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.6
    African Farm
    Age of Wonders
    Age of Wonders II
    Age of Wonders Shadow Magic
    Angry Birds Rio
    Angry Birds Seasons
    AnswerWorks 5.0 English Runtime
    Avadon
    AVG 2012
    Bejeweled 3
    Belkin 54Mbps Wireless USB Network Adapter
    Belkin F7D1101 Basic Wireless USB Adapter
    Belkin Wireless G USB Adapter Software
    Bing Bar Platform
    BufferChm
    Build Your Own Net Dream (remove only)
    Burger Shop 2 1.00
    C4400
    C4400_Help
    Call of Duty
    Call of Duty - United Offensive
    Car Thief 6 Full
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner
    Ceaser 3
    Civ3 Conquests v1.22 Full
    Civilization III
    Civilization III: Conquests
    Clonk Rage
    CodeBlocks
    Comical 0.8
    Copy
    Counter-Strike
    Crooked Money 1 Full
    Crusader Kings
    CustomerResearchQFolder
    DAEMON Tools Toolbar
    Destination Component
    Deus Ex
    DeviceDiscovery
    DeviceManagementQFolder
    Diablo II
    Digital - A Love Story 1.1
    DocProc
    DocProcQFolder
    DROD: Journey to Rooted Hold 2.0.12
    DROD: King Dugan's Dungeon 2.0.12
    Dungeon Crawl Stone Soup
    Dungeon Keeper 2
    Empires And Dungeons 2
    eSupportQFolder
    Europa 1400 - Gold Edition
    EVEREST Home Edition v2.20
    EverQuest Titanium
    Fallout2
    GameBiz 2 Uninstall
    GameBiz 3.0
    Google Chrome
    Google Earth
    Google Update Helper
    Gothic
    Gothic II
    Governor of Poker 2
    GPBaseService
    Grand Theft Auto Vice City
    GTA San Andreas
    GTA2
    Hacker Evolution: Untold (2.01.033)(remove only)
    HiJackThis
    Hitman 2: Silent Assassin
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    HP Photosmart Essential 2.5
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    ICCup Launcher
    Illarion Client
    Java Auto Updater
    Java(TM) 6 Update 25
    KAG 0.85A TEST
    King of Dragon Pass
    Knights Of Honor
    LIFE QUEST Final
    Magic Life 1.004
    Majesty - Gold Edition
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MapleStory
    MarketResearch
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Default Manager
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XNA Framework Redistributable 4.0
    Morrowind
    MotioninJoy ds3 driver version 0.6.0003
    Mozilla Firefox 6.0.2 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetAssistant
    NetAssistant for Firefox
    NETGEAR WG111v3 wireless USB 2.0 adapter
    Neverwinter Nights
    Nexon Game Manager
    NVIDIA Drivers
    NVIDIA Windows 2000/XP Display Drivers
    OpenAL
    Pando Media Booster
    PanoStandAlone
    Pioneer Lands
    PokerStars.net
    Project64 1.6
    PS_AIO_03_C4400_ProductContext
    PS_AIO_03_C4400_Software
    PS_AIO_03_C4400_Software_Min
    PSSWCORE
    Quake Live Mozilla Plugin
    Quicken 2010
    Real Lives 2010
    Restaurant Empire 2
    Rhye's of Civilization Expanded
    RPG World Online Client
    Sapiens
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982802)
    Shockwave
    Shrapnel Games\Weird Worlds
    Singles2
    SmartWebPrintingOC
    SolutionCenter
    Sound Blaster Live! Web 2K/XP
    Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    Star Wars®: Knights of the Old Republic (TM)
    Status
    Steam
    StencylWorks
    Stranded II 1.0.0.1
    Stronghold Crusader
    swMSM
    System Shock2
    Tasty Planet Back for Seconds
    TES Construction Set
    The Odyssey Online Classic
    The Settlers IV
    Thief Gold
    Tiled - Tiled Map Editor
    Tom Clancy's Splinter Cell
    Toolbox
    TrayApp
    Tunngle beta
    —ö‚·‚鉤‘
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    Uplink
    Vantage Current Build
    VideoToolkit01
    Virtual Farm 2
    VLC media player 1.1.7
    VVVVVV (Window v1.0)
    WebFldrs XP
    WebReg
    Windows Internet Explorer 8
    WinHTTrack Website Copier 3.44-1
    WinRAR archiver
    Worms Reloaded
    Xenimus
    Xvid Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2011 2:28:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    9/9/2011 2:28:44 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/9/2011 12:03:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    9/9/2011 11:03:07 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    9/9/2011 1:31:39 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    9/9/2011 1:30:29 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/8/2011 9:21:19 PM, error: Service Control Manager [7034] - The TunngleService service terminated unexpectedly. It has done this 1 time(s).
    9/8/2011 5:39:28 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    9/8/2011 5:11:55 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    9/8/2011 11:48:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    9/7/2011 12:53:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    9/7/2011 11:49:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm sptd
    9/7/2011 11:49:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    9/7/2011 11:48:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/7/2011 11:48:27 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
    9/2/2011 8:42:25 PM, error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: The specified module could not be found.
    9/2/2011 8:42:25 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
    9/2/2011 8:42:09 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    9/2/2011 8:42:09 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    9/2/2011 10:08:07 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...