Jump to content

Infected


caewe12

Recommended Posts

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

What's the operating system and can you boot into safe mode?

See if you can....start here:

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

Hi,

I have Windows XP. I should have come straight to the forum but instead did some self medicating (I know bad idea). Not sure if I can even recall everything I've done but if you need me to I can try. I am able to boot up and access the internet and am no longer being redirected. Here are the logs. Thank you for your help. Cheryl E.

PS - Somehow Yahoo.genieo got invited to the party. I tried to get rid of it but don't think I did. I reset my homepage but think it's stil lurking.

DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Ekenbarger's at 8:05:40 on 2012-11-18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2136 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

.

============== Running Processes ================

.

C:\Program Files\Webroot\WRSA.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Webroot\WRSA.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cox.net/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

dURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>

dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\ekenbarger's\application data\defaulttab\defaulttab\DefaultTabBHO.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [HostManager] c:\program files\common files\aol\1178326658\ee\AOLSoftware.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoViewOnDrive = dword:0

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: DisableLocalMachineRun = dword:0

uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

uPolicies-Explorer: DisableCurrentUserRun = dword:0

uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:0

uPolicies-Explorer: NoFile = dword:0

uPolicies-Explorer: HideClock = dword:0

uPolicies-Explorer: NoDevMgrUpdate = dword:0

uPolicies-Explorer: NoDFSTab = dword:0

uPolicies-Explorer: NoWindowsUpdate = dword:0

uPolicies-Explorer: NoEncryptOnMove = dword:0

uPolicies-Explorer: NoRunasInstallPrompt = dword:0

uPolicies-Explorer: NoResolveTrack = dword:0

uPolicies-Explorer: NoStartMenuSubFolders = dword:0

uPolicies-System: NoDispAppearancePage = dword:0

uPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoViewOnDrive = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-System: NoDispAppearancePage = dword:0

mPolicies-System: NoDispSettingsPage = dword:0

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www6.iepdirect.com/ScriptX_6_5/smsx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://e-talk1.whps.org/dwa7W.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi

FF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-11-17 112656]

R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-11-17 729544]

S2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-11-8 568832]

S2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\ekenbarger's\application data\defaulttab\defaulttab\DTUpdate.exe [2012-11-11 107520]

S2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2006-5-21 34916]

S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-10 5120]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-18 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-18 40552]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]

S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]

.

=============== Created Last 30 ================

.

2012-11-17 21:17:57 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys

2012-11-17 16:41:17 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys

2012-11-17 13:23:12 150712 ----a-w- c:\windows\system32\WRusr.dll

2012-11-17 13:23:12 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-11-17 13:23:09 -------- d-----w- c:\program files\Webroot

2012-11-17 13:21:19 -------- d-----w- c:\documents and settings\all users\application data\WRData

2012-11-17 12:58:59 -------- d-----w- C:\CCE_Quarantine

2012-11-17 09:33:02 -------- d-----w- c:\documents and settings\ekenbarger's\application data\Utduu

2012-11-17 09:33:02 -------- d-----w- c:\documents and settings\ekenbarger's\application data\Bykegy

2012-11-11 12:08:39 -------- d-----w- c:\program files\DefaultTab

2012-11-11 12:08:28 -------- d-----w- c:\documents and settings\ekenbarger's\application data\DefaultTab

2012-11-06 22:50:59 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-06 00:54:32 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2012-10-30 22:48:56 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-10-30 22:48:56 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-24 22:56:12 417792 ------w- c:\windows\Setup1.exe

2012-09-24 22:56:10 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-09-17 14:09:15 56 --sh--r- c:\windows\system32\86307A10A8.sys

2012-09-17 14:09:15 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ---h--w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ---ha-w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ---ha-w- c:\windows\system32\wintrust.dll

2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 17:01:22 106928 ---ha-w- c:\windows\system32\GEARAspi.dll

2012-08-21 13:33:26 2148864 ---ha-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:09 2027520 ---ha-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 8:10:02.42 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 9/20/2005 7:58:34 PM

System Uptime: 11/18/2012 7:59:01 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0X8582

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 146 GiB total, 88.342 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1331: 8/8/2012 5:11:21 AM - System Checkpoint

RP1332: 8/9/2012 6:05:24 AM - System Checkpoint

RP1333: 8/10/2012 7:00:43 AM - System Checkpoint

RP1334: 8/11/2012 7:54:45 AM - System Checkpoint

RP1335: 8/12/2012 8:49:36 AM - System Checkpoint

RP1336: 8/13/2012 9:26:33 AM - System Checkpoint

RP1337: 8/14/2012 10:20:49 AM - System Checkpoint

RP1338: 8/15/2012 11:15:03 AM - System Checkpoint

RP1339: 8/15/2012 8:00:17 PM - Software Distribution Service 3.0

RP1340: 8/16/2012 8:20:22 PM - System Checkpoint

RP1341: 8/17/2012 9:14:20 PM - System Checkpoint

RP1342: 8/18/2012 9:33:22 PM - System Checkpoint

RP1343: 8/19/2012 10:55:05 PM - System Checkpoint

RP1344: 8/20/2012 11:26:30 PM - System Checkpoint

RP1345: 8/22/2012 12:20:33 AM - System Checkpoint

RP1346: 8/23/2012 1:14:46 AM - System Checkpoint

RP1347: 8/24/2012 1:41:48 AM - System Checkpoint

RP1348: 8/25/2012 2:35:58 AM - System Checkpoint

RP1349: 8/26/2012 3:30:15 AM - System Checkpoint

RP1350: 8/27/2012 4:25:33 AM - System Checkpoint

RP1351: 8/28/2012 5:20:47 AM - System Checkpoint

RP1352: 8/29/2012 6:16:11 AM - System Checkpoint

RP1353: 8/30/2012 7:25:33 AM - System Checkpoint

RP1354: 8/31/2012 8:04:39 AM - System Checkpoint

RP1355: 9/1/2012 11:07:15 AM - System Checkpoint

RP1356: 9/2/2012 11:53:21 AM - System Checkpoint

RP1357: 9/3/2012 12:56:42 PM - System Checkpoint

RP1358: 9/4/2012 1:48:12 PM - System Checkpoint

RP1359: 9/5/2012 1:53:11 PM - System Checkpoint

RP1360: 9/6/2012 2:27:28 PM - System Checkpoint

RP1361: 9/7/2012 2:34:12 PM - System Checkpoint

RP1362: 9/8/2012 3:51:01 PM - System Checkpoint

RP1363: 9/9/2012 4:10:08 PM - System Checkpoint

RP1364: 9/10/2012 5:19:29 PM - System Checkpoint

RP1365: 9/11/2012 6:02:17 PM - System Checkpoint

RP1366: 9/12/2012 6:56:26 PM - System Checkpoint

RP1367: 9/12/2012 8:00:16 PM - Software Distribution Service 3.0

RP1368: 9/13/2012 8:50:41 PM - System Checkpoint

RP1369: 9/14/2012 9:45:05 PM - System Checkpoint

RP1370: 9/16/2012 7:58:00 AM - System Checkpoint

RP1371: 9/17/2012 8:31:00 AM - System Checkpoint

RP1372: 9/18/2012 9:23:31 AM - System Checkpoint

RP1373: 9/19/2012 10:17:53 AM - System Checkpoint

RP1374: 9/20/2012 11:12:06 AM - System Checkpoint

RP1375: 9/21/2012 12:06:20 PM - System Checkpoint

RP1376: 9/21/2012 8:00:16 PM - Software Distribution Service 3.0

RP1377: 9/22/2012 8:20:32 PM - System Checkpoint

RP1378: 9/23/2012 8:59:04 PM - System Checkpoint

RP1379: 9/24/2012 7:01:47 PM - Printer Driver Amyuni PDF Converter 2.07 Installed

RP1380: 9/25/2012 7:37:03 PM - System Checkpoint

RP1381: 9/26/2012 8:31:29 PM - System Checkpoint

RP1382: 9/27/2012 8:46:55 PM - System Checkpoint

RP1383: 9/28/2012 8:48:24 PM - System Checkpoint

RP1384: 9/29/2012 9:20:59 PM - System Checkpoint

RP1385: 9/30/2012 10:11:15 PM - System Checkpoint

RP1386: 10/1/2012 11:03:59 PM - System Checkpoint

RP1387: 10/2/2012 11:08:15 PM - System Checkpoint

RP1388: 10/3/2012 11:53:58 PM - System Checkpoint

RP1389: 10/5/2012 12:49:35 AM - System Checkpoint

RP1390: 10/6/2012 1:43:57 AM - System Checkpoint

RP1391: 10/7/2012 2:38:22 AM - System Checkpoint

RP1392: 10/8/2012 3:32:45 AM - System Checkpoint

RP1393: 10/9/2012 4:25:49 AM - System Checkpoint

RP1394: 10/10/2012 5:20:04 AM - System Checkpoint

RP1395: 10/11/2012 6:00:58 AM - System Checkpoint

RP1396: 10/11/2012 8:00:17 PM - Software Distribution Service 3.0

RP1397: 10/12/2012 8:21:37 PM - System Checkpoint

RP1398: 10/13/2012 9:17:01 PM - System Checkpoint

RP1399: 10/14/2012 9:54:14 PM - System Checkpoint

RP1400: 10/15/2012 10:09:47 PM - System Checkpoint

RP1401: 10/16/2012 11:03:50 PM - System Checkpoint

RP1402: 10/17/2012 11:57:50 PM - System Checkpoint

RP1403: 10/19/2012 12:03:03 AM - System Checkpoint

RP1404: 10/20/2012 12:25:17 AM - System Checkpoint

RP1405: 10/21/2012 1:19:49 AM - System Checkpoint

RP1406: 10/22/2012 2:14:18 AM - System Checkpoint

RP1407: 10/23/2012 3:11:16 AM - System Checkpoint

RP1408: 10/24/2012 3:59:05 AM - System Checkpoint

RP1409: 10/25/2012 4:46:09 AM - System Checkpoint

RP1410: 10/26/2012 5:22:58 AM - System Checkpoint

RP1411: 10/27/2012 6:17:06 AM - System Checkpoint

RP1412: 10/28/2012 7:11:14 AM - System Checkpoint

RP1413: 10/29/2012 8:21:12 AM - System Checkpoint

RP1414: 10/30/2012 8:29:42 AM - System Checkpoint

RP1415: 10/31/2012 8:47:06 AM - System Checkpoint

RP1416: 11/1/2012 9:41:31 AM - System Checkpoint

RP1417: 11/2/2012 10:37:09 AM - System Checkpoint

RP1418: 11/3/2012 11:43:21 AM - System Checkpoint

RP1419: 11/4/2012 1:55:24 PM - System Checkpoint

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Acrobat.com

Adobe Reader X (10.1.4)

AOL Coach Version 1.0(Build:20040229.1 en)

AOL Uninstaller (Choose which Products to Remove)

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Software Suite

ATI Control Panel

ATI Display Driver

Bonjour

Compatibility Pack for the 2007 Office system

Creative MediaSource

DAO 3.5

DB CIF Cam

DefaultTab

DefaultTab Chrome

Dell Media Experience

Dell Photo AIO Printer 924

Dell Picture Studio v3.0

Dell Support 3.2.1

Dell System Restore

EarthLink setup files

ERUNT 1.1j

ESET Online Scanner v3

FoneSync

Get High Speed Internet!

GIMP 2.6.6

Google Chrome

Google Drive

Google Earth

Google SketchUp 6

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel Matrix Storage Manager

Intel® 537EP V9x DF PCI Modem

Intel® PRO Network Connections Software v9.2.4.11

Intel® PROSafe for Wired Connections

Internet Explorer Default Page

iTunes

Jasc Paint Shop Photo Album 5

Jasc Paint Shop Pro Studio, Dell Editon

Java Auto Updater

Java 6 Update 31

LiveUpdate 3.2 (Symantec Corporation)

Macromedia Flash Player

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Picture It! Publishing 2001

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Word 2000 SR-1

Microsoft Works 2001 Setup Launcher

Microsoft Works 6.0

Microsoft Works Suite Add-in for Microsoft Word

MobileMe Control Panel

Modem Event Monitor

Modem Helper

Modem On Hold

Move Networks Media Player for Internet Explorer

Mozilla Firefox 10.0.2 (x86 en-US)

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

Musicmatch for Windows Media Player

NetZeroInstallers

NickToons Racing

Nikon Message Center

Norton Ghost

Pdf995

PdfEdit995

Photo Click

PictureProject

PowerDVD 5.5

QuickBooks Simple Start Special Edition

Quicken Basic 2000

QuickTime

Rayman Raving Rabbids

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shockwave

Sonic DLA

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sound Blaster Live! 24-bit

SPORE™

SPORE™ Galactic Adventures

STICKIDS

TaxCut Basic 2006

Type to Learn 3

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

WebFldrs XP

Webroot SecureAnywhere

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

WordPerfect Office 12

Works Suite OS Pack

Works Synchronization

.

==== Event Viewer Messages From Past Week ========

.

11/18/2012 8:01:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

11/17/2012 9:31:43 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

11/17/2012 8:54:52 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

11/17/2012 8:13:33 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SymSnapService service, but this action failed with the following error: An instance of the service is already running.

11/17/2012 8:12:33 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 8:12:33 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 8:12:33 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 8:12:33 PM, error: Service Control Manager [7031] - The SymSnapService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 8:12:32 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

11/17/2012 8:12:32 PM, error: Service Control Manager [7031] - The Norton Ghost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

11/17/2012 8:12:32 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/17/2012 7:48:02 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: An instance of the service is already running.

11/17/2012 7:47:52 PM, error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

11/11/2012 9:30:10 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.

11/11/2012 9:29:45 PM, error: SRService [104] - The System Restore initialization process failed.

11/11/2012 9:05:21 PM, error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).

11/11/2012 8:52:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/11/2012 8:26:15 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 87bdf097, parameter3 ba4f7a90, parameter4 ba4f778c.

11/11/2012 7:38:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/11/2012 7:30:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv

11/11/2012 7:08:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

.

==== End Of File ===========================

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Ekenbarger's [Admin rights]

Mode : Scan -- Date : 11/18/2012 08:19:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y160M0 +++++

--- User ---

[MBR] e8c4ef311439380bf8161fe3e04c23d1

[bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 1234b9627f851ba5c40b58d46ae5bfa5

[bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown [possible maxSST in 3!]

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo

3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312496380 | Size: 1 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 1234b9627f851ba5c40b58d46ae5bfa5

[bSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown [possible maxSST in 3!]

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 149071 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 305411715 | Size: 3459 Mo

3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312496380 | Size: 1 Mo

+++++ PhysicalDrive1: WDC WD5000AADS-00S9B0 +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_11182012_02d0819.txt >>

RKreport[1]_S_11182012_02d0819.txt

Link to post
Share on other sites

Please create a new system restore point before running Malwarebytes Anti-Rootkit.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

When done......

Please run the fixdamage tool in the Malwarebytes Anti-Rootkit folder and reboot.

MrC

Link to post
Share on other sites

Hi,

I downloaded the Malwarebytes Anti-Rootkit but ran into a problem. I was not in safe mode. I got as far as beginning the scan and the the screen flicked, then an all too familiar blue screen appeared. It said Windows had shut down..........dumping physical memory etc. I rebooted in safe mode and tried to run it again but rec'd an error message that said could not load protection driver. It's just sitting there now. Help. Cheryl

Link to post
Share on other sites

Do this instead:

Download and unzip the attached TDSSKiller to your desktop.

When you run it...Please don't Update it when asked!!!

Here's how:

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to check the Loaded Modules" box or post the log)

21:10:24.0828 2236 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:10:24.0828 2236 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~~~~~~~~~~

Lets run ComboFix to clean up any leftovers.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC (be back in the AM)

Link to post
Share on other sites

Hi,

TDSSKiller didn't find anything. I ran Combofix. Here is the log. Thanks. Cheryl

ComboFix 12-11-19.02 - Ekenbarger's 11/19/2012 18:42:53.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2034 [GMT -5:00]

Running from: c:\documents and settings\Ekenbarger's\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\addon.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\amazon_ie.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DT.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DTUpdate.exe

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\ebay_ie.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\facebook_ie.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\imdb_ie.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\search_here_ie.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\searchhere.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\twitter_ie.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico

c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\youtube_ie.ico

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_DEFAULTTABSEARCH

-------\Service_DefaultTabSearch

-------\Legacy_DefaultTabUpdate

-------\Legacy_DefaultTabUpdate

-------\Service_DefaultTabUpdate

-------\Service_DefaultTabUpdate

.

.

((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))

.

.

2012-11-19 02:10 . 2012-11-19 02:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-17 21:17 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys

2012-11-17 16:41 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys

2012-11-17 13:23 . 2012-11-17 13:23 150712 ----a-w- c:\windows\system32\WRusr.dll

2012-11-17 13:23 . 2012-11-17 13:23 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-11-17 13:23 . 2012-11-17 13:23 -------- d-----w- c:\program files\Webroot

2012-11-17 13:21 . 2012-11-19 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData

2012-11-17 12:58 . 2012-11-17 12:59 -------- d-----w- C:\CCE_Quarantine

2012-11-17 09:33 . 2012-11-17 13:31 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Utduu

2012-11-17 09:33 . 2012-11-17 13:06 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Bykegy

2012-11-11 12:08 . 2012-11-17 13:24 -------- d-----w- c:\program files\DefaultTab

2012-11-11 12:08 . 2012-11-19 23:50 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\DefaultTab

2012-11-06 22:50 . 2012-11-12 00:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-06 00:54 . 2012-11-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-10-30 22:48 . 2012-10-30 22:48 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:48 . 2011-08-22 17:27 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-24 22:56 . 2012-09-24 22:55 417792 ------w- c:\windows\Setup1.exe

2012-09-24 22:56 . 2012-09-24 22:55 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-10 17:51 177664 ---ha-w- c:\windows\system32\wintrust.dll

2012-03-12 01:37 . 2012-03-12 01:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-17 729544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"DisableLocalMachineRun"= 0 (0x0)

"DisableLocalMachineRunOnce"= 0 (0x0)

"DisableCurrentUserRun"= 0 (0x0)

"DisableCurrentUserRunOnce"= 0 (0x0)

"NoFile"= 0 (0x0)

"HideClock"= 0 (0x0)

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/17/2012 8:23 AM 112656]

R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]

R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/17/2012 8:23 AM 729544]

R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 22:48]

.

2012-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-11-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:26]

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]

.

2012-11-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-11-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-11-19 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cox.net/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: microsoft.com\www.update

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=

FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi

FF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

------- File Associations -------

.

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll

SafeBoot-35727893.sys

SafeBoot-90234348.sys

AddRemove-DefaultTab - c:\documents and settings\Ekenbarger's\Application Data\DefaultTab\DefaultTab\uninstalldt.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-19 18:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

.

c:\docume~1\EKENBA~1\LOCALS~1\Temp\ArmUI.ini 170356 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sy@"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]

"datasecu"=hex:b8,87,05,22,55,50,53,a9,ec,08,ab,ed,c9,96,3f,46,66,fb,36,1a,02,

51,fe,f6,ea,e2,e1,69,b8,f4,0e,d2,dc,90,61,e7,71,97,13,16,55,fa,93,dd,2e,43,\

"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1252)

c:\windows\system32\WRusr.dll

c:\windows\system32\WININET.dll

c:\program files\Common Files\AOL\ACS\WLHook.dll

c:\program files\Google\Drive\googledrivesync32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.EXE

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\windows\wanmpsvc.exe

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\msdtc.exe

c:\windows\stsystra.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2012-11-19 18:59:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-19 23:59

ComboFix2.txt 2012-03-03 23:09

ComboFix3.txt 2012-02-21 20:37

ComboFix4.txt 2012-02-16 02:12

.

Pre-Run: 91,982,397,440 bytes free

Post-Run: 92,117,921,792 bytes free

.

- - End Of File - - BABBD38B7E78B2D02FE4EAE844CAF779

Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

c:\windows\system32\drivers\cIdshrGq.sys

c:\windows\system32\drivers\tYMsoVkA.sys

Driver::

cIdshrGq

tYMsoVkA

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Hi,

Ran ComboFix. Here is log.

ComboFix 12-11-22.03 - Ekenbarger's 11/23/2012 8:27.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1867 [GMT -5:00]

Running from: c:\documents and settings\Ekenbarger's\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Ekenbarger's\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

.

FILE ::

"c:\windows\system32\drivers\cIdshrGq.sys"

"c:\windows\system32\drivers\tYMsoVkA.sys"

.

.

((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))

.

.

2012-11-19 02:10 . 2012-11-19 02:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-17 21:17 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\cIdshrGq.sys

2012-11-17 16:41 . 2005-07-09 03:02 871040 ----a-w- c:\windows\system32\drivers\tYMsoVkA.sys

2012-11-17 13:23 . 2012-11-17 13:23 150712 ----a-w- c:\windows\system32\WRusr.dll

2012-11-17 13:23 . 2012-11-17 13:23 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-11-17 13:23 . 2012-11-17 13:23 -------- d-----w- c:\program files\Webroot

2012-11-17 13:21 . 2012-11-21 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData

2012-11-17 12:58 . 2012-11-17 12:59 -------- d-----w- C:\CCE_Quarantine

2012-11-17 09:33 . 2012-11-17 13:31 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Utduu

2012-11-17 09:33 . 2012-11-17 13:06 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\Bykegy

2012-11-11 12:08 . 2012-11-17 13:24 -------- d-----w- c:\program files\DefaultTab

2012-11-11 12:08 . 2012-11-19 23:50 -------- d-----w- c:\documents and settings\Ekenbarger's\Application Data\DefaultTab

2012-11-06 22:50 . 2012-11-12 00:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-06 00:54 . 2012-11-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-10-30 22:48 . 2012-10-30 22:48 696760 ---ha-w- c:\windows\system32\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:48 . 2011-08-22 17:27 73656 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-24 22:56 . 2012-09-24 22:55 417792 ------w- c:\windows\Setup1.exe

2012-09-24 22:56 . 2012-09-24 22:55 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-08-28 15:14 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-10 17:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-10 17:51 385024 ---ha-w- c:\windows\system32\html.iec

2012-03-12 01:37 . 2012-03-12 01:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-17 729544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"DisableLocalMachineRun"= 0 (0x0)

"DisableLocalMachineRunOnce"= 0 (0x0)

"DisableCurrentUserRun"= 0 (0x0)

"DisableCurrentUserRunOnce"= 0 (0x0)

"NoFile"= 0 (0x0)

"HideClock"= 0 (0x0)

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [11/17/2012 8:23 AM 112656]

R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]

R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [11/17/2012 8:23 AM 729544]

R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 22:48]

.

2012-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-11-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:26]

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]

.

2012-11-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2012-11-23 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cox.net/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: microsoft.com\www.update

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=

FF - ExtSQL: 2012-11-11 19:40; addon@defaulttab.com; c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\addon@defaulttab.com.xpi

FF - ExtSQL: !HIDDEN! 2010-01-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-23 08:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sy@"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]

"datasecu"=hex:b8,87,05,22,55,50,53,a9,ec,08,ab,ed,c9,96,3f,46,66,fb,36,1a,02,

51,fe,f6,ea,e2,e1,69,b8,f4,0e,d2,dc,90,61,e7,71,97,13,16,55,fa,93,dd,2e,43,\

"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3712)

c:\windows\system32\WRusr.dll

c:\windows\system32\WININET.dll

c:\program files\Google\Drive\googledrivesync32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-11-23 08:37:46

ComboFix-quarantined-files.txt 2012-11-23 13:37

ComboFix2.txt 2012-11-19 23:59

ComboFix3.txt 2012-03-03 23:09

ComboFix4.txt 2012-02-21 20:37

ComboFix5.txt 2012-11-23 13:22

.

Pre-Run: 92,060,700,672 bytes free

Post-Run: 92,097,626,112 bytes free

.

- - End Of File - - 678281CC67CBEB968CF48460B21881BA

Link to post
Share on other sites

It can't be because you deleted these two files, it has to be something else:

c:\windows\system32\drivers\cIdshrGq.sys

c:\windows\system32\drivers\tYMsoVkA.sys

Are you absolutely sure you didn't delete anything else by mistake??

Can you try Last Know Good Configuration?

MrC

Link to post
Share on other sites

Yes. A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. if the screen appears again follow these steps: check for viruses on your computer remove any newly installed hard drives for hard drive controllers check your hard drive to make sure it's properly configured and terminated. Run CHKDSK /F to check for hard drive corruption and then restart your computer. Technical information: stop: 0x0000007B y(0xF789E524, 0xC0000034, 0x00000000,

0x00000000)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.