Jump to content

str.sys rootkit logs 2nd computer


Recommended Posts

2nd Computer with str.sys

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:57:42 AM, on 6/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080822

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080822

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iQ1000 Live Lookup Server] C:\Program Files\Qqest Software Systems\TimeForce\Live.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunOnce: [ClockLink Scheduler] "C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\SchedLoader.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - Global Startup: Data Deposit Box.lnk = ?

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://picturesbypros.lifepics.com/net/Upl...PUploader45.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220538395086

O16 - DPF: {E7C44C86-0CD3-11D2-9311-00A0247A4E65} (SEAGULL J Walk ActiveX Client) - http://keystone/JWalkX.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AD.XXXXXXXX.com

O17 - HKLM\Software\..\Telephony: DomainName = AD.XXXXXXXX.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{F96AE2B8-5096-4727-A722-21CE25D5F65B}: NameServer = 10.19.88.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AD.XXXXXXXX.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AD.XXXXXXXX.com

O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ClockLink Scheduler (ClockLink) - Qqest Software Systems - C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe

O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe

O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Online Backup Service - Unknown owner - C:\Program Files\Data Deposit Box\nts.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: TimeForce Advanced Server (ServiceTimeForce) - Qqest Software Systems - c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TimeForce Punches (TFPunches) - Qqest Software Systems - c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe

O23 - Service: TimeForce Punch Processing Queue (TFPunchProcessQueue) - Qqest Software Systems - c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe

--

End of file - 8867 bytes

mbam log

Malwarebytes' Anti-Malware 1.37

Database version: 2262

Windows 5.1.2600 Service Pack 3

6/15/2009 9:56:39 AM

mbam-log-2009-06-15 (09-56-39).txt

Scan type: Quick Scan

Objects scanned: 96887

Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

New mbam logs

Malwarebytes' Anti-Malware 1.37

Database version: 2284

Windows 5.1.2600 Service Pack 3

6/15/2009 5:12:22 PM

mbam-log-2009-06-15 (17-12-22).txt

Scan type: Quick Scan

Objects scanned: 99133

Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

New Hijack this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:15:33 PM, on 6/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe

C:\Program Files\Prevx\prevx.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Data Deposit Box\nts.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Data Deposit Box\startup.exe

c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe

C:\Program Files\Data Deposit Box\backup.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe

c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\SchedTray.exe

C:\Program Files\Prevx\prevx.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\Program Files\Data Deposit Box\starter.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Data Deposit Box\status.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ProcessScripts.exe

C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ProcessClock.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080822

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080822

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iQ1000 Live Lookup Server] C:\Program Files\Qqest Software Systems\TimeForce\Live.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"

O4 - HKLM\..\RunOnce: [ClockLink Scheduler] "C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\SchedLoader.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - Global Startup: Data Deposit Box.lnk = ?

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://picturesbypros.lifepics.com/net/Upl...PUploader45.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220538395086

O16 - DPF: {E7C44C86-0CD3-11D2-9311-00A0247A4E65} (SEAGULL J Walk ActiveX Client) - http://keystone/JWalkX.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AD.xxxxxxx

O17 - HKLM\Software\..\Telephony: DomainName = AD.xxxxxxx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F96AE2B8-5096-4727-A722-21CE25D5F65B}: NameServer = 10.19.88.30

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AD.xxxxxxx

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AD.xxxxxxx

O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ClockLink Scheduler (ClockLink) - Qqest Software Systems - C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe

O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe

O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Online Backup Service - Unknown owner - C:\Program Files\Data Deposit Box\nts.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: TimeForce Advanced Server (ServiceTimeForce) - Qqest Software Systems - c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TimeForce Punches (TFPunches) - Qqest Software Systems - c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe

O23 - Service: TimeForce Punch Processing Queue (TFPunchProcessQueue) - Qqest Software Systems - c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe

--

End of file - 10507 bytes

Link to post
Share on other sites

Second computer after running instructions from

http://www.malwarebytes.org/forums/index.php?showtopic=17554

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-06-16 18:01:33

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT 8A96FE58 ZwConnectPort

SSDT pxsec.sys (Prevx Realtime Analysis/Prevx) ZwTerminateProcess [0xBA10A680]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device A696ED20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_09-05-14.01) - NTFSx86

Run by sa at 18:03:32.42 on Tue 06/16/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2402 [GMT -5:00]

AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe

C:\Program Files\Prevx\prevx.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Data Deposit Box\nts.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Data Deposit Box\startup.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe

c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe

C:\Program Files\Data Deposit Box\backup.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Prevx\prevx.exe

C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\SchedTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Data Deposit Box\starter.exe

C:\Program Files\Data Deposit Box\status.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\sa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080822

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"

uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"

mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRunOnce: [ClockLink Scheduler] "c:\program files\qqest software systems\timeforce\clocklink\SchedLoader.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datade~1.lnk - c:\program files\data deposit box\starter.exe

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://picturesbypros.lifepics.com/net/Uploader/LPUploader45.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220538395086

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {E7C44C86-0CD3-11D2-9311-00A0247A4E65} - hxxp://keystone/JWalkX.cab

TCP: {F96AE2B8-5096-4727-A722-21CE25D5F65B} = 10.19.88.30

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 pxprot;pxprot;c:\windows\system32\drivers\pxprot.sys [2009-3-23 16776]

R0 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-3-23 17928]

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-3-23 22024]

R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-4-18 27656]

R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [2008-9-18 86816]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]

R2 ClockLink;ClockLink Scheduler;c:\program files\qqest software systems\timeforce\clocklink\ClockLinkService.exe [2008-9-22 2150400]

R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-3-23 4368952]

R2 MSSQL$TIMEFORCE;SQL Server (TIMEFORCE);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2008-11-24 29263712]

R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-6 124656]

R2 ServiceTimeForce;TimeForce Advanced Server;c:\inetpub\wwwroot\qqest\utilities\TimeForceServices.exe [2008-10-5 908288]

R2 TFPunches;TimeForce Punches;c:\inetpub\wwwroot\qqest\utilities\TimeForcePunches.exe [2008-10-5 516096]

R2 TFPunchProcessQueue;TimeForce Punch Processing Queue;c:\inetpub\wwwroot\qqest\utilities\TFProcessingQueue.exe [2008-12-17 489472]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090615.003\naveng.sys [2009-6-15 89104]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090615.003\navex15.sys [2009-6-15 876144]

S0 xyhf;xyhf;c:\windows\system32\drivers\nggmkexx.sys --> c:\windows\system32\drivers\nggmkexx.sys [?]

S2 sruhuwcyvne;sruhuwcyvne;\??\c:\windows\system32\drivers\bcaaprtwhhcb.sys --> c:\windows\system32\drivers\bcaaprtwhhcb.sys [?]

S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]

S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]

S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]

S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-2-26 29183504]

S4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-6 1715952]

=============== Created Last 30 ================

2009-06-15 17:20 <DIR> --d----- C:\Backup

2009-06-15 17:18 <DIR> --d----- c:\program files\CCleaner

2009-06-15 17:17 <DIR> --d----- C:\downloads

2009-06-15 16:33 <DIR> --d----- C:\delete

2009-06-12 10:10 <DIR> --d----- c:\program files\Messenger

2009-06-12 10:10 <DIR> --d----- c:\windows\system32\scripting

2009-06-12 10:10 <DIR> --d----- c:\windows\system32\en

2009-06-12 10:10 <DIR> --d----- c:\windows\system32\bits

2009-06-12 10:10 <DIR> --d----- c:\windows\l2schemas

2009-06-12 10:08 <DIR> --d----- c:\windows\ServicePackFiles

2009-06-12 10:06 <DIR> --d----- c:\windows\network diagnostic

2009-06-12 09:56 <DIR> --d----- c:\program files\Trend Micro

2009-06-11 05:38 268,288 -------- c:\windows\system32\dllcache\httpext.dll

2009-05-25 18:35 <DIR> --d----- C:\ff1569b60c68c76e1c3e84649f290eb6

==================== Find3M ====================

2009-06-15 09:57 184 a------- c:\program files\sfxlwdx.txt

2009-06-12 10:14 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll

2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe

2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll

2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll

2009-04-30 17:30 27,656 a------- c:\windows\system32\drivers\pxsec.sys

2009-04-30 17:30 22,024 a------- c:\windows\system32\drivers\pxscan.sys

2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll

2009-04-28 23:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll

2009-04-28 23:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll

2009-04-28 23:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll

2009-04-28 23:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll

2009-04-28 23:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll

2009-04-28 23:56 105,984 -------- c:\windows\system32\dllcache\url.dll

2009-04-28 23:56 102,912 -------- c:\windows\system32\dllcache\occache.dll

2009-04-28 23:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll

2009-04-28 23:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll

2009-04-28 23:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll

2009-04-28 04:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-04-28 04:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

2009-04-25 00:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe

2009-04-25 00:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys

2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys

2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll

2009-04-15 09:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll

2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

2008-12-17 10:43 61,224 a------- c:\documents and settings\sa\GoToAssistDownloadHelper.exe

============= FINISH: 18:03:45.91 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/4/2008 9:06:48 AM

System Uptime: 6/16/2009 2:42:59 PM (4 hours ago)

Motherboard: Dell Inc. | | 0YP806

Processor: AMD Athlon Processor 1640B | Socket M2 | 2705/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 124.377 GiB free.

D: is CDROM ()

G: is NetworkDisk (NTFS) - 126 GiB total, 106.856 GiB free.

S: is NetworkDisk (NTFS) - 24 GiB total, 5.131 GiB free.

Z: is NetworkDisk (NTFS) - 24 GiB total, 5.131 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP175: 3/19/2009 3:00:14 AM - Software Distribution Service 3.0

RP176: 3/20/2009 3:00:14 AM - Software Distribution Service 3.0

RP177: 3/21/2009 3:00:23 AM - Software Distribution Service 3.0

RP178: 3/22/2009 3:00:14 AM - Software Distribution Service 3.0

RP179: 3/23/2009 3:00:32 AM - Software Distribution Service 3.0

RP180: 3/23/2009 5:28:11 PM - Software Distribution Service 3.0

RP181: 3/23/2009 5:33:13 PM - Software Distribution Service 3.0

RP182: 3/23/2009 5:37:41 PM - Software Distribution Service 3.0

RP183: 3/24/2009 9:00:27 AM - Software Distribution Service 3.0

RP184: 3/25/2009 9:00:32 AM - Software Distribution Service 3.0

RP185: 3/26/2009 9:00:34 AM - Software Distribution Service 3.0

RP186: 3/27/2009 9:00:35 AM - Software Distribution Service 3.0

RP187: 3/28/2009 9:00:25 AM - Software Distribution Service 3.0

RP188: 3/29/2009 9:00:16 AM - Software Distribution Service 3.0

RP189: 3/30/2009 9:00:33 AM - Software Distribution Service 3.0

RP190: 3/31/2009 9:00:15 AM - Software Distribution Service 3.0

RP191: 4/1/2009 9:00:13 AM - Software Distribution Service 3.0

RP192: 4/2/2009 9:00:14 AM - Software Distribution Service 3.0

RP193: 4/3/2009 9:00:24 AM - Software Distribution Service 3.0

RP194: 4/4/2009 9:00:30 AM - Software Distribution Service 3.0

RP195: 4/5/2009 9:00:18 AM - Software Distribution Service 3.0

RP196: 4/6/2009 9:00:29 AM - Software Distribution Service 3.0

RP197: 4/7/2009 9:00:27 AM - Software Distribution Service 3.0

RP198: 4/8/2009 9:00:22 AM - Software Distribution Service 3.0

RP199: 4/9/2009 9:00:24 AM - Software Distribution Service 3.0

RP200: 4/10/2009 9:00:32 AM - Software Distribution Service 3.0

RP201: 4/11/2009 9:00:32 AM - Software Distribution Service 3.0

RP202: 4/13/2009 7:53:21 AM - Software Distribution Service 3.0

RP203: 4/13/2009 9:00:36 AM - Software Distribution Service 3.0

RP204: 4/14/2009 9:00:28 AM - Software Distribution Service 3.0

RP205: 4/15/2009 9:00:30 AM - Software Distribution Service 3.0

RP206: 4/16/2009 9:00:36 AM - Software Distribution Service 3.0

RP207: 4/17/2009 9:00:31 AM - Software Distribution Service 3.0

RP208: 4/18/2009 9:00:26 AM - Software Distribution Service 3.0

RP209: 4/19/2009 9:00:26 AM - Software Distribution Service 3.0

RP210: 4/20/2009 9:00:22 AM - Software Distribution Service 3.0

RP211: 4/21/2009 9:00:28 AM - Software Distribution Service 3.0

RP212: 4/22/2009 9:00:25 AM - Software Distribution Service 3.0

RP213: 4/23/2009 9:00:36 AM - Software Distribution Service 3.0

RP214: 4/24/2009 9:00:23 AM - Software Distribution Service 3.0

RP215: 4/25/2009 9:00:34 AM - Software Distribution Service 3.0

RP216: 4/26/2009 9:00:19 AM - Software Distribution Service 3.0

RP217: 4/27/2009 9:00:23 AM - Software Distribution Service 3.0

RP218: 4/28/2009 9:00:30 AM - Software Distribution Service 3.0

RP219: 4/29/2009 9:00:34 AM - Software Distribution Service 3.0

RP220: 4/30/2009 9:00:29 AM - Software Distribution Service 3.0

RP221: 5/1/2009 9:00:34 AM - Software Distribution Service 3.0

RP222: 5/2/2009 9:00:27 AM - Software Distribution Service 3.0

RP223: 5/3/2009 9:00:31 AM - Software Distribution Service 3.0

RP224: 5/4/2009 9:00:23 AM - Software Distribution Service 3.0

RP225: 5/5/2009 9:00:29 AM - Software Distribution Service 3.0

RP226: 5/6/2009 9:00:24 AM - Software Distribution Service 3.0

RP227: 5/7/2009 9:00:29 AM - Software Distribution Service 3.0

RP228: 5/8/2009 9:00:27 AM - Software Distribution Service 3.0

RP229: 5/9/2009 9:00:13 AM - Software Distribution Service 3.0

RP230: 5/10/2009 9:00:15 AM - Software Distribution Service 3.0

RP231: 5/11/2009 9:00:18 AM - Software Distribution Service 3.0

RP232: 5/12/2009 9:00:25 AM - Software Distribution Service 3.0

RP233: 5/13/2009 9:00:28 AM - Software Distribution Service 3.0

RP234: 5/14/2009 9:00:29 AM - Software Distribution Service 3.0

RP235: 5/15/2009 9:00:20 AM - Software Distribution Service 3.0

RP236: 5/16/2009 9:00:31 AM - Software Distribution Service 3.0

RP237: 5/17/2009 9:00:23 AM - Software Distribution Service 3.0

RP238: 5/18/2009 9:00:29 AM - Software Distribution Service 3.0

RP239: 5/19/2009 9:00:28 AM - Software Distribution Service 3.0

RP240: 5/20/2009 9:00:15 AM - Software Distribution Service 3.0

RP241: 5/21/2009 9:00:24 AM - Software Distribution Service 3.0

RP242: 5/22/2009 9:00:29 AM - Software Distribution Service 3.0

RP243: 5/23/2009 9:00:24 AM - Software Distribution Service 3.0

RP244: 5/24/2009 9:00:23 AM - Software Distribution Service 3.0

RP245: 5/25/2009 9:00:28 AM - Software Distribution Service 3.0

RP246: 5/25/2009 6:35:19 PM - Installed Windows XP WgaNotify.

RP247: 5/26/2009 9:00:14 AM - Software Distribution Service 3.0

RP248: 5/27/2009 9:00:16 AM - Software Distribution Service 3.0

RP249: 5/28/2009 9:00:14 AM - Software Distribution Service 3.0

RP250: 5/29/2009 9:00:25 AM - Software Distribution Service 3.0

RP251: 5/30/2009 9:00:26 AM - Software Distribution Service 3.0

RP252: 5/31/2009 9:00:24 AM - Software Distribution Service 3.0

RP253: 6/1/2009 9:00:27 AM - Software Distribution Service 3.0

RP254: 6/2/2009 9:00:32 AM - Software Distribution Service 3.0

RP255: 6/3/2009 9:00:34 AM - Software Distribution Service 3.0

RP256: 6/4/2009 9:00:25 AM - Software Distribution Service 3.0

RP257: 6/5/2009 9:00:23 AM - Software Distribution Service 3.0

RP258: 6/6/2009 9:00:26 AM - Software Distribution Service 3.0

RP259: 6/7/2009 9:00:42 AM - Software Distribution Service 3.0

RP260: 6/8/2009 9:00:31 AM - Software Distribution Service 3.0

RP261: 6/9/2009 9:00:14 AM - Software Distribution Service 3.0

RP262: 6/10/2009 9:00:32 AM - Software Distribution Service 3.0

RP263: 6/11/2009 9:00:36 AM - Software Distribution Service 3.0

RP264: 6/12/2009 9:00:42 AM - Software Distribution Service 3.0

RP265: 6/12/2009 10:01:40 AM - Software Distribution Service 3.0

RP266: 6/13/2009 9:00:42 AM - Software Distribution Service 3.0

RP267: 6/15/2009 4:40:44 PM - Software Distribution Service 3.0

RP268: 6/15/2009 4:45:42 PM - Software Distribution Service 3.0

RP269: 6/15/2009 5:13:04 PM - Software Distribution Service 3.0

RP270: 6/16/2009 9:00:35 AM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Acrobat 8 Standard

Adobe Acrobat 8.1.3 Standard

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player ActiveX

Adobe Photoshop 5.5

AGCO Solutions

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.