Jump to content

Recommended Posts

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4217

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/20/2010 4:49:05 PM

mbam-log-2010-06-20 (16-49-05).txt

Scan type: Full scan (C:\|)

Objects scanned: 583340

Time elapsed: 4 hour(s), 39 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 4

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\HelpAssistant.SUSAN-9344DE1F4.000\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\HelpAssistant.SUSAN-9344DE1F4.000\Application Data\SystemProc\lsass.exe (Trojan.LVBP) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP435\A0118266.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP437\A0120581.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP438\A0120660.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP494\A0189124.exe (Trojan.LVBP) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP494\A0189125.exe (Trojan.LVBP) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP496\A0194896.exe (Trojan.LVBP) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP496\A0194897.exe (Trojan.LVBP) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Susan at 22:26:11.76 on Fri 07/02/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.189 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

E:\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG07.EXE

C:\Documents and Settings\Susan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

mRun: [iTunesHelper] "E:\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271560343328

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: QConGina - QConGina.dll

Notify: tphotkey - tphklock.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-3-15 36368]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-3-15 339984]

R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-15 50704]

R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-3-15 497008]

R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-3-15 689416]

S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2009-3-11 12288]

=============== Created Last 30 ================

2010-07-02 19:50:56 0 ----a-w- c:\documents and settings\susan\defogger_reenable

2010-07-01 00:00:57 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-01 00:00:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-06-30 23:38:44 0 d-----w- c:\program files\Speccy

2010-06-30 23:02:51 0 d-----w- c:\program files\CyberDefender

2010-06-25 02:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner

2010-06-25 02:08:04 0 d-----w- c:\program files\Frontline Registry Cleaner

2010-06-25 01:28:01 0 d-sha-r- C:\cmdcons

2010-06-25 01:19:57 98816 ----a-w- c:\windows\sed.exe

2010-06-25 01:19:57 77312 ----a-w- c:\windows\MBR.exe

2010-06-25 01:19:57 256512 ----a-w- c:\windows\PEV.exe

2010-06-25 01:19:57 161792 ----a-w- c:\windows\SWREG.exe

2010-06-25 01:03:46 45 ----a-w- c:\windows\system32\initdebug.nfo

2010-06-20 14:12:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-20 14:12:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-19 21:51:47 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-19 18:48:08 0 d-----w- c:\windows\pss

2010-06-11 03:52:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-07 06:02:49 0 d-----w- c:\docume~1\alluse~1\applic~1\MumboJumbo

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 22:27:10.32 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 3/11/2009 2:15:25 PM

System Uptime: 7/2/2010 9:59:25 PM (1 hours ago)

Motherboard: IBM | | 2668W6Z

Processor: Intel® Pentium® M processor 1.73GHz | None | 1054/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 37.359 GiB free.

D: is CDROM ()

E: is FIXED (FAT32) - 298 GiB total, 256.828 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Apple Mobile Device Support

Apple Software Update

ATI Display Driver

Bonjour

CCleaner

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB981793)

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Photo and Imaging 2.0 - hp psc 1200 series

HP Product Detection

hp psc 1200 series

IBM Access Connections

IBM ThinkPad EasyEject Utility

IBM ThinkPad Keyboard Customizer Utility

IBM ThinkPad Power Manager

IBM ThinkPad UltraNav Driver

Intel® PROSet/Wireless Software

iTunes

Java Auto Updater

Java 6 Update 20

LG USB Modem Drivers

Malwarebytes' Anti-Malware

mCore

mDriver

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Standard 2007 Trial

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

mMHouse

mPfMgr

mProSafe

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

mWlsSafe

mXML

QuickTime

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB982135)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Speccy

Spybot - Search & Destroy

ThinkPad FullScreen Magnifier

ThinkPad Integrated 56K Modem

ThinkPad Power Management Driver

Trend Micro Internet Security

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb983486)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

7/2/2010 9:38:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

7/2/2010 10:03:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

7/2/2010 10:03:37 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/30/2010 9:25:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Unauthorized Change Prevention Service service to connect.

6/30/2010 9:25:23 PM, error: Service Control Manager [7000] - The Trend Micro Unauthorized Change Prevention Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/27/2010 9:15:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Personal Firewall service to connect.

6/27/2010 9:15:19 PM, error: Service Control Manager [7000] - The Trend Micro Personal Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/27/2010 7:58:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/27/2010 7:58:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/27/2010 4:25:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm tmtdi TPHKDRV TPPWRIF

6/27/2010 4:24:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/26/2010 9:58:42 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

6/26/2010 9:03:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service service to connect.

6/26/2010 9:03:00 AM, error: Service Control Manager [7000] - The Trend Micro Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/26/2010 7:35:27 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

6/26/2010 7:35:15 PM, error: ati2mtag [43034] - Unknown EDID version

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-07-04 13:36:30

Windows 5.1.2600 Service Pack 2

Running: veiovzo6.exe; Driver: C:\DOCUME~1\Susan\LOCALS~1\Temp\agldafoc.sys

---- System - GMER 1.0.15 ----

SSDT 8142ACE0 ZwCreateKey

SSDT 8142BE80 ZwCreateMutant

SSDT 8142A1E0 ZwCreateProcess

SSDT 8142A4A0 ZwCreateProcessEx

SSDT 8142BB40 ZwCreateThread

SSDT 8142B260 ZwDeleteKey

SSDT 8142B520 ZwDeleteValueKey

SSDT 8142BCE0 ZwLoadDriver

SSDT 8142A760 ZwOpenProcess

SSDT 8142C020 ZwSetSystemInformation

SSDT 8142AFA0 ZwSetValueKey

SSDT 8142AA20 ZwTerminateProcess

SSDT 8142B9A0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!send 71AB428A 5 Bytes JMP 0633B485

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0633B7AA

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0633B564

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0633B637

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0633B8F9

.text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!send 71AB428A 5 Bytes JMP 0115B485

.text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0115B7AA

.text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0115B564

.text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0115B637

.text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0115B8F9

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!send 71AB428A 5 Bytes JMP 013BB485

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 013BB7AA

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!recv 71AB615A 5 Bytes JMP 013BB564

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 013BB637

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 013BB8F9

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A7B485

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00A7B7AA

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00A7B564

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00A7B637

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00A7B8F9

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!send 71AB428A 5 Bytes JMP 01A6B485

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01A6B7AA

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01A6B564

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01A6B637

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01A6B8F9

.text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!send 71AB428A 5 Bytes JMP 0111B485

.text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0111B7AA

.text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0111B564

.text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0111B637

.text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0111B8F9

.text E:\iTunesHelper.exe[604] WS2_32.dll!send 71AB428A 5 Bytes JMP 012DB485

.text E:\iTunesHelper.exe[604] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 012DB7AA

.text E:\iTunesHelper.exe[604] WS2_32.dll!recv 71AB615A 5 Bytes JMP 012DB564

.text E:\iTunesHelper.exe[604] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text E:\iTunesHelper.exe[604] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 012DB637

.text E:\iTunesHelper.exe[604] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 012DB8F9

.text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!send 71AB428A 5 Bytes JMP 0110B485

.text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0110B7AA

.text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0110B564

.text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0110B637

.text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0110B8F9

.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!send 71AB428A 5 Bytes JMP 015DB485

.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 015DB7AA

.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!recv 71AB615A 5 Bytes JMP 015DB564

.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 015DB637

.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 015DB8F9

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!send 71AB428A 5 Bytes JMP 010CB485

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 010CB7AA

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!recv 71AB615A 5 Bytes JMP 010CB564

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 010CB637

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 010CB8F9

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!send 71AB428A 5 Bytes JMP 0120B485

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0120B7AA

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0120B564

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0120B637

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0120B8F9

.text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!send 71AB428A 5 Bytes JMP 007CB485

.text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 007CB7AA

.text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!recv 71AB615A 5 Bytes JMP 007CB564

.text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 007CB637

.text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 007CB8F9

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A7B485

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00A7B7AA

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00A7B564

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00A7B637

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00A7B8F9

.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!send 71AB428A 5 Bytes JMP 0110B485

.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0110B7AA

.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0110B564

.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0110B637

.text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0110B8F9

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0125BEF8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 0125BFC8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 0125BA90

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0125B9AA

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 0125BCB5

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 0125BB60

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!send 71AB428A 5 Bytes JMP 0068B485

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0068B7AA

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0068B564

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0068B637

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0068B8F9

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!send 71AB428A 5 Bytes JMP 0134B485

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0134B7AA

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0134B564

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0134B637

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0134B8F9

.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!send 71AB428A 5 Bytes JMP 0088B485

.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0088B7AA

.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0088B564

.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0088B637

.text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0088B8F9

.text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BBB485

.text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BBB7AA

.text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BBB564

.text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BBB637

.text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BBB8F9

.text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BAB485

.text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BAB7AA

.text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BAB564

.text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BAB637

.text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BAB8F9

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!send 71AB428A 5 Bytes JMP 01C2B485

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01C2B7AA

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01C2B564

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!WSASend 71AB6233 1 Byte [E9]

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01C2B637

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01C2B8F9

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02DABEF8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02DABFC8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02DABA90

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02DAB9AA

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02DABCB5

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02DABB60

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HelpAssistant.JENNIFER052873\Local Settings\Temporary Internet Files\Content.IE5\HZ157HUN\Cd6FwCK23Hoo3bu9IGT28w[1].jpg 0 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.

Close out all other open programs and windows.

Double click the file to run it and follow any prompts.

If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.