Jump to content

URLSearch Hook key


Recommended Posts

Working on an XP machine. MBAM quaranteens the following key, but it comes back when IE is opened.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch)

The machine is working well. The problem I'm having is with the installation of IE7. When I install IE7, it comes up asking if you want to save the search site, etc. Then when I click on Save Settings, IE7 hangs. I don't know if that's related to the registry key that keeps coming back.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:17:07 AM, on 4/23/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Mary O'Connor\Desktop\HiJackThis.exe

C:\WINDOWS\system32\HPZipm12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061217

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=asst&amp...l=about%3Ablank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061217

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll

O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe

O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--

End of file - 7241 bytes

Link to post
Share on other sites

  • Root Admin

Hi Tony,

Please run the following and post back the logs. Thanks.

STEP 01

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log

STEP 02

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

STEP 03

    Please create a BOOTLOG
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
Link to post
Share on other sites

Here's the MBAM log and there's that pesky reg key that keeps coming back.

Malwarebytes' Anti-Malware 1.36

Database version: 2036

Windows 5.1.2600 Service Pack 3

4/24/2009 4:03:03 PM

mbam-log-2009-04-24 (16-03-03).txt

Scan type: Quick Scan

Objects scanned: 81310

Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

DDS (Ver_09-03-16.01) - NTFSx86

Run by Tony at 16:04:31.74 on Fri 04/24/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.382 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated)

FW: Verizon Internet Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Mary O'Connor\Local Settings\Temporary Internet Files\Content.IE5\360FOHTA\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061217

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://search.alot.com/sidebar?pr=asst&client_id=D37CF6E001C9AB52167FF178&install_time=22-03-2009:21:00&src_id=11215&camp_id=519&tb_version=2.4.1.393&url=about%3Ablank

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll

BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

TB: {E1BACF55-35E1-4E47-9247-2D48660E5545} - No File

TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

IE: &Search

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: aim.com\aimexpress

Trusted Zone: aol.com\www.aimexpress

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240499542802&h=3304b7d790c0c0df43f354792800d4e3/&filename=jinstall-6u13-windows-i586-jc.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\maryo'~1\applic~1\mozilla\firefox\profiles\in3tij2y.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2009-1-6 112144]

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-1-6 196368]

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-23 38496]

R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2008-10-24 96496]

=============== Created Last 30 ================

2009-04-23 11:12 410,984 a------- c:\windows\system32\deploytk.dll

2009-04-23 11:12 73,728 a------- c:\windows\system32\javacpl.cpl

2009-04-23 10:08 <DIR> --d-h--- c:\windows\system32\GroupPolicy

2009-04-23 09:07 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-04-23 09:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-23 09:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-04-22 13:09 <DIR> --d----- c:\program files\EsetOnlineScanner

2009-04-22 11:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-04-22 11:31 <DIR> --d----- c:\program files\SUPERAntiSpyware

2009-04-22 11:31 <DIR> --d----- c:\docume~1\maryo'~1\applic~1\SUPERAntiSpyware.com

2009-04-22 10:38 <DIR> --d----- c:\docume~1\maryo'~1\applic~1\Malwarebytes

2009-04-22 10:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-04-21 18:42 21,504 a------- c:\windows\system32\hidserv.dll

2009-04-21 18:42 21,504 a------- c:\windows\system32\dllcache\hidserv.dll

2009-04-15 11:37 284,160 -------- c:\windows\system32\dllcache\pdh.dll

2009-04-15 11:37 473,600 -------- c:\windows\system32\dllcache\fastprox.dll

2009-04-15 11:37 401,408 -------- c:\windows\system32\dllcache\rpcss.dll

2009-04-15 11:37 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 11:37 110,592 -------- c:\windows\system32\dllcache\services.exe

2009-04-15 11:37 35,328 -------- c:\windows\system32\dllcache\sc.exe

2009-04-15 11:37 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll

2009-04-15 11:37 714,752 -------- c:\windows\system32\dllcache\ntdll.dll

2009-04-15 11:37 617,472 -------- c:\windows\system32\dllcache\advapi32.dll

2009-04-15 11:37 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-15 11:36 2,560 -------- c:\windows\system32\xpsp4res.dll

2009-04-15 11:36 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb

2009-04-15 11:36 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-24 16:04 106,784 a--sh--- c:\windows\system32\drivers\fidbox2.dat

2009-04-24 16:04 6,967,328 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-04-23 15:05 95,000 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-04-23 15:05 10,964 a--sh--- c:\windows\system32\drivers\fidbox2.idx

2009-04-11 12:44 7,228 a------- c:\docume~1\maryo'~1\applic~1\wklnhst.dat

2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

2009-03-07 12:06 61,224 a------- c:\documents and settings\mary o'connor\GoToAssistDownloadHelper.exe

2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll

2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll

2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll

2009-03-02 19:04 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll

2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe

2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll

2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll

2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll

2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys

2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys

2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe

2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe

2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe

2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe

2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll

2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 16:05:05.01 ===============

Link to post
Share on other sites

Here's the Attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/22/2006 4:24:08 PM

System Uptime: 4/24/2009 3:47:21 PM (1 hours ago)

Motherboard: Dell Inc | | 0UW457

Processor: AMD Athlon 64 Processor 3200+ | Socket M2 | 2004/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 133.53 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 4/23/2009 12:38:03 PM - System Checkpoint

RP2: 4/23/2009 12:38:46 PM - just a Restore Point for reference

==== Installed Programs ======================

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1

AiO_Scan_CDA

AiOSoftwareNPI

ALOT Toolbar

AOLIcon

Broadcom Management Programs

BufferChm

C6100

c6100_Help

CCleaner (remove only)

Conexant D850 56K V.9x DFVc Modem

Consumer Complete Care Services Agreement

Corel Snapfire Plus

CP_CalendarTemplates1

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Panorama1Config

cp_PosterPrintConfig

CueTour

CustomerResearchQFolder

Dell CinePlayer

Dell Network Assistant

Dell Support 3.2.1

Dell System Restore

DellConnect

Destinations

DeviceManagementQFolder

Digital Content Portal

Digital Line Detect

DocProc

DocProcQFolder

Documentation & Support Launcher

DocumentViewer

DocumentViewerQFolder

ESET Online Scanner

eSupportQFolder

Fax_CDA

FullDPAppQFolder

Games, Music, & Photos Launcher

GemMaster Mystic

Get High Speed Internet!

Google Toolbar for Internet Explorer

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB952287)

HP Customer Participation Program 7.0

HP Document Viewer 7.0

HP Imaging Device Functions 7.0

HP Photosmart Premier Software 6.5

HP Photosmart, Officejet and Deskjet 7.0.A

HP Solution Center 7.0

HP Update

HPPhotoSmartExpress

HPProductAssistant

InstantShareDevices

InstantShareDevicesMFC

Java 6 Update 13

Learn2 Player (Uninstall Only)

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Standard 2006

Microsoft Digital Image Standard 2006 Editor

Microsoft Digital Image Standard 2006 Library

Microsoft Encarta Encyclopedia Standard 2006

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Streets & Trips 2006

Microsoft Word 2002

Microsoft Works

Microsoft Works Suite 2006 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Modem Diagnostic Tool

Mozilla Firefox (3.0.9)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

NetWaiting

NewCopy_CDA

NVIDIA Drivers

OCR Software by I.R.I.S 7.0

Otto

PanoStandAlone

PerfectDisk

PhotoGallery

ProductContextNPI

Qualxserve Service Agreement

QuickTime

RandMap

Readme

RealPlayer Basic

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

RPS Ad Blocker

RPS AntiFraud

RPS AntiSpyware

RPS AntiVirus

RPS App Detector

RPS Backup

RPS Burn

RPS CRT

RPS Diagnostic Utility

RPS Firewall

RPS Ksdk

RPS ParentalControl

RPS Performance Tool

RPS PopupBlocker

RPS Privacy Manager

RPS RpsCore

RPS Security Cleanup

RPS Zip

Scan

ScannerCopy

SearchAssist

Security Advisor

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB963027)

SkinsHP1

SlideShow

SolutionCenter

Sonic Activation Module

Sonic Encoders

Sonic Update Manager

Sonic_PrimoSDK

Status

Toolbox

TrayApp

Unload

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update Rollup 2 for Windows XP Media Center Edition 2005

URL Assistant

Verizon Broadband Toolbar

Verizon Internet Security Suite

Verizon Online Help and Support

Verizon Servicepoint 1.5.22

Viewpoint Media Player

WebCyberCoach 3.2 Dell

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB912067

Windows XP Service Pack 3

Works Upgrade

==== Event Viewer Messages From Past Week ========

4/22/2009 9:59:51 AM, error: Dhcp [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 00188B59C7A9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

4/22/2009 12:57:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

4/22/2009 12:33:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips KL1 KLIF nvatabus nvraid SASDIFSV SASKUTIL StarOpen

4/22/2009 11:39:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec KL1 KLIF MRxSmb NetBIOS NetBT nvatabus nvraid RasAcd Rdbss SASKUTIL StarOpen Tcpip

4/22/2009 11:34:15 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

4/22/2009 11:23:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

4/22/2009 11:22:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/22/2009 11:21:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/22/2009 10:29:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/22/2009 10:24:30 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec KL1 KLIF MRxSmb NetBIOS NetBT nvatabus nvraid RasAcd Rdbss StarOpen Tcpip

4/22/2009 10:24:30 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2009 10:24:30 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2009 10:24:30 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2009 10:24:30 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

4/20/2009 5:55:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

Link to post
Share on other sites

Service Pack 3 4 24 2009 16:21:07.500

Loaded driver \WINDOWS\system32\ntkrnlpa.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver nvraid.sys

Loaded driver \WINDOWS\system32\drivers\CLASSPNP.SYS

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver nvatabus.sys

Loaded driver disk.sys

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver DRVMCDB.SYS

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver DefragFS.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver Mup.sys

Loaded driver kl1.sys

Loaded driver \WINDOWS\System32\DRIVERS\TDI.SYS

Loaded driver \SystemRoot\system32\DRIVERS\AmdK8.sys

Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys

Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\System32\Drivers\DLACDBHM.SYS

Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSFHWBS2.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSF_DP.sys

Loaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS

Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys

Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\system32\DRIVERS\psched.sys

Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\system32\DRIVERS\rp_skt32.sys

Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys

Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\system32\DRIVERS\rp_pkt32.sys

Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\system32\DRIVERS\update.sys

Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\system32\drivers\sthda.sys

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys

Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS

Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Loaded driver \SystemRoot\System32\Drivers\DLARTL_N.SYS

Did not load driver \SystemRoot\system32\DRIVERS\i8042prt.sys

Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\system32\DRIVERS\serial.sys

Did not load driver \SystemRoot\system32\DRIVERS\processr.sys

Loaded driver \SystemRoot\System32\Drivers\StarOpen.SYS

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\DRIVERS\klif.sys

Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys

Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys

Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys

Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Loaded driver \SystemRoot\System32\Drivers\DRVNDDM.SYS

Loaded driver \SystemRoot\System32\DLA\DLADResN.SYS

Loaded driver \SystemRoot\System32\DLA\DLAIFS_M.SYS

Loaded driver \SystemRoot\System32\DLA\DLAOPIOM.SYS

Loaded driver \SystemRoot\System32\DLA\DLAPoolM.SYS

Loaded driver \SystemRoot\System32\DLA\DLABOIOM.SYS

Loaded driver \SystemRoot\System32\DLA\DLAUDFAM.SYS

Loaded driver \SystemRoot\System32\DLA\DLAUDF_M.SYS

Loaded driver \SystemRoot\system32\DRIVERS\hnm_wrls_pkt.sys

Loaded driver \SystemRoot\system32\DRIVERS\packet.sys

Loaded driver \SystemRoot\system32\DRIVERS\wsp_pkt.sys

Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys

Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys

Loaded driver \SystemRoot\System32\Drivers\ASCTRM.SYS

Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys

Loaded driver \SystemRoot\system32\DRIVERS\srv.sys

Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Link to post
Share on other sites

The RootRepeal log: Note - it shows that there were blocked IP packets by Verizon Internet Security Suite. I opened the Verizon Firewall and there's nothing in the log.

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/04/24 16:42

Program Version: Version 1.2.3.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF32E1000 Size: 98304 File Visible: No

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF79C9000 Size: 8192 File Visible: No

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB8B69000 Size: 45056 File Visible: No

Status: -

Hidden/Locked Files

-------------------

Path: C:\Documents and Settings\Tony\Local Settings\Temp\etilqs_6nkjPeUeu0gvNfqfGE7i

Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\WINDOWS\system32\wbem\Logs\wbemess.log

Status: Size mismatch (API: 39955, Raw: 38718)

Path: C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Internet Security Suite\Logs\SafetyConsoleLog04-24-2009--16-21-53.log

Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Internet Security Suite\Logs\FirewallService - Blocked Packets - 04-24-2009--16-17-31.log

Status: Allocation size mismatch (API: 80, Raw: 0)

Path: C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Internet Security Suite\Logs\FirewallService - Blocked Packets - 04-24-2009--16-20-25.log

Status: Allocation size mismatch (API: 80, Raw: 0)

Path: C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Internet Security Suite\Logs\FirewallService04-24-2009--16-21-38.log

Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\360FOHTA\2[1].htm

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\GHY5IKD7\Q_LXFKdy02E[1].js

Status: Invisible to the Windows API!

SSDT

-------------------

#: 025 Function Name: NtClose

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf34052a0

#: 031 Function Name: NtConnectPort

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf340334e

#: 047 Function Name: NtCreateProcess

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3404fd0

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3405140

#: 050 Function Name: NtCreateSection

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3405e10

#: 052 Function Name: NtCreateSymbolicLinkObject

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf34058ae

#: 053 Function Name: NtCreateThread

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf34067d0

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3405450

#: 097 Function Name: NtLoadDriver

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3402ea0

#: 116 Function Name: NtOpenFile

Status: Hooked by "kl1.sys" at address 0xf7158030

#: 122 Function Name: NtOpenProcess

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3404dc0

#: 125 Function Name: NtOpenSection

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3405c3e

#: 173 Function Name: NtQuerySystemInformation

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3406436

#: 200 Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3403930

#: 206 Function Name: NtResumeThread

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3406740

#: 213 Function Name: NtSetContextThread

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3406b00

#: 224 Function Name: NtSetInformationFile

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf34070c0

#: 237 Function Name: NtSetSecurityObject

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3401af0

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3405a90

#: 254 Function Name: NtSuspendThread

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf34066f0

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf34031b0

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf34062ab

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf3405310

Link to post
Share on other sites

  • Root Admin

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Then after restarting please run the following Anti-Virus scanner.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

  • Root Admin

Hold on Tony

On second thought. I think all this is from is an IE add-on left over. Try resetting IE in Tools/Internet Options/Advanced then RESET

It shows you have ALOT toolbar on the system which might be putting it back.

Then uninstall and remove all toolbars and go ahead and do the disk check.

Then scan again and see if its back.

Link to post
Share on other sites

AS - you continue to amaze me. That pesky reg key is not coming up anymore.

Q) How did you associate that with ALOT or any of the other toolbars?

I did a search for that registry key and found it's associated with MyWeb Search, but didn't make the connection to ALOT.

Thanks again - I don't know how you do this.

-td

Link to post
Share on other sites

I had another problem with IE. When I installed IE7, it wouldn't save the settings when it ran first run. I ended in gpregit.msc and had to force IE to go to the home page instead of going to the page asking if you want to keep your present search engine, etc.

Now that IE has been reset and the toolbars removed, I went back to gprdit and put that setting back to Not Configured and IE is running as it should. Thanks again.

Link to post
Share on other sites

  • Root Admin

Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.