[Closed] Bad Image virus

By deseraligears
Sep 24, 2011
Topic Status:
Not open for further replies.
  1. Please see following DDS info Gmer continues to only show limitied information despite the total scan I have followed directions as instructed thanks

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25
    Run by Owner at 17:54:27 on 2011-09-24
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.401 [GMT -4:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\xknmj4cb.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Page = hxxp://search.live.com
    uSearch Bar = hxxp://www.searchqu.com/sidebar.html?src=ssb&sysid=406
    mDefault_Page_URL = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.searchqu.com/sidebar.html?src=ssb&sysid=406
    mSearchAssistant = hxxp://www.searchqu.com/sidebar.html?src=ssb&sysid=406
    uURLSearchHooks: H - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNzE5ODk5NjkwLUZQOSs2LVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzItRjlNMisxLUZMMTArMS1UVUcrMy1DSVArMi1ERFQrNjM4MjQtREQxMEYrMS1TVDEwRkFQUCsx"&"prod=55"&"ver=10.0.1392
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{48D18FF4-0D6C-459E-9B65-BA237FA84E92} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll c:\progra~1\window~4\datamngr\IEBHO.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-11 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-11 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-11 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-11 66616]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-24 366152]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-24 22216]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2010-3-16 157696]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-16 1684736]
    S3 cpuz132;cpuz132;\??\c:\docume~1\greer\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\greer\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-7-29 18432]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-24 15:47:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-24 15:47:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-11 18:24:14 -------- d-----w- c:\windows\system32\NtmsData
    2011-09-11 18:23:13 -------- d-----w- c:\documents and settings\owner\application data\Avira
    2011-09-11 14:08:48 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-09-11 14:08:47 -------- d-----w- c:\program files\Avira
    2011-09-11 14:08:47 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-09-10 17:32:47 -------- d-----w- c:\program files\Trend Micro
    2011-09-10 09:11:59 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-09-08 14:10:17 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
    2011-09-08 14:10:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-01 00:44:05 -------- d-----w- c:\program files\WINDOW~4
    2011-08-31 20:52:35 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-08-31 14:37:18 -------- d-----w- c:\documents and settings\owner\application data\SumatraPDF
    2011-08-31 14:37:05 -------- d-----w- c:\program files\SumatraPDF
    2011-08-31 14:21:07 -------- d-----w- c:\program files\iPod
    2011-08-26 14:45:16 -------- d-----w- c:\documents and settings\all users\PMS
    2011-08-26 14:44:01 -------- d-----w- c:\program files\PS3 Media Server
    .
    ==================== Find3M ====================
    .
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-24 12:36:05 20 ----a-w- c:\windows\system32\NLHTMLA.DLL
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 17:55:07.14 ===============
    Name:
    PNP Device ID: ACPI\CPL0002\2&DABA3FF&0
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_02F41028&REV_02\4&2803E7C1&0&00E2
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_02F41028&REV_02\4&2803E7C1&0&00E2
    Service: RTLE8023xp
    .
    ==== System Restore Points ===================
    .
    RP1: 8/17/2011 8:49:46 PM - System Checkpoint
    RP2: 8/18/2011 1:17:46 AM - Restore Operation
    RP3: 8/19/2011 5:55:26 AM - Installed Windows XP Wdf01009.
    RP4: 8/20/2011 5:55:37 PM - System Checkpoint
    RP5: 8/22/2011 9:01:05 AM - System Checkpoint
    RP6: 8/23/2011 9:57:46 AM - System Checkpoint
    RP7: 8/24/2011 11:53:52 AM - System Checkpoint
    RP8: 8/25/2011 3:00:27 AM - Software Distribution Service 3.0
    RP9: 8/26/2011 7:18:50 AM - System Checkpoint
    RP10: 8/27/2011 3:03:57 PM - System Checkpoint
    RP11: 8/29/2011 2:04:25 AM - System Checkpoint
    RP12: 8/30/2011 7:02:23 AM - System Checkpoint
    RP13: 8/31/2011 10:32:23 AM - Removed Adobe Reader X (10.1.0).
    RP14: 8/31/2011 4:45:41 PM - Installed Ad-Aware
    RP15: 8/31/2011 4:46:15 PM - Installed Ad-Aware
    RP16: 9/3/2011 10:22:50 AM - System Checkpoint
    RP17: 9/3/2011 11:10:20 PM - Removed Skype™ 5.5
    RP18: 9/5/2011 12:38:56 AM - System Checkpoint
    RP19: 9/7/2011 7:30:25 AM - Removed Click to Call with Skype
    RP20: 9/8/2011 4:20:33 AM - Software Distribution Service 3.0
    RP21: 9/8/2011 4:43:12 AM - Removed Ad-Aware
    RP22: 9/9/2011 8:29:51 AM - System Checkpoint
    RP23: 9/10/2011 10:07:26 AM - System Checkpoint
    RP24: 9/10/2011 1:32:45 PM - Installed HiJackThis
    RP25: 9/11/2011 11:17:28 AM - Removed AVG 2011
    RP26: 9/11/2011 11:19:29 AM - Removed AVG 2011
    RP27: 9/14/2011 8:07:15 AM - System Checkpoint
    RP28: 9/15/2011 6:12:49 AM - Software Distribution Service 3.0
    RP29: 9/17/2011 7:41:57 AM - System Checkpoint
    RP30: 9/17/2011 8:31:54 PM - Removed HiJackThis
    RP31: 9/23/2011 6:34:25 AM - System Checkpoint
    RP32: 9/24/2011 6:48:27 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    CCleaner
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2570791)
    HP LaserJet P1000 series
    InstallVC90Support
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 25
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NirSoft BlueScreenView
    QuickTime
    Realtek Card Reader
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    SumatraPDF
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Live ID Sign-in Assistant
    Windows Migration Assistant
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/24/2011 6:59:20 AM, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 240.49.70.102 to a request from a client. The data is the error code.
    9/18/2011 2:37:43 PM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.108. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
    9/18/2011 2:01:57 PM, error: atapi [9] - The device, \Device\Ide\IdePo

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-24 17:54:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160314AS rev.0003DEM1
    Running: xknmj4cb.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgwdifog.sys


    ---- System - GMER 1.0.15 ----

    SSDT F7C395FC ZwClose
    SSDT F7C395B6 ZwCreateKey
    SSDT F7C39606 ZwCreateSection
    SSDT F7C395AC ZwCreateThread
    SSDT F7C395BB ZwDeleteKey
    SSDT F7C395C5 ZwDeleteValueKey
    SSDT F7C395F7 ZwDuplicateObject
    SSDT F7C395CA ZwLoadKey
    SSDT F7C39598 ZwOpenProcess
    SSDT F7C3959D ZwOpenThread
    SSDT F7C395D4 ZwReplaceKey
    SSDT F7C395CF ZwRestoreKey
    SSDT F7C3960B ZwSetContextThread
    SSDT F7C395C0 ZwSetValueKey
    SSDT F7C395A7 ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    ? cuuolv.sys The system cannot find the file specified. !

    ---- EOF - GMER 1.0.15 ----
  2. Broni

    Broni Malware Annihilator Posts: 46,433   +252

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.