Inactive Search engine redirect malware

Status
Not open for further replies.
Search engine results are redirected. I also had a hard drive boot problem (Windows XP BSOD, 0000007b stop code) that may have been a root virus. I bypassed the booting problem by switching the Bios from SATA to IDE. here are the logs

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/6/2010 9:35:07 AM
mbam-log-2010-12-06 (09-35-07).txt

Scan type: Quick scan
Objects scanned: 149029
Time elapsed: 15 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\dmichele\local settings\temp\pyap.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-06 10:52:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3160815AS rev.4.ADA
Running: 48w2r3k6.exe; Driver: C:\DOCUME~1\DMichele\LOCALS~1\Temp\kwldapog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA0AA41AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA0AA412B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA0AA41D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA0AA413F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA0AA416B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA0AA41FF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA0AA4117]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA0AA41BF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA0AA4155]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA0AA4181]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA0AA4197]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA0AA4215]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA0AA41E9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-12 8B27739B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8B27739B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8B27739B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8B27739B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8B27739B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8B27739B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8B27739B

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskST3160815AS_____________________________4.ADA___#5&118455e0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----



DDS (Ver_10-12-05.01) - NTFSx86
Run by DMichele at 10:54:59.23 on Mon 12/06/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2769 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\DMichele\Desktop\malware logs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\distillr\Acrotray.exe"
mRun: [KeyAccess] c:\windows\keyacc32.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader\reader_sl.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dmichele\applic~1\mozilla\firefox\profiles\sz8mzhhh.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\dmichele\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\dmichele\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\dmichele\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\dmichele\application data\mozilla\firefox\profiles\sz8mzhhh.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\dmichele\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\dmichele\application data\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\dmichele\applic~1\mozilla\firefox\profiles\sz8mzhhh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-10-6 144704]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-7-7 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-10-6 54608]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2009-7-7 2521880]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-7-7 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-7-7 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-7-7 177672]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

=============== Created Last 30 ================

2010-12-06 15:45:14 -------- d-s---w- C:\myapplication14494m
2010-12-06 15:41:15 -------- d-s---w- C:\myapplication
2010-12-06 15:41:14 389120 ----a-w- c:\windows\system32\CF23067.exe
2010-12-04 04:39:26 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-02 15:56:04 -------- d-----w- c:\docume~1\dmichele\applic~1\Office-Kit.com
2010-12-02 15:56:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Office-Kit.com
2010-12-02 15:55:39 438976 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2010-12-02 15:55:39 232640 ----a-w- c:\windows\system32\MSDATLST.OCX
2010-12-02 15:55:39 -------- d-----w- c:\program files\OFFICE-KIT.COM

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160815AS rev.4.ADA -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-7

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B277555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b27d7b0]; MOV EAX, [0x8b27d82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B256AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B28D2F8]
\Driver\atapi[0x8B299380] -> IRP_MJ_CREATE -> 0x8B277555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskST3160815AS_____________________________4.ADA___#5&118455e0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B27739B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 10:55:39.28 ===============

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/7/2009 8:10:34 AM
System Uptime: 12/6/2010 10:39:07 AM (0 hours ago)

Motherboard: Dell Inc. | | 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU | 2660/1333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 122.424 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02111028&REV_02\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02111028&REV_02\3&172E68DD&0&FB
Service:

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Beep
Device ID: ROOT\LEGACY_BEEP\0000
Manufacturer:
Name: Beep
PNP Device ID: ROOT\LEGACY_BEEP\0000
Service: Beep

==== System Restore Points ===================

RP412: 9/5/2010 2:15:13 AM - System Checkpoint
RP413: 9/6/2010 3:15:13 AM - System Checkpoint
RP414: 9/7/2010 4:15:13 AM - System Checkpoint
RP415: 9/8/2010 5:15:13 AM - System Checkpoint
RP416: 9/9/2010 6:15:13 AM - System Checkpoint
RP417: 9/10/2010 7:15:13 AM - System Checkpoint
RP418: 9/11/2010 8:15:07 AM - System Checkpoint
RP419: 9/12/2010 9:15:06 AM - System Checkpoint
RP420: 9/13/2010 10:17:27 PM - System Checkpoint
RP421: 9/15/2010 8:07:05 AM - System Checkpoint
RP422: 9/16/2010 3:00:13 AM - Software Distribution Service 3.0
RP423: 9/17/2010 3:21:29 AM - System Checkpoint
RP424: 9/18/2010 4:21:28 AM - System Checkpoint
RP425: 9/19/2010 5:21:28 AM - System Checkpoint
RP426: 9/20/2010 6:21:28 AM - System Checkpoint
RP427: 9/21/2010 7:21:28 AM - System Checkpoint
RP428: 9/22/2010 8:21:29 AM - System Checkpoint
RP429: 9/23/2010 10:29:07 AM - System Checkpoint
RP430: 9/24/2010 12:22:59 PM - System Checkpoint
RP431: 9/25/2010 1:21:20 PM - System Checkpoint
RP432: 9/26/2010 2:22:25 PM - System Checkpoint
RP433: 9/28/2010 1:08:50 AM - System Checkpoint
RP434: 9/29/2010 1:21:21 AM - System Checkpoint
RP435: 9/29/2010 3:00:12 AM - Software Distribution Service 3.0
RP436: 9/30/2010 3:21:20 AM - System Checkpoint
RP437: 10/1/2010 4:21:21 AM - System Checkpoint
RP438: 10/2/2010 5:21:14 AM - System Checkpoint
RP439: 10/3/2010 6:21:10 AM - System Checkpoint
RP440: 10/4/2010 7:21:10 AM - System Checkpoint
RP441: 10/5/2010 12:16:34 PM - System Checkpoint
RP442: 10/6/2010 3:00:13 AM - Software Distribution Service 3.0
RP443: 10/7/2010 4:30:52 AM - System Checkpoint
RP444: 10/8/2010 4:54:49 AM - System Checkpoint
RP445: 10/9/2010 5:21:11 AM - System Checkpoint
RP446: 10/10/2010 6:21:08 AM - System Checkpoint
RP447: 10/11/2010 7:21:08 AM - System Checkpoint
RP448: 10/12/2010 8:21:08 AM - System Checkpoint
RP449: 10/13/2010 9:29:24 AM - System Checkpoint
RP450: 10/14/2010 3:00:13 AM - Software Distribution Service 3.0
RP451: 10/15/2010 3:21:59 AM - System Checkpoint
RP452: 10/16/2010 3:22:02 AM - System Checkpoint
RP453: 10/17/2010 4:22:02 AM - System Checkpoint
RP454: 10/18/2010 5:22:02 AM - System Checkpoint
RP455: 10/19/2010 6:22:02 AM - System Checkpoint
RP456: 10/20/2010 7:22:03 AM - System Checkpoint
RP457: 10/21/2010 8:21:30 AM - System Checkpoint
RP458: 10/22/2010 10:19:06 AM - System Checkpoint
RP459: 10/23/2010 11:46:55 AM - System Checkpoint
RP460: 10/24/2010 12:21:54 PM - System Checkpoint
RP461: 10/25/2010 12:23:00 PM - System Checkpoint
RP462: 10/26/2010 3:02:22 PM - System Checkpoint
RP463: 10/27/2010 4:09:29 PM - System Checkpoint
RP464: 10/28/2010 6:04:02 PM - System Checkpoint
RP465: 10/28/2010 10:35:43 PM - Installed EndNote X4
RP466: 10/29/2010 11:21:55 PM - System Checkpoint
RP467: 10/31/2010 12:15:27 AM - System Checkpoint
RP468: 11/1/2010 12:21:53 AM - System Checkpoint
RP469: 11/2/2010 1:21:53 AM - System Checkpoint
RP470: 11/3/2010 2:48:20 AM - System Checkpoint
RP471: 11/4/2010 7:12:44 AM - System Checkpoint
RP472: 11/5/2010 7:21:53 AM - System Checkpoint
RP473: 11/6/2010 8:21:53 AM - System Checkpoint
RP474: 11/7/2010 8:21:52 AM - System Checkpoint
RP475: 11/8/2010 9:39:03 AM - System Checkpoint
RP476: 11/9/2010 10:06:32 AM - System Checkpoint
RP477: 11/10/2010 3:00:13 AM - Software Distribution Service 3.0
RP478: 11/11/2010 4:21:52 AM - System Checkpoint
RP479: 11/12/2010 5:21:52 AM - System Checkpoint
RP480: 11/12/2010 11:13:10 AM - Software Distribution Service 3.0
RP481: 11/13/2010 11:21:53 AM - System Checkpoint
RP482: 11/14/2010 12:21:53 PM - System Checkpoint
RP483: 11/15/2010 2:20:31 PM - System Checkpoint
RP484: 11/16/2010 8:00:33 PM - System Checkpoint
RP485: 11/17/2010 8:21:53 PM - System Checkpoint
RP486: 11/18/2010 9:21:53 PM - System Checkpoint
RP487: 11/19/2010 9:22:58 PM - System Checkpoint
RP488: 11/20/2010 9:23:00 PM - System Checkpoint
RP489: 11/21/2010 10:23:00 PM - System Checkpoint
RP490: 11/22/2010 11:23:00 PM - System Checkpoint
RP491: 11/24/2010 12:23:00 AM - System Checkpoint
RP492: 11/25/2010 1:23:00 AM - System Checkpoint
RP493: 11/26/2010 2:23:00 AM - System Checkpoint
RP494: 11/27/2010 3:23:00 AM - System Checkpoint
RP495: 11/28/2010 4:23:00 AM - System Checkpoint
RP496: 11/29/2010 5:23:00 AM - System Checkpoint
RP497: 11/30/2010 6:23:00 AM - System Checkpoint
RP498: 12/1/2010 7:23:00 AM - System Checkpoint
RP499: 12/2/2010 11:24:53 AM - System Checkpoint
RP500: 12/3/2010 12:35:41 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Bonjour
Compatibility Pack for the 2007 Office system
Dell Resource CD
Demolition Derby & Figure 8 Race
Digital Video
EndNote X2
EndNote X4
Excel Invoice Manager 2.19.1022
Google Toolbar for Internet Explorer
Google Update Helper
Graphpad Prism 5
GSC 2.00
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Intel® Active Management Technology
Intel® Management Engine Interface
iTunes
Java(TM) 6 Update 14
KeyServer MSIS
Lasergene 8 v8.0.3
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Monster Truck Madness 2 Trial
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Media Player
Mozilla Firefox (3.6.12)
Nokia Maps Updater 1.0.12
PC Connectivity Solution
PosterPrint 2.3
PowerDVD
QuickTime
ResearchSoft Direct Export Helper
Samsung CLP-500 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SOE Web Installer
SoundMAX
Spybot - Search & Destroy
TeamSpeak 3 Client
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack 3
XVID Codec Installation

==== Event Viewer Messages From Past Week ========

12/6/2010 9:46:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iastor
12/6/2010 9:46:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/6/2010 8:32:51 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 8:32:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/6/2010 10:36:32 AM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:32 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology User Notification Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology System Status Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology Local Management Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:36:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================
 
Hi and welcome to TechSpot forums :).

====

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
Thanks

when I ran combo fix, it detected rootkit-TDL3 and rebooted. it locked up on Windows background with no icons or toolbar without finishing the scan, so I rebooted again, then combofix loaded and finished the scan. I had to reboot again to get into Windows with a toolbar etc.

The log is attached (thats some log had to divide it in two!!!)
 

Attachments

  • combofix1.txt
    111.5 KB · Views: 0
  • combofix2.txt
    118.9 KB · Views: 0
Status
Not open for further replies.
Back