Jump to content

user403

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. user403
    It's not redirecting anymore, so in that regard I believe it is. I would wonder about the ssdt drivers rogekiller found and if they would have been installed by tdss?
  2. user403
    Here is the report from the scan. ( also, I think I may have replaced the MBR using TDSSkiller ) RogueKiller V7.3.1 [03/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Steve [Admin rights] Mode: Scan -- Date: 03/14/2012 00:22:37 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 8 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : NameServer (4.4.4.4) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : NameServer (4.4.4.4) -> FOUND [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : NameServer (4.4.4.4) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x83D1DEEF -> HOOKED (Unknown @ 0x87D123C0) SSDT[14] : NtAlertThread @ 0x83CCBC88 -> HOOKED (Unknown @ 0x87D124A0) SSDT[19] : NtAllocateVirtualMemory @ 0x83C8D37B -> HOOKED (Unknown @ 0x87D12DB0) SSDT[22] : NtAlpcConnectPort @ 0x83C94D8D -> HOOKED (Unknown @ 0x86A70D68) SSDT[43] : NtAssignProcessToJobObject @ 0x83C3879A -> HOOKED (Unknown @ 0x87D18A18) SSDT[74] : NtCreateMutant @ 0x83CC0184 -> HOOKED (Unknown @ 0x87D18FC0) SSDT[86] : NtCreateSymbolicLinkObject @ 0x83C50441 -> HOOKED (Unknown @ 0x87D18738) SSDT[87] : NtCreateThread @ 0x83D1C186 -> HOOKED (Unknown @ 0x87D103F0) SSDT[88] : NtCreateThreadEx @ 0x83C7A2B1 -> HOOKED (Unknown @ 0x87D18828) SSDT[96] : NtDebugActiveProcess @ 0x83CF171C -> HOOKED (Unknown @ 0x87D18AF8) SSDT[111] : NtDuplicateObject @ 0x83CBD631 -> HOOKED (Unknown @ 0x87D12F80) SSDT[131] : NtFreeVirtualMemory @ 0x83AF495D -> HOOKED (Unknown @ 0x87D12BD0) SSDT[145] : NtImpersonateAnonymousToken @ 0x83C33FCC -> HOOKED (Unknown @ 0x87D12200) SSDT[147] : NtImpersonateThread @ 0x83C99BA9 -> HOOKED (Unknown @ 0x87D122E0) SSDT[155] : NtLoadDriver @ 0x83BE2295 -> HOOKED (Unknown @ 0x875E2DE0) SSDT[168] : NtMapViewOfSection @ 0x83CC0446 -> HOOKED (Unknown @ 0x87D12AD0) SSDT[177] : NtOpenEvent @ 0x83CC2AD6 -> HOOKED (Unknown @ 0x87D18EE0) SSDT[190] : NtOpenProcess @ 0x83CC2AA0 -> HOOKED (Unknown @ 0x87D10298) SSDT[191] : NtOpenProcessToken @ 0x83C7DE51 -> HOOKED (Unknown @ 0x87D12EA0) SSDT[194] : NtOpenSection @ 0x83CC0729 -> HOOKED (Unknown @ 0x87D18D20) SSDT[198] : NtOpenThread @ 0x83CC13F7 -> HOOKED (Unknown @ 0x87D101A8) SSDT[215] : NtProtectVirtualMemory @ 0x83CC11B0 -> HOOKED (Unknown @ 0x87D18928) SSDT[304] : NtResumeThread @ 0x83CB353E -> HOOKED (Unknown @ 0x87D12580) SSDT[316] : NtSetContextThread @ 0x83D1D28B -> HOOKED (Unknown @ 0x87D12820) SSDT[333] : NtSetInformationProcess @ 0x83C8E975 -> HOOKED (Unknown @ 0x87D12900) SSDT[350] : NtSetSystemInformation @ 0x83CCC365 -> HOOKED (Unknown @ 0x87D18BD8) SSDT[366] : NtSuspendProcess @ 0x83D1DE2B -> HOOKED (Unknown @ 0x87D18E00) SSDT[367] : NtSuspendThread @ 0x83CDABC6 -> HOOKED (Unknown @ 0x87D12660) SSDT[370] : NtTerminateProcess @ 0x83CA30AD -> HOOKED (Unknown @ 0x87D104F0) SSDT[371] : NtTerminateThread @ 0x83CB5E53 -> HOOKED (Unknown @ 0x87D12740) SSDT[385] : NtUnmapViewOfSection @ 0x83CBD24B -> HOOKED (Unknown @ 0x87D129F0) SSDT[399] : NtWriteVirtualMemory @ 0x83CC8B25 -> HOOKED (Unknown @ 0x87D12CC0) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x88A08518) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x889F24A8) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x88B92C20) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x88B6E448) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x88B9EA80) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x88C486C8) S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x88C0C2B0) S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x88C48C88) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x87EB8B90) S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x88B620B0) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++ --- User --- [MBR] 6161d365bf34a14a22c64b609f44f895 [bSP] 7bee9f9671fc45dd1e9e63a44ed16817 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 227288 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 465487872 | Size: 11183 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  3. user403
    I will run the scan and post the results afterwards. For the moment here is the log for GMER: GMER 1.0.15.15641 - http://www.gmer.net Rootkit quick scan 2012-03-08 16:34:35 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545025B9A300 rev.PB2OCA0G Running: d42rehxr.exe; Driver: C:\Users\Steve\AppData\Local\Temp\ugloypob.sys ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs CBUFS.sys (COMODO Safe Backup/COMODO Security Solutions Inc.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
  4. user403
    I'm looking to try to clean up my machine and remove the rootkit. some of the symptoms were Google redirects and a few bsods which got me started, but I haven't had the time to figure this out on my own. ( it apparently is a nasty one too) I have two machines which are infected, I'm working from a third running ubuntu. I'm only concerned with cleaning one of the two right now. I have disconnected it from the internet by turning off wi-fi and unplugging the ethernet. Here are logs from Malwarebytes quick scan, DSS, and gmer. ( TDL4 was identified by gmer) mbam: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.08.06 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Steve :: STEVE-PC [administrator] Protection: Enabled 3/8/2012 18:00:49 mbam-log-2012-03-08 (18-00-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229833 Time elapsed: 53 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DSS.txt : DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24 Run by Steve at 17:48:02 on 2012-03-08 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1470 [GMT -5:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\taskeng.exe C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb uStart Page = hxxp://www.mirostart.com/?cfg=2-73-0-vNWc mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\19.5.0.145\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\19.5.0.145\coIEPlg.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: kent.edu DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 192.168.0.10 TCP: Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : NameServer = 4.4.4.4 TCP: Interfaces\{08F46703-A7D7-478D-A637-B3B69C52CEBC} : DhcpNameServer = 192.168.0.10 TCP: Interfaces\{5B8C45EB-2BC3-4EE1-8E9B-F584FD1E4B9F} : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{8F5E5641-8B8C-4FB8-AEDF-C315B2B7F694} : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{8F5E5641-8B8C-4FB8-AEDF-C315B2B7F694}\2375942554832353 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{8F5E5641-8B8C-4FB8-AEDF-C315B2B7F694}\3425E414 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{8F5E5641-8B8C-4FB8-AEDF-C315B2B7F694}\342716A7976657E6 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{8F5E5641-8B8C-4FB8-AEDF-C315B2B7F694}\362716A7976657E6 : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\34jggw5p.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\common files\wolfram research\browser\8.0.0.1818576\npmathplugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\users\steve\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\users\steve\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\users\steve\appdata\roaming\facebook\npfbplugin_1_0_0.dll FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\34jggw5p.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\34jggw5p.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2010-1-7 69672] R0 CBUfs;CBUfs;c:\windows\system32\drivers\cbufs.sys [2010-1-7 121696] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\SymDS.sys [2012-2-12 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\SymEFA.sys [2012-2-12 905336] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccSetx86.sys [2012-2-12 132744] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\ipsdefs\20120217.003\IDSvix86.sys [2012-2-18 368248] R1 pfmfs_463;pfmfs_463;c:\windows\system32\drivers\pfmfs_463.sys [2011-12-14 191848] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\Ironx86.sys [2012-2-12 149624] R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1305000.091\symnets.sys [2012-2-12 318584] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-21 652360] R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\19.5.0.145\ccSvcHst.exe [2012-2-12 138248] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-12 106104] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-21 20464] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-10-1 13224] S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2005-1-31 163328] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-23 166912] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136] S3 StkMini;iREZ K2r;c:\windows\system32\drivers\StkMini.sys [2010-8-26 850438] S3 tvnserver;TightVNC Server;"c:\program files\tightvnc\tvnserver.exe" -service --> c:\program files\tightvnc\tvnserver.exe [?] S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-3-25 31824] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480] S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 193840] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128] S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-10-1 155344] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] S4 StkSSrv;Syntek DC-112X Service;c:\windows\system32\StkSrv2k.exe [2010-8-26 24576] S4 SynchronizationService.exe;Comodo BackUp Service;c:\program files\comodo\comodo backup\SynchronizationService.exe [2010-1-7 942328] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] S4 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856] S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400] . =============== Created Last 30 ================ . 2012-03-08 20:55:57 -------- d-----w- C:\_Quarantine 2012-02-21 21:38:03 -------- d-----w- c:\users\steve\appdata\roaming\Malwarebytes 2012-02-21 21:37:55 -------- d-----w- c:\programdata\Malwarebytes 2012-02-21 21:37:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-21 21:37:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-21 16:35:25 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit 2012-02-21 16:33:21 -------- d-----w- c:\program files\Debugging Tools for Windows (x86) 2012-02-21 16:32:55 -------- d-----w- c:\program files\Application Verifier 2012-02-16 05:14:08 139776 ----a-w- c:\programdata\microsoft\windows\drm\2B04.tmp 2012-02-14 03:04:16 -------- d-----w- c:\users\steve\appdata\roaming\Gmail Notifier Plus 2012-02-13 01:34:44 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-02-13 01:34:44 -------- d-----w- c:\program files\Symantec 2012-02-13 01:34:44 -------- d-----w- c:\program files\common files\Symantec Shared 2012-02-13 01:34:02 905336 ----a-r- c:\windows\system32\drivers\nis\1305000.091\SymEFA.sys 2012-02-13 01:34:02 574584 ----a-r- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys 2012-02-13 01:34:02 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\SymDS.sys 2012-02-13 01:34:02 32888 ----a-r- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys 2012-02-13 01:34:02 318584 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symnets.sys 2012-02-13 01:34:02 149624 ----a-r- c:\windows\system32\drivers\nis\1305000.091\Ironx86.sys 2012-02-13 01:34:01 132744 ----a-r- c:\windows\system32\drivers\nis\1305000.091\ccSetx86.sys 2012-02-13 01:33:02 4782 ----a-r- c:\windows\system32\drivers\nis\1305000.091\SymVTcer.dat 2012-02-13 01:32:57 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091 2012-02-12 19:11:11 -------- d-----w- c:\users\steve\appdata\local\NPE 2012-02-11 01:28:03 -------- d-----w- C:\NBRT 2012-02-10 05:56:18 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0401000.00F 2012-02-10 05:56:18 -------- d-----w- c:\windows\system32\drivers\NBRTWizard 2012-02-10 05:56:16 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard 2012-02-09 16:07:49 -------- d-----w- c:\program files\NirSoft 2012-02-08 22:05:25 -------- d-----w- C:\inetpub . ==================== Find3M ==================== . 2012-01-31 02:18:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 17:48:47.87 =============== Attach.txt : DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/21/2009 20:49:22 System Uptime: 3/8/2012 16:03:41 (1 hours ago) . Motherboard: Hewlett-Packard | | 3612 Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 24.869 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.831 GiB free. E: is CDROM (UDF) H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) "GNU gdb 5.2.1" µTorrent 7-Zip 4.65 Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.3.1 Adobe Shockwave Player Age of Empires III AIM 7 Amazon Kindle For PC Apple Application Support Apple Mobile Device Support Apple Software Update Application Verifier ArcSoft Panorama Maker 5 Atheros Driver Installation Program Auslogics Duplicate File Finder Bonjour Byki Byki Express Cisco AnyConnect VPN Client Cisco Network Magic Cobian Backup 9 COMODO BackUp Compatibility Pack for the 2007 Office system CyberLink DVD Suite Debugging Tools for Windows (x86) digestIT 2004 DjVuLibre+DjView Duplicate Cleaner 1.4.7c e7note EASEUS Data Recovery Wizard Free Edition 5.0.1 EPSON Artisan 830 Series Printer Uninstall Epson Event Manager Epson FAX Utility EPSON NX100 Series Printer Uninstall Epson PC-FAX Driver EPSON Scan EpsonNet Print EpsonNet Setup 3.3 ESU for Microsoft Vista Facebook Plug-In Facebook Video Calling 1.1.1.1 FileOpen Client foldit Geany 0.19 Google Chrome Google Earth HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973) Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054) Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973) Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139) Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP DVD Play 3.7 HP Help and Support HP Quick Launch Buttons 6.40 H2 HP Total Care Advisor HP Total Care Setup HP Update HP USB Disk Storage Format Tool HP User Guides 0118 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant InfraRecorder inSSIDer inSSIDer 2.0 Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java DB 10.5.3.0 Java 6 Update 24 Java 6 Update 7 Java SE Development Kit 6 Update 18 LabelPrint LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.60.1.1000 Mathematica Extras 8.0 (1818576) MATLAB R2009a Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools Microsoft Help Viewer 1.0 Microsoft Help Viewer 1.1 Microsoft Image Composite Editor Microsoft IntelliPoint 7.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft SQL Server VSS Writer Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual C++ 2010 Express - ENU Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Visual Web Developer 2010 Express - ENU Microsoft Windows Performance Toolkit Microsoft Windows SDK for Windows 7 (7.1) Microsoft Windows SDK for Windows 7 Common Utilities (30514) Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) Microsoft Windows SDK for Windows 7 Samples (30514) Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) Microsoft Windows SDK Intellisense and Reference Assemblies (30514) Microsoft Windows SDK MSHelp (30514) Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) Microsoft Works MiKTeX 2.8 MinGW 5.1.6 MiniStumbler 0.4.0 (remove only) Mozilla Firefox 10.0.2 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal NetWaiting Network Magic Network Stumbler 0.4.0 (remove only) NirSoft ServiWin Norton Bootable Recovery Tool Wizard Norton Internet Security Notepad++ Panasonic DVC USB Driver Pismo File Mount Audit Package Power2Go PowerDirector Pure Networks Platform PuTTY version 0.60 Qt Eclipse Integration 1.6.1 Qt SDK 2010.02.1 QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader ROOT Rosetta Stone Version 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Service Pack 1 for SQL Server 2008 (KB968369) SimCity 4 Deluxe SimCity Societies Skype Click to Call Skype 5.5 Sony Ericsson PC Companion 2.02.002 Sony Ericsson Update Engine Spelling Dictionaries Support For Adobe Reader 9 Sql Server Customer Experience Improvement Program Sun VirtualBox Synaptics Pointing Device Driver TomTom HOME 2.7.3.1894 TomTom HOME Visual Studio Merge Modules Unified Remote Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.0.2 VMD 1.9 WCF RIA Services V1.0 SP1 Web Deployment Tool Winamp WinDjView 1.0.3 Windows Media Player Firefox Plugin Windows SDK IntellisenseNFX WinEdt Wolfram Mathematica 8 for Students (M-WIN-G 8.0.0 1819003) . ==== Event Viewer Messages From Past Week ======== . 3/8/2012 17:39:45, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/8/2012 15:44:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/8/2012 15:43:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SymNetS VBoxDrv VBoxUSBMon Wanarpv6 3/8/2012 15:28:00, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 3/8/2012 14:22:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 3/7/2012 15:44:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83c8d530, 0x8e12b864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030712-131555-01. 3/6/2012 07:27:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x843e0487, 0xba2d1708, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030612-118747-01. 3/5/2012 21:47:19, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/5/2012 21:47:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.