Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

System Security Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

System Security Removal

Unread postby greg@monolake » August 5th, 2009, 3:12 pm

We used Malwarebytes' Anti-Malware to remove System Security about a month ago. It came back and we did it again and are now trying to remove all traces of it. Browser redirection has been occurring and who knows what else is compromised.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:21 AM, on 8/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\AOL\1205177040\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080227
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080227
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080227
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205177040\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4769280527
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mlc.private
O17 - HKLM\Software\..\Telephony: DomainName = mlc.private
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mlc.private
O20 - AppInit_DLLs: PGPmapih.dll,C:\DOCUME~1\lcutting\LOCALS~1\Temp\3208671932mmx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10909 bytes
greg@monolake
Active Member
 
Posts: 4
Joined: August 5th, 2009, 3:04 pm
Advertisement
Register to Remove

Re: System Security Removal

Unread postby MWR 3 day Mod » August 9th, 2009, 5:23 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: System Security Removal

Unread postby jmw3 » August 12th, 2009, 7:58 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: System Security Removal

Unread postby greg@monolake » August 12th, 2009, 8:11 pm

DDS (Ver_09-07-30.01) - NTFSx86
Run by a-greis at 15:13:18.72 on Wed 08/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1405 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\AOL\1205177040\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
\\mountlyell\Installers\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smb
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smb
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000018.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000018.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HostManager] c:\program files\common files\aol\1205177040\ee\AOLSoftware.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{e2957f3d-0f9d-413f-b071-60380ce43617}\Icon6560581611.exe
LSP: c:\windows\system32\PGPlsp.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 4769280527
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: PGPmapih.dll,c:\docume~1\lcutting\locals~1\temp\3208671932mmx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli PGPpwflt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\a-greis\applic~1\mozilla\firefox\profiles\f37r0v1p.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2008-12-10 134712]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2008-12-10 212024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2008-12-10 245816]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2008-12-10 40504]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090807.007\naveng.sys [2009-8-8 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090807.007\navex15.sys [2009-8-8 875728]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

=============== Created Last 30 ================


==================== Find3M ====================

2009-08-08 09:55 103,257 a------- c:\windows\system32\hjgruirssdompq.dat
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 19:03 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 06:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-10 21:38 4 ----h--- c:\windows\fonts\mlog
2009-07-10 11:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-05 21:14 50,200 a---h--- c:\windows\system32\mlfcache.dat
2009-07-01 13:21 155,676 a------- c:\windows\system32\nvModes.dat
2009-06-29 04:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 04:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 01:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 01:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 01:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-25 15:36 4,608 a------- c:\windows\system32\w95inf32.dll
2009-06-25 15:36 2,272 a------- c:\windows\system32\w95inf16.dll
2009-06-25 01:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 01:17 729,600 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:17 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:17 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:17 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:17 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 01:17 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 04:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 04:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-22 04:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 04:35 92,544 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 04:35 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 20:25 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 20:25 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 04:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 04:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 04:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 07:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-09 23:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 23:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 08:06 1,871,872 a------- c:\windows\system32\mstscax.dll
2009-06-09 08:06 1,871,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 12:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll

============= FINISH: 15:13:50.62 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/5/2008 6:02:41 PM
System Uptime: 8/12/2009 12:02:48 PM (3 hours ago)

Motherboard: Dell Inc. | | 0WM416
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 78.477 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP227: 7/9/2009 10:10:50 PM - System Checkpoint
RP228: 7/9/2009 10:10:51 PM - System Checkpoint
RP229: 7/9/2009 10:10:51 PM - System Checkpoint
RP230: 7/9/2009 10:10:51 PM - System Checkpoint
RP231: 7/9/2009 10:10:51 PM - System Checkpoint
RP232: 7/9/2009 10:10:51 PM - System Checkpoint
RP233: 7/9/2009 10:10:52 PM - Software Distribution Service 3.0
RP234: 7/9/2009 10:10:52 PM - System Checkpoint
RP235: 7/9/2009 10:10:52 PM - System Checkpoint
RP236: 7/9/2009 10:10:52 PM - System Checkpoint
RP237: 7/9/2009 10:10:52 PM - System Checkpoint
RP238: 7/9/2009 10:10:52 PM - System Checkpoint
RP239: 7/9/2009 10:10:53 PM - Software Distribution Service 3.0
RP240: 7/9/2009 10:10:53 PM - System Checkpoint
RP241: 7/9/2009 10:10:53 PM - System Checkpoint
RP242: 7/9/2009 10:10:53 PM - System Checkpoint
RP243: 7/9/2009 10:10:53 PM - System Checkpoint
RP244: 7/9/2009 10:10:53 PM - System Checkpoint
RP245: 7/9/2009 10:10:54 PM - System Checkpoint
RP246: 7/9/2009 10:10:54 PM - System Checkpoint
RP247: 7/9/2009 10:10:54 PM - Software Distribution Service 3.0
RP248: 7/9/2009 10:10:55 PM - System Checkpoint
RP249: 7/9/2009 10:10:56 PM - System Checkpoint
RP250: 7/9/2009 10:10:57 PM - System Checkpoint
RP251: 7/9/2009 10:10:57 PM - System Checkpoint
RP252: 7/9/2009 10:10:57 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP253: 7/9/2009 10:10:57 PM - System Checkpoint
RP254: 7/9/2009 10:10:58 PM - System Checkpoint
RP255: 7/9/2009 10:10:58 PM - System Checkpoint
RP256: 7/9/2009 10:10:58 PM - System Checkpoint
RP257: 7/9/2009 10:10:58 PM - System Checkpoint
RP258: 7/9/2009 10:10:58 PM - System Checkpoint
RP259: 7/9/2009 10:10:59 PM - System Checkpoint
RP260: 7/9/2009 10:10:59 PM - System Checkpoint
RP261: 7/9/2009 10:10:59 PM - System Checkpoint
RP262: 7/9/2009 10:10:59 PM - System Checkpoint
RP263: 7/9/2009 10:10:59 PM - Software Distribution Service 3.0
RP264: 7/9/2009 10:11:00 PM - System Checkpoint
RP265: 7/9/2009 10:11:00 PM - System Checkpoint
RP266: 7/9/2009 10:11:00 PM - System Checkpoint
RP267: 7/9/2009 10:11:00 PM - System Checkpoint
RP268: 7/9/2009 10:11:00 PM - System Checkpoint
RP269: 7/9/2009 10:11:00 PM - System Checkpoint
RP270: 7/9/2009 10:11:00 PM - System Checkpoint
RP271: 7/9/2009 10:11:01 PM - System Checkpoint
RP272: 7/9/2009 10:11:01 PM - Installed FinePixViewer Ver.3.0
RP273: 7/9/2009 10:11:01 PM - System Checkpoint
RP274: 7/9/2009 10:11:01 PM - Configured FinePixViewer Ver.3.0
RP275: 7/9/2009 10:11:01 PM - Installed FinePixViewer Ver.3.0
RP276: 7/9/2009 10:11:01 PM - System Checkpoint
RP277: 7/9/2009 10:11:02 PM - Configured FinePixViewer Ver.3.0
RP278: 7/9/2009 10:11:02 PM - System Checkpoint
RP279: 7/9/2009 10:11:02 PM - System Checkpoint
RP280: 7/9/2009 10:11:02 PM - System Checkpoint
RP281: 7/9/2009 10:11:02 PM - System Checkpoint
RP282: 7/9/2009 10:11:02 PM - System Checkpoint
RP283: 8/8/2009 12:26:00 PM - System Checkpoint
RP284: 8/12/2009 9:47:13 AM - Software Distribution Service 3.0

==== Installed Programs ======================


Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 1.6FP
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
Conexant HDA D330 MDC V.92 Modem
Copernic Desktop Search 2
Critical Update for Windows Media Player 11 (KB959772)
Dell Touchpad
DellSupport
Digital Line Detect
FUJIFILM USB Driver
getPlus(R)_dll
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB937930)
Hotfix for Windows XP (KB952287)
IBM Printer Software Uninstall
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) 6 Update 5
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.0.13)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSMail2003
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mZConfig
NetWaiting
NVIDIA Drivers
OMCI
PGP Desktop
PowerDVD
QuickSet
QuickTime
Safari
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Symantec AntiVirus
TeraCopy 2.0 beta 3
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/7/2009 9:31:51 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001CBFC9949F has been denied by the DHCP server 192.168.0.30 (The DHCP Server sent a DHCPNACK message).
8/7/2009 8:05:51 AM, error: Dhcp [1002] - The IP address lease 192.168.0.117 for the Network Card with network address 001CBFC9949F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/6/2009 12:24:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/5/2009 9:59:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The SavRoam service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The PGPserv service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 9:58:31 AM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:31 AM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:31 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:31 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 11:12:02 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a30dda0, parameter3 8a30df14, parameter4 805d1650.
8/5/2009 11:02:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
8/5/2009 10:25:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm SAVRT SYMTDI
8/5/2009 10:24:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2009 10:24:13 AM, error: NETLOGON [5719] - No Domain Controller is available for domain MLC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
8/5/2009 10:06:32 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:05:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:04:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:03:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:02:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:01:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:00:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


GMER 1.0.15.15020 [j8lf01ol.exe] - http://www.gmer.net
Rootkit scan 2009-08-12 16:27:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT E1969358 ZwConnectPort

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs PGPfsfd.sys (PGP FSFD/PGP Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat A2519C8A

AttachedDevice \FileSystem\Fastfat \Fat PGPfsfd.sys (PGP FSFD/PGP Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\hjgruiymethtsd.sys (*** hidden *** ) [SYSTEM] hjgruicpkohflo <-- ROOTKIT !!!
Service system32\drivers\UACespixdpa.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo@imagepath \systemroot\system32\drivers\hjgruiymethtsd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruiymethtsd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgruicmd.dll \systemroot\system32\hjgruijkltobiq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgruilog.dat \systemroot\system32\hjgruirssdompq.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgruiwsp.dll \systemroot\system32\hjgruijdqlrrxe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgrui.dat \systemroot\system32\hjgruipxmynsml.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACespixdpa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpfsmuwkt.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACetoiepfe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo@imagepath \systemroot\system32\drivers\hjgruiymethtsd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruiymethtsd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgruicmd.dll \systemroot\system32\hjgruijkltobiq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgruilog.dat \systemroot\system32\hjgruirssdompq.dat
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgruiwsp.dll \systemroot\system32\hjgruijdqlrrxe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgrui.dat \systemroot\system32\hjgruipxmynsml.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACespixdpa.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpfsmuwkt.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACetoiepfe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors

---- EOF - GMER 1.0.15 ----
greg@monolake
Active Member
 
Posts: 4
Joined: August 5th, 2009, 3:04 pm

Re: System Security Removal

Unread postby jmw3 » August 13th, 2009, 3:41 am

Hi

Looking at the HijackThis log you've supplied, the set up and the software running makes it look like the computer is a business or company computer. If this is the case, you would be best to contact your IT/Computing team for help as there may be specific settings that only they would know about. We, at Malware Removal, would not know these specific settings and may innocently make changes that could cause some of your computer's functions to stop working.

Can you please confirm whether your computer is a personal or a business / corporate computer.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: System Security Removal

Unread postby greg@monolake » August 13th, 2009, 11:44 am

Neither. It is a small nonprofit organization and I am the IT support--self trained. We would rather err on the side of being too aggressive and having to reinstall Windows than not being aggressive enough and having to continue dealing with this problem. Please make your recommendations and I will look at them to see if I notice anything problematic for our Windows network and Active Directory--the specific settings I assume you are talking about. I could even run it by the consultant that set up the network for us, however they are expensive. Thanks for your help!
greg@monolake
Active Member
 
Posts: 4
Joined: August 5th, 2009, 3:04 pm

Re: System Security Removal

Unread postby Gary R » August 13th, 2009, 12:51 pm

I'm sorry, this forum was set up solely for the use of home computer users, it was not intended to remedy the problems of any organisation, profit or non-profit.

If you're not confident you can rectify the problems yourself, and can not afford the services of a professional, we suggest you re-format your hard drive and re-install your Operating System.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware