Jump to content

av security suite removed


Recommended Posts

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/23/2010 3:27:20 PM

mbam-log-2010-06-23 (15-27-20).txt

Scan type: Quick scan

Objects scanned: 119173

Time elapsed: 12 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-23 14:58:08

Windows 5.1.2600 Service Pack 3

Running: jd9jg52z.exe; Driver: C:\DOCUME~1\Kim\LOCALS~1\Temp\ugtdqpog.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF8A08392]

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7F1E360, 0x24BB1D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A

.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A

.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C

.text C:\WINDOWS\System32\svchost.exe[1212] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0223000A

.text C:\WINDOWS\System32\svchost.exe[1212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EE000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0122000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0123000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[1724] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0121000C

.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A

.text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00E26E60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00E28E20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E25620 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!ReadFile 7C801812 5 Bytes JMP 00E26FD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E29020 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileMappingW 7C80943C 1 Byte [E9]

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00E28A40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00E27B50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!OpenFileMappingW 7C80BB7A 5 Bytes JMP 00E28D00 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!DuplicateHandle 7C80DE9E 5 Bytes JMP 00E2A730 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00E28690 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindClose 7C80EE77 1 Byte [E9]

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindClose 7C80EE77 5 Bytes JMP 00E287A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00E285A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindNextFileW 7C80EFDA 5 Bytes JMP 00E28880 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E29540 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00E278E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileSize 7C810B17 5 Bytes JMP 00E27810 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!SetFilePointer 7C810C2E 5 Bytes JMP 00E27580 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 00E27250 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileType 7C810EF1 5 Bytes JMP 00E27EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00E27BD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileAttributesA 7C8115DC 5 Bytes JMP 00E27AD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FlushFileBuffers 7C8126E1 5 Bytes JMP 00E27500 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindFirstFileA 7C813879 5 Bytes JMP 00E284B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00E276D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E2A130 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E29A80 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E29CA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetFileTime 7C831C4D 5 Bytes JMP 00E27CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!SetFileTime 7C831CC0 5 Bytes JMP 00E27DC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00E28060 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00E281A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00E279B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!UnlockFile 7C8322EC 5 Bytes JMP 00E27FD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!LockFile 7C832391 5 Bytes JMP 00E27F40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!FindNextFileA 7C834EE1 5 Bytes JMP 00E28810 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!_hread 7C8353FE 5 Bytes JMP 00E282E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!_llseek 7C835436 5 Bytes JMP 00E28420 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00E2A3A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!GetShortPathNameA 7C835BE0 5 Bytes JMP 00E288F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E29EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!ReplaceFile 7C836C6C 5 Bytes JMP 00E2A630 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] kernel32.dll!_hwrite 7C838B17 5 Bytes JMP 00E28380 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00E26220 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00E25CA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 00E26050 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetPixel 77F1B74C 1 Byte [E9]

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00E25E50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00E25780 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00E25960 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CopyEnhMetaFileW 77F270CC 5 Bytes JMP 00E26C50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CopyMetaFileW 77F2C3ED 5 Bytes JMP 00E26A40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!CopyMetaFileA 77F2C52B 5 Bytes JMP 00E26610 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetMetaFileW 77F3853D 5 Bytes JMP 00E26820 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetEnhMetaFileW 77F397A3 5 Bytes JMP 00E26930 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetMetaFileA 77F44216 5 Bytes JMP 00E263F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00E2CDA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!StartDocA 77F45E79 5 Bytes JMP 00E2BDE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] GDI32.dll!GetEnhMetaFileA 77F4AE35 5 Bytes JMP 00E26500 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00E26190 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00E25B40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00E25C30 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!PrintWindow 7E423810 5 Bytes JMP 00E26320 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00E25BB0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

.text C:\WINDOWS\system32\spoolsv.exe[2020] ole32.dll!DoDragDrop 775D0B6D 5 Bytes JMP 00E28F20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/27/2007 4:31:04 PM

System Uptime: 6/23/2010 1:44:54 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X2.0

Processor: AMD Athlon XP 2500+ | Socket A | 1837/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 10 GiB total, 0.301 GiB free.

D: is FIXED (NTFS) - 31 GiB total, 14.316 GiB free.

E: is FIXED (NTFS) - 2 GiB total, 0.958 GiB free.

F: is FIXED (NTFS) - 21 GiB total, 16.368 GiB free.

G: is CDROM ()

H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

1300

1300_Help

1300Tour

1300Trb

Acrobat.com

Adobe Acrobat Reader 3.01

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3

AiO_Scan

AIOMinimal

AiOSoftware

Air Utility

ANIO Service

ANIWZCS Service

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

AVG Free 9.0

Bonjour

CCleaner

Copy

CreativeProjects

Critical Update for Windows Media Player 11 (KB959772)

Director

DocProc

Fax

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954708)

HP Image Zone 3.5

HP PSC & OfficeJet 3.5

HP Software Update

HPSystemDiagnostics

ImgBurn

InstantShare

InterVideo FilterSDK for Hauppauge

iTunes

Java 6 Update 13

Junk Mail filter update

Logitech Desktop Messenger

Logitech QuickCam

Logitech QuickCam Driver Package

Logitech Updater

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.6.3)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MySpaceIM

NVIDIA Drivers

NVIDIA Windows 2000/XP nForce Drivers

OpenOffice.org 2.3

Oracle IRM Desktop 5.5.12 10gR3 PR5

Overland

PhotoGallery

PrintScreen

QFolder

QuickProjects

QuickTime

Readme

Revo Uninstaller 1.83

Samsung Master

Scan

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Segoe UI

SkinsHP1

SkinsHP2

System Requirements Lab

TrayApp

Unload

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

VideoLAN VLC media player 0.8.6d

WebFldrs XP

WebReg

Winamp

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

WolfQuest

Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

6/22/2010 12:05:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nv_agp

6/22/2010 12:02:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/22/2010 11:50:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 AvgLdx86 AvgMfx86 Fips

6/22/2010 11:49:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/21/2010 3:23:02 PM, error: Dhcp [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 000EA6B8D14A has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Link to post
Share on other sites

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :P
    Because of this, you must reply within three days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs

    drivers32

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\user32.dll /md5

    %systemroot%\system32\ws2_32.dll /md5

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /180

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.