Jump to content

trojans and malware and Rootkit.Boot.Pihar.c ...Oh My


Recommended Posts

Been working on cleaning up this tablet laptop. Got rid of trojans, rootkit and malware/browser redirect. It was blocking windows updates, which I can now download and it kept killing/deleting the MSE service but I think I have overcome that now. can someone look over the DDS logs to make sure I got everything. Thanks in advance.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by TestUser at 12:55:43 on 2012-08-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.549 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

svchost.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\tabbtnu.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Apoint2K\Apntex.exe

svchost.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=1

mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yma2

mStart Page = hxxp://www.yahoo.com/?fr=fp-yma2

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: FBDownloader BHO: {553318da-d010-469e-84b1-496563cae1bf} - c:\program files\htto group, ltd\fbdownloader ie add-on\FBDownloader.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TabletWizard] c:\windows\help\SplshWrp.exe

mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe

mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon

mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service

mRun: [00THotkey] c:\windows\system32\00THotkey.exe

mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0AMQAyADUAMwA4ADQAMgAwADMAMgAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBGAEwAKwA5AC0ARABEAFQAKwAwAC0AWABPADkAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAFQAQQArADIALQBVADkANQArADEALQBUAEwAKwAxAC0ARgA5ADAATQAxADIAVABBAE8AKwAxAC0ARgA5ADAATQAxADIAUgArADEALQBWAEkAUAAxADIAKwAxAA"&"prod=90"&"ver=9.0.914

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcheal~1.lnk - c:\program files\toshiba\toshiba management console\TOSHealthLocalS.vbs

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256154394953

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344907149265

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{EA640758-B9E4-42F6-9E49-A743AA469956} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll

Notify: TabBtnWL - TabBtnWL.dll

Notify: tpgwlnotify - tpgwlnot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-10-26 6144]

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2009-10-26 5888]

R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2009-10-26 126976]

R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2009-10-21 8832]

R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2009-10-21 14208]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250056]

.

=============== Created Last 30 ================

.

2012-08-15 16:18:12 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-08-15 16:15:35 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04c0f142-4f57-4ac1-8946-c53271ae1ac6}\mpengine.dll

2012-08-15 16:14:09 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-15 16:01:50 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-08-15 15:05:36 -------- d-----w- C:\Malware scanners

2012-08-15 15:01:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-15 14:57:31 -------- d-----w- c:\program files\HitmanPro

2012-08-15 14:57:17 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2012-08-14 18:45:34 -------- d-----w- c:\program files\ESET

2012-08-14 18:07:47 -------- d-----w- c:\documents and settings\testuser\local settings\application data\PCHealth

2012-08-14 17:58:17 -------- d-----w- c:\windows\pss

2012-08-14 02:44:30 -------- d-----w- c:\windows\system32\XPSViewer

2012-08-14 02:43:59 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-08-14 02:43:30 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-08-14 02:43:30 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-08-14 02:43:30 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-08-14 02:43:30 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-08-14 02:43:30 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-08-14 02:43:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-08-14 02:43:30 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-08-14 02:43:30 117760 ------w- c:\windows\system32\prntvpt.dll

2012-08-14 02:19:35 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2012-08-14 02:19:31 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2012-08-14 02:19:29 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2012-08-14 02:19:24 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2012-08-14 02:19:19 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2012-08-14 02:18:00 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2012-08-14 02:17:52 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2012-08-14 02:17:49 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2012-08-14 02:17:35 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2012-08-14 02:17:34 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2012-08-14 02:17:32 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2012-08-14 02:15:58 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys

2012-08-14 02:14:58 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2012-08-14 02:13:53 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2012-08-14 02:12:56 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2012-08-14 02:11:58 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2012-08-14 02:10:59 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2012-08-14 02:09:56 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll

2012-08-14 02:08:59 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2012-08-14 02:07:59 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll

2012-08-14 02:06:57 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2012-08-14 02:05:59 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll

2012-08-14 02:04:59 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys

2012-08-14 02:03:59 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys

2012-08-14 02:02:58 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2012-08-14 02:01:56 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys

2012-08-14 02:01:49 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys

2012-08-14 02:01:48 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2012-08-14 02:01:44 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2012-08-14 02:01:37 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2012-08-14 02:01:35 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2012-08-14 02:01:21 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2012-08-14 02:01:18 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2012-08-14 02:01:17 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2012-08-14 02:01:10 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2012-08-14 02:01:06 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2012-08-14 02:01:01 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2012-08-14 01:59:57 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2012-08-14 01:58:55 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2012-08-14 01:57:59 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys

2012-08-14 01:56:59 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2012-08-14 01:55:59 48128 -c--a-w- c:\windows\system32\dllcache\hpgt33tk.dll

2012-08-14 01:54:58 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys

2012-08-14 01:53:58 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe

2012-08-14 01:52:59 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys

2012-08-14 01:51:59 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys

2012-08-14 01:50:48 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2012-08-14 01:49:56 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys

2012-08-14 01:41:30 -------- d-----w- c:\documents and settings\testuser\application data\ElevatedDiagnostics

2012-08-13 22:08:48 -------- d-----w- c:\documents and settings\testuser\application data\Malwarebytes

2012-08-13 22:05:31 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-08-13 22:01:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-08-13 22:01:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-13 22:01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-13 21:29:16 -------- d-----w- c:\program files\MSXML 4.0

2012-08-13 20:45:59 -------- d-----w- c:\windows\system32\appmgmt

2012-07-30 23:08:10 -------- d-----w- c:\documents and settings\all users\application data\WEBREG

2012-07-30 23:06:14 -------- d-----w- c:\documents and settings\testuser\local settings\application data\HP

2012-07-30 23:03:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2012-07-30 23:02:58 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2012-07-30 23:02:04 315904 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll

2012-07-30 23:02:03 123904 ----a-w- c:\windows\system32\hpf3l70w.dll

2012-07-30 23:02:02 452408 ----a-r- c:\windows\system32\hpzids01.dll

2012-07-30 23:01:54 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2012-07-30 23:01:11 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2012-07-30 23:01:11 309760 ----a-r- c:\windows\system32\difxapi.dll

2012-07-30 23:01:09 315392 ----a-r- c:\windows\system32\hpwvst01.dll

2012-07-30 23:01:08 966656 ----a-r- c:\windows\system32\hpwtiop5.dll

2012-07-30 23:01:08 749568 ----a-r- c:\windows\system32\hpwwiax6.dll

2012-07-30 22:52:28 -------- d-----w- c:\program files\common files\HP

2012-07-30 22:52:26 -------- d-----w- c:\program files\common files\Hewlett-Packard

2012-07-30 22:51:42 -------- d-----w- c:\windows\hpoj4500g510g-m

2012-07-30 22:46:04 -------- d-----w- c:\program files\HP

.

==================== Find3M ====================

.

2012-08-13 21:00:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-13 21:00:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

.

============= FINISH: 12:57:31.82 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/21/2009 10:33:07 AM

System Uptime: 8/15/2012 12:31:32 PM (0 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | uFC-PGA Socket | 1828/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 62.648 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\IFX0102\4&38462492&0

Manufacturer:

Name:

PNP Device ID: ACPI\IFX0102\4&38462492&0

Service:

.

==== System Restore Points ===================

.

RP94: 5/16/2012 10:45:07 PM - System Checkpoint

RP95: 5/17/2012 10:56:51 PM - System Checkpoint

RP96: 5/18/2012 11:56:46 PM - System Checkpoint

RP97: 5/20/2012 12:56:50 AM - System Checkpoint

RP98: 5/21/2012 1:56:46 AM - System Checkpoint

RP99: 5/22/2012 2:22:47 AM - System Checkpoint

RP100: 5/23/2012 3:22:51 AM - System Checkpoint

RP101: 5/24/2012 4:22:37 AM - System Checkpoint

RP102: 5/25/2012 5:22:37 AM - System Checkpoint

RP103: 5/26/2012 6:22:33 AM - System Checkpoint

RP104: 5/27/2012 7:22:33 AM - System Checkpoint

RP105: 5/28/2012 8:22:37 AM - System Checkpoint

RP106: 5/29/2012 8:58:38 AM - System Checkpoint

RP107: 5/30/2012 9:56:14 AM - System Checkpoint

RP108: 5/30/2012 6:08:42 PM - Avg Update

RP109: 5/31/2012 6:58:21 PM - System Checkpoint

RP110: 6/1/2012 7:46:40 PM - System Checkpoint

RP111: 6/2/2012 8:45:05 PM - System Checkpoint

RP112: 6/5/2012 12:00:14 AM - System Checkpoint

RP113: 6/5/2012 12:19:54 AM - Software Distribution Service 3.0

RP114: 6/6/2012 12:27:29 AM - System Checkpoint

RP115: 6/7/2012 12:32:00 AM - System Checkpoint

RP116: 6/7/2012 9:34:30 AM - Avg Update

RP117: 6/8/2012 9:50:32 PM - System Checkpoint

RP118: 6/9/2012 10:25:41 PM - System Checkpoint

RP119: 6/10/2012 11:25:42 PM - System Checkpoint

RP120: 6/12/2012 4:50:26 PM - System Checkpoint

RP121: 6/13/2012 5:27:43 PM - System Checkpoint

RP122: 6/15/2012 10:08:11 PM - System Checkpoint

RP123: 6/16/2012 10:45:58 PM - System Checkpoint

RP124: 6/17/2012 11:46:02 PM - System Checkpoint

RP125: 6/19/2012 12:42:37 AM - System Checkpoint

RP126: 6/20/2012 1:42:18 AM - System Checkpoint

RP127: 6/21/2012 2:32:31 AM - System Checkpoint

RP128: 6/22/2012 1:48:54 PM - System Checkpoint

RP129: 6/23/2012 2:42:59 PM - System Checkpoint

RP130: 6/24/2012 3:31:38 PM - System Checkpoint

RP131: 6/26/2012 12:26:18 AM - System Checkpoint

RP132: 6/27/2012 12:50:20 AM - System Checkpoint

RP133: 6/28/2012 12:54:54 AM - System Checkpoint

RP134: 6/29/2012 1:54:52 AM - System Checkpoint

RP135: 6/29/2012 8:47:33 AM - Avg Update

RP136: 6/30/2012 11:51:18 PM - System Checkpoint

RP137: 7/2/2012 12:45:36 AM - System Checkpoint

RP138: 7/3/2012 12:45:58 AM - System Checkpoint

RP139: 7/4/2012 2:01:20 AM - System Checkpoint

RP140: 7/5/2012 12:34:21 AM - Software Distribution Service 3.0

RP141: 7/8/2012 5:58:55 PM - System Checkpoint

RP142: 7/15/2012 11:20:31 AM - System Checkpoint

RP143: 7/16/2012 10:44:54 PM - System Checkpoint

RP144: 7/17/2012 10:10:16 PM - Software Distribution Service 3.0

RP145: 7/18/2012 10:22:36 PM - System Checkpoint

RP146: 7/23/2012 11:34:35 PM - System Checkpoint

RP147: 7/30/2012 7:04:45 PM - Printer Driver HP Officejet 4500 G510g-m fax Installed

RP148: 8/1/2012 3:17:07 PM - System Checkpoint

RP149: 8/6/2012 12:48:47 AM - System Checkpoint

RP150: 8/13/2012 4:45:58 PM - Removed Ask Toolbar.

RP151: 8/13/2012 4:46:41 PM - Removed ASPCA Reminder by We-Care.com v4.0.16.1

RP152: 8/13/2012 4:50:06 PM - Removed Ask Toolbar.

RP153: 8/13/2012 5:02:43 PM - Software Distribution Service 3.0

RP154: 8/13/2012 5:07:35 PM - Removed WeatherBug

RP155: 8/13/2012 5:10:26 PM - Removed Mobile Broadband Generic Drivers.

RP156: 8/13/2012 5:28:58 PM - Software Distribution Service 3.0

RP157: 8/13/2012 6:05:30 PM - Software Distribution Service 3.0

RP158: 8/13/2012 9:21:02 PM - Software Distribution Service 3.0

RP159: 8/13/2012 9:30:06 PM - Installed %1 %2.

RP160: 8/13/2012 9:46:58 PM - Installed Microsoft Fix it 50687

RP161: 8/13/2012 9:48:09 PM - Installed Microsoft Fix it 50884

RP162: 8/13/2012 10:39:10 PM - Software Distribution Service 3.0

RP163: 8/13/2012 10:55:53 PM - Printer Driver Microsoft XPS Document Writer Installed

RP164: 8/13/2012 11:01:34 PM - Software Distribution Service 3.0

RP165: 8/14/2012 7:38:00 AM - Removed Ask Toolbar.

RP166: 8/14/2012 7:38:49 AM - Removed BabylonObjectInstaller

RP167: 8/14/2012 7:40:35 AM - Removed VZAccess Manager for Novatel.

RP168: 8/14/2012 7:53:12 AM - Software Distribution Service 3.0

RP169: 8/15/2012 12:15:08 PM - Software Distribution Service 3.0

RP170: 8/15/2012 12:19:07 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

4500_G510gm_Help

4500G510gm

4500G510gm_Software_Min

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.1

Adobe Shockwave Player 11.5

ALPS Touch Pad Driver

Atheros Wireless LAN MiniPCI/PCIe card Driver

Bluetooth Stack for Windows by Toshiba

BufferChm

Destinations

DeviceDiscovery

DocMgr

DocProc

DVD-RAM Driver

EPSON NX410 Series Printer Uninstall

EPSON Scan

ESET Online Scanner v3

Fax

FBDownloader IE Add-on

GPBaseService2

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP Officejet 4500 G510g-m

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPProductAssistant

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Java 6 Update 17

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network

OCR Software by I.R.I.S. 13.0

OpenOffice.org 3.1

Scan

SD Secure Module

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660649)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SigmaTel Audio

SmartWebPrinting

SolutionCenter

Status

Texas Instruments PCIxx21/x515 drivers.

TIxx21/x515

Toolbox

TOSHIBA HDD Protection

TOSHIBA Management Console Version 3.5 (3.5.4)

TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP

TOSHIBA Software Modem

TOSHIBA TouchPad On/Off Utility V2.05.01

TOSHIBA Utilities

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

WinZip 14.0

.

==== Event Viewer Messages From Past Week ========

.

8/15/2012 11:06:12 AM, error: Service Control Manager [7034] - The Tmesrv3 service terminated unexpectedly. It has done this 1 time(s).

8/15/2012 11:06:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

8/15/2012 11:06:12 AM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).

8/15/2012 11:02:55 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 00130290C546 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

8/15/2012 10:35:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

8/14/2012 7:36:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Thpdrv

8/14/2012 7:36:17 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

8/14/2012 7:34:18 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 00130290C546 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

8/14/2012 2:06:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 00130290C546 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

8/13/2012 9:48:10 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/13/2012 9:14:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/13/2012 8:16:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/13/2012 5:40:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/13/2012 5:39:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/13/2012 5:02:59 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430).

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: TestUser [Admin rights]

Mode: Scan -- Date: 08/15/2012 14:52:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8032GSX +++++

--- User ---

[MBR] a7417018aabe567a5fea74505a9641bb

[bSP] e496c593b619fccc1d30706c1e34fdd4 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.