Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

battle of the blue screen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

battle of the blue screen

Unread postby traveller2k » September 5th, 2010, 3:55 pm

HT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:15 PM, on 9/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/cust ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/cust ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planetf1.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HNUIOOXRouqc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\iexplarer.exe
O4 - HKLM\..\Run: [MKZSc] C:\WINDOWS\avp32.exe
O4 - HKLM\..\Run: [HNUIOOXRrvc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\setup.exe
O4 - HKLM\..\Run: [HNUIOOXRre] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\user.exe
O4 - HKLM\..\Run: [HNUIOOXRsre] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\wininst.exe
O4 - HKLM\..\Run: [HNUIOOXRrxe] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\system.exe
O4 - HKLM\..\Run: [HNUIOOXRsa] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\win.exe
O4 - HKLM\..\Run: [HNUIOOXRota] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\install.exe
O4 - HKLM\..\Run: [MKaZ] C:\WINDOWS\cmd.exe
O4 - HKLM\..\Run: [HNUIOOXRmSc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\avp32.exe
O4 - HKLM\..\Run: [HNUIOOXRnZ] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\cmd.exe
O4 - HKLM\..\Run: [HNUIOOXRotc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\hexdump.exe
O4 - HKLM\..\Run: [MKevc] C:\WINDOWS\setup.exe
O4 - HKLM\..\Run: [MKee] C:\WINDOWS\user.exe
O4 - HKLM\..\Run: [HNUIPOXRpZ] C:\DOCUME~1\KARENB~1\LOCALS~1\Temp\mdm.exe
O4 - HKLM\..\Run: [MKZe] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [vtuvwtaudio] rundll32.exe "mlighh.dll",s
O4 - HKLM\..\Run: [wvwtutsys] rundll32.exe "qonnki.dll",s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mandee xxxxxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HNUIOOXRouqc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\iexplarer.exe
O4 - HKCU\..\Run: [MKZSc] C:\WINDOWS\avp32.exe
O4 - HKCU\..\Run: [HNUIOOXRrvc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\setup.exe
O4 - HKCU\..\Run: [HNUIOOXRre] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\user.exe
O4 - HKCU\..\Run: [HNUIOOXRsre] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\wininst.exe
O4 - HKCU\..\Run: [HNUIOOXRrxe] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\system.exe
O4 - HKCU\..\Run: [HNUIOOXRsa] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\win.exe
O4 - HKCU\..\Run: [HNUIOOXRota] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\install.exe
O4 - HKCU\..\Run: [MKaZ] C:\WINDOWS\cmd.exe
O4 - HKCU\..\Run: [HNUIOOXRmSc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\avp32.exe
O4 - HKCU\..\Run: [HNUIOOXRsdZ] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\zcu6hmg.exe
O4 - HKCU\..\Run: [HNUIOOXRmwc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\awuoejhr.exe
O4 - HKCU\..\Run: [HNUIOOXRohi] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\hl6pryum.exe
O4 - HKCU\..\Run: [HNUIOOXRnZ] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\cmd.exe
O4 - HKCU\..\Run: [HNUIOOXRotc] C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\hexdump.exe
O4 - HKCU\..\Run: [MKevc] C:\WINDOWS\setup.exe
O4 - HKCU\..\Run: [MKee] C:\WINDOWS\user.exe
O4 - HKCU\..\Run: [HNUIPOXRpZ] C:\DOCUME~1\KARENB~1\LOCALS~1\Temp\mdm.exe
O4 - HKCU\..\Run: [MKZe] C:\WINDOWS\avp.exe
O4 - HKCU\..\Run: [vtuspmaudio] rundll32.exe "mlighh.dll",s
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rqrqrosys] rundll32.exe "qonnki.dll",s (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mlmjjjaudio] rundll32.exe "mlighh.dll",s (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://priorlearning.athabascau.ca
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {268DE217-09FD-424F-8609-D22BE2B00076} (TravelPod.com Control) - http://images.travelpod.com/includes/ImageUploader4.cab
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://myoffice.idrc.ca/+CSCOL+/relayp.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0520114593
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otter1.vanaqua.org/activex/AxisCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://plagenapoleon.homeip.net:3333/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.games.myway.com/online2/b ... der_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/ins ... downde.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Documents and Settings\Mandee XXXXXX\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll,C:\WINDOWS\system32\winamnc.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14216 bytes

Uninstall list:

7-Zip 4.65
Acrobat.com
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3.4
Adobe Shockwave Player 11
Adobe SVG Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Display Driver
AXIS Media Control Embedded
BitComet 1.18
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DivX Web Player
DVD Shrink 3.2
EPSON CX5000 Series User's Guide
EPSON PhotoCenter
EPSON Printer Software
EPSON Scan
EPSON Stylus CX5000 Scanner Driver Update
ffdshow [rev 1972] [2008-05-24]
FinePixViewer Ver.4.2
FlashFXP v3
FUJIFILM USB Driver
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD2 for FinePix
Intel(R) 537EP V9x DF PCI Modem
iTunes
Java(TM) 6 Update 15
LeechFTP
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 6-9 Converter
MicroStaff WINASPI
Mozilla Firefox (2.0.0.4)
Mozilla Thunderbird (2.0.0.24)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
Nero 6 Ultra Edition
OpenSource Flash Video Splitter (remove only)
OverDrive Media Console
PeerGuardian 2.0
Power Tab Editor 1.7
PowerDVD 5.3
QuickTime
RAW FILE CONVERTER LE
Revo Uninstaller 1.89
Rhapsody Player Engine
RPS CRT
Samsung Media Studio 5
Security Status
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 4.1
Soap 3.0 Toolkit
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2 ZS
StudioTax 2009
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
VirtualCloneDrive
WebCyberCoach 3.2 Dell
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
Wyzo 0.5.3
XviD MPEG-4 Video Codec

I have been battling trojans for the past 2 days. At first I was unable to run a scan with Malwarebytes - in fact I couldnt even open webpages that had that in the text. I managed to run a scan with another software - superantispyware - which found over 100 various types of files. I ran this scan in both safe and regular mode. Each time I deleted everything and reran the scan there were more trojans. I then changed the name of the malwarebytes.exe and ran a scan. It too picked up a lot of trojans which it deleted but when I reran, they were back. I tried running TDSSKill from Kaspersky and it found 1 item in the registry. I deleted that and then each time I rerun it and it says there is nothing, I get the blue screen of death. Malwarebtes shows nothing left. Please help!
traveller2k
Active Member
 
Posts: 3
Joined: September 5th, 2010, 2:05 pm
Advertisement
Register to Remove

Re: battle of the blue screen

Unread postby Carolyn » September 6th, 2010, 4:32 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. The logs that you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


============================

With reference to Malware Removal P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate BitComet and click on the Change/Remove button to uninstall it.
  3. Repeat for Wyzo.
  4. Close Add/Remove Programs and Control Panel when done.


============================

Image
Download DDS and save it to your desktop from here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

-----------------------------------------------------

Next,

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt
  3. Gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: battle of the blue screen

Unread postby traveller2k » September 7th, 2010, 12:07 am

Hi Carolyn

thanks for helping me out with this. Before I post the logs, I wanted to note a few things.

I cant use IE8 because each time I try getting to this website, Im brought to some other site. I also cant use Firefox because it simply wont open. So Im using Chrome which seems to be stable enough.

I also get a RUNDLL error message each time I boot the system and the dll changes. I had run several scans of malwarebytes thinking it had been cleaned but each time I ran it, it found more trojans. They are all Hiloti.gen, agent, and Vundo. They keep appearing even after rebooting.

When I first ran the GMER in regular mode, the system froze and the screen went blank so I did a hard boot and reran the scan in safe mode. Seems to have worked. Below are the logs you asked for. I hope the GMER log is right. The process just sort of ended abruptly and I wasnt sure if it had completed.

DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by XXXXX XXXXX at 20:39:22.70 on Mon 09/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.900 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Documents and Settings\XXXX XXXXX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\XXXX XXXX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\XXXX XXXX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XXXX XXXX\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.planetf1.com/
uSearch Page = hxxp://ca.red.clientapps.yahoo.com/cust ... .yahoo.com
uSearch Bar = hxxp://ca.red.clientapps.yahoo.com/cust ... ch/ie.html
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\XXXX XXXX\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HNUIOOXRouqc] c:\docume~1\mandee~1\locals~1\temp\iexplarer.exe
uRun: [MKZSc] c:\windows\avp32.exe
uRun: [HNUIOOXRrvc] c:\docume~1\mandee~1\locals~1\temp\setup.exe
uRun: [HNUIOOXRre] c:\docume~1\mandee~1\locals~1\temp\user.exe
uRun: [HNUIOOXRsre] c:\docume~1\mandee~1\locals~1\temp\wininst.exe
uRun: [HNUIOOXRrxe] c:\docume~1\mandee~1\locals~1\temp\system.exe
uRun: [HNUIOOXRsa] c:\docume~1\mandee~1\locals~1\temp\win.exe
uRun: [HNUIOOXRota] c:\docume~1\mandee~1\locals~1\temp\install.exe
uRun: [MKaZ] c:\windows\cmd.exe
uRun: [HNUIOOXRmSc] c:\docume~1\mandee~1\locals~1\temp\avp32.exe
uRun: [HNUIOOXRsdZ] c:\docume~1\mandee~1\locals~1\temp\zcu6hmg.exe
uRun: [HNUIOOXRmwc] c:\docume~1\mandee~1\locals~1\temp\awuoejhr.exe
uRun: [HNUIOOXRohi] c:\docume~1\mandee~1\locals~1\temp\hl6pryum.exe
uRun: [HNUIOOXRnZ] c:\docume~1\mandee~1\locals~1\temp\cmd.exe
uRun: [HNUIOOXRotc] c:\docume~1\mandee~1\locals~1\temp\hexdump.exe
uRun: [MKevc] c:\windows\setup.exe
uRun: [MKee] c:\windows\user.exe
uRun: [HNUIPOXRpZ] c:\docume~1\karenb~1\locals~1\temp\mdm.exe
uRun: [MKZe] c:\windows\avp.exe
uRun: [ljkjjgaudio] rundll32.exe "qopmji.dll",s
uRun: [geefcaaudio] rundll32.exe "xxywww.dll",s
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HNUIOOXRouqc] c:\docume~1\mandee~1\locals~1\temp\iexplarer.exe
mRun: [MKZSc] c:\windows\avp32.exe
mRun: [HNUIOOXRrvc] c:\docume~1\mandee~1\locals~1\temp\setup.exe
mRun: [HNUIOOXRre] c:\docume~1\mandee~1\locals~1\temp\user.exe
mRun: [HNUIOOXRsre] c:\docume~1\mandee~1\locals~1\temp\wininst.exe
mRun: [HNUIOOXRrxe] c:\docume~1\mandee~1\locals~1\temp\system.exe
mRun: [HNUIOOXRsa] c:\docume~1\mandee~1\locals~1\temp\win.exe
mRun: [HNUIOOXRota] c:\docume~1\mandee~1\locals~1\temp\install.exe
mRun: [MKaZ] c:\windows\cmd.exe
mRun: [HNUIOOXRmSc] c:\docume~1\mandee~1\locals~1\temp\avp32.exe
mRun: [HNUIOOXRnZ] c:\docume~1\mandee~1\locals~1\temp\cmd.exe
mRun: [HNUIOOXRotc] c:\docume~1\mandee~1\locals~1\temp\hexdump.exe
mRun: [MKevc] c:\windows\setup.exe
mRun: [MKee] c:\windows\user.exe
mRun: [HNUIPOXRpZ] c:\docume~1\karenb~1\locals~1\temp\mdm.exe
mRun: [MKZe] c:\windows\avp.exe
mRun: [vttrrpsys] rundll32.exe "qonnki.dll",s
mRun: [tuvvvsaudio] rundll32.exe "qopmji.dll",s
mRun: [opqromaudio] rundll32.exe "xxywww.dll",s
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [awwxyxsys] rundll32.exe "qonnki.dll",s
dRun: [nnmjkkaudio] rundll32.exe "qopmji.dll",s
dRun: [xxvutraudio] rundll32.exe "xxywww.dll",s
dRunOnce: [IETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: athabascau.ca\priorlearning
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {268DE217-09FD-424F-8609-D22BE2B00076} - hxxp://images.travelpod.com/includes/ImageUploader4.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://myoffice.idrc.ca/+CSCOL+/relayp.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/Fac ... oader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/Fac ... loader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0520114593
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.photolab.ca/Upload/ImageUploader4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://otter1.vanaqua.org/activex/AxisCamControl.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v ... b56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/Fac ... der4_5.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://plagenapoleon.homeip.net:3333/activex/AMC.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://arcade.games.myway.com/online2/b ... der_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/35/ins ... downde.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by109fd.bay109.hotmail.msn.com/a ... Atchmt.ocx
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\documents and settings\XXXX XXXX\local settings\application data\desktop cleanup wizard\dskclnwiz.dll,c:\windows\system32\winamnc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 qonnki.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mandee~1\applic~1\mozilla\firefox\profiles\4kj9kdwo.default\
FF - component: c:\documents and settings\XXXX XXXX\application data\mozilla\firefox\profiles\4kj9kdwo.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2008-5-28 337280]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2008-5-28 54656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2008-6-24 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2008-6-24 169320]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2008-9-30 1956792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-5 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100905.003\naveng.sys [2010-9-5 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100905.003\navex15.sys [2010-9-5 1362608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-19 136176]
S3 nuvaudio;NUVision Audio Service;c:\windows\system32\drivers\nuvaudio.sys [2001-9-16 21152]
S3 NUVision;%ServiceDescription%;c:\windows\system32\drivers\NUVision.sys [2001-9-16 154976]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-9-30 116664]

=============== Created Last 30 ================

2010-10-06 15:19:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 15:19:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 12:54:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-06 03:19:51 83968 ---ha-w- c:\windows\system32\qonnki.dll
2010-10-06 03:19:40 39936 ----a-w- c:\windows\system32\winamnc_backup.dll
2010-10-06 03:19:39 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-09-06 00:40:51 93696 ---ha-w- c:\windows\system32\xxywww.dll
2010-09-05 18:22:14 0 d-----w- C:\TDSSKiller_Quarantine
2010-08-21 03:55:08 0 d-----w- C:\Downloads

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 19:26:34 68380 ----a-w- c:\windows\fonts\ChalkDust.TTF
2009-08-13 15:00:08 4331 ----a-w- c:\program files\INSTALL.LOG
2007-03-21 01:27:35 197247 ----a-w- c:\program files\XXXX XXXX2006 return.pdf
2008-05-07 02:17:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050620080507\index.dat
2009-08-22 19:05:40 5318688 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-22 19:05:40 145952 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2008-03-08 17:20:55 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-03-08 17:20:55 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-03-08 17:20:55 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:40:00.96 ===============

Attach log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/16/2006 10:41:51 PM
System Uptime: 9/6/2010 8:27:53 PM (0 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 105.856 GiB free.
D: is CDROM ()
E: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3.4
Adobe Shockwave Player 11
Adobe SVG Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Display Driver
AXIS Media Control Embedded
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
ContentSAFER for Wizmax
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DivX Web Player
DVD Shrink 3.2
EPSON CX5000 Series User's Guide
EPSON PhotoCenter
EPSON Printer Software
EPSON Scan
EPSON Stylus CX5000 Scanner Driver Update
ffdshow [rev 1972] [2008-05-24]
FinePixViewer Ver.4.2
FlashFXP v3
FUJIFILM USB Driver
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD2 for FinePix
Intel(R) 537EP V9x DF PCI Modem
iTunes
Java(TM) 6 Update 15
LeechFTP
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 6-9 Converter
MicroStaff WINASPI
Mozilla Firefox (2.0.0.4)
Mozilla Thunderbird (2.0.0.24)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
Nero 6 Ultra Edition
OpenSource Flash Video Splitter (remove only)
OverDrive Media Console
PeerGuardian 2.0
Power Tab Editor 1.7
PowerDVD 5.3
QuickTime
RAW FILE CONVERTER LE
Revo Uninstaller 1.89
Rhapsody Player Engine
RPS CRT
Samsung Media Studio 5
Security Status
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 4.1
Soap 3.0 Toolkit
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2 ZS
StudioTax 2009
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
VirtualCloneDrive
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
XviD MPEG-4 Video Codec

==== Event Viewer Messages From Past Week ========

9/5/2010 8:19:52 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
9/5/2010 3:43:03 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 af201fb8, parameter3 af201cb4, parameter4 00000000.
9/5/2010 3:20:58 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 b96813b4, parameter3 b96810b0, parameter4 00000000.
9/5/2010 1:57:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
9/29/2010 1:36:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Canon Camera Access Library 8 service to connect.
9/29/2010 1:36:58 PM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
9/29/2010 1:36:58 PM, error: Service Control Manager [7000] - The Canon Camera Access Library 8 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2010 11:02:14 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -2678405 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.2.10:123->207.46.197.32:123) is working properly.
10/6/2010 12:58:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 PCIIde RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip
10/6/2010 12:22:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
10/6/2010 12:14:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/6/2010 12:04:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SAVRTPEL SYMTDI Tcpip
10/6/2010 12:04:00 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/6/2010 12:04:00 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/6/2010 12:04:00 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/6/2010 12:04:00 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/6/2010 12:04:00 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/6/2010 12:04:00 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/6/2010 12:03:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/6/2010 12:03:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/6/2010 10:44:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl ElbyCDIO Fips intelppm SASDIFSV SASKUTIL SAVRT SAVRTPEL SPBBCDrv SYMTDI
10/6/2010 10:30:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
10/6/2010 1:00:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip
10/5/2010 11:26:56 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 b9dd79cc, parameter3 ba547c4c, parameter4 ba547948.
10/5/2010 11:24:06 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -2678415 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.2.10:123->207.46.197.32:123) is working properly.
10/5/2010 11:01:55 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -2678414 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.2.10:123->207.46.232.182:123) is working properly.
10/3/2010 10:28:07 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer ANALOG that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9EECE2C9-BB36-41CD-95. The master browser is stopping or an election is being forced.

==== End Of File ===========================

GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-06 23:49:28
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MANDEE~1\LOCALS~1\Temp\awloqpow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat B9E73D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}?Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}?Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}?Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@LLInterface ARP1394
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@IpConfig Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9EECE2C9-BB36-41CD-95E6-2D39EE05C23F}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9EECE2C9-BB36-41CD-95E6-2D39EE05C23F}@IpConfig Tcpip\Parameters\Interfaces\{9EECE2C9-BB36-41CD-95E6-2D39EE05C23F}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@IpConfig Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@EnableDHCP 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@DefaultGateway ?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@DefaultGatewayMetric
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@RegistrationEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@NTEContextList
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@RegistrationEnabled 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@RegistrationEnabled 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@EnableDHCP 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@DefaultGatewayMetric
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@RegistrationEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@NTEContextList 0x00000003?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@NTEContextList
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@RegistrationEnabled 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}?Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}?Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}?Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 4
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@LLInterface ARP1394
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@IpConfig Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{9EECE2C9-BB36-41CD-95E6-2D39EE05C23F}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{9EECE2C9-BB36-41CD-95E6-2D39EE05C23F}@IpConfig Tcpip\Parameters\Interfaces\{9EECE2C9-BB36-41CD-95E6-2D39EE05C23F}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@IpConfig Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@DefaultGateway ?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{525BF359-2949-42D7-8EB1-AFB4A7F6404D}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{56697430-E232-45B4-AA9D-0C2315C93EE9}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@NTEContextList
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@RegistrationEnabled 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{77E626C9-849B-4B53-AF56-7A42A6AA4F66}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@RegistrationEnabled 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{83A58F40-C72A-46E7-AC55-121929CFF3CE}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AB6826FB-AA4E-4720-A43F-5A7F5CDFFCB6}@NTEContextList 0x00000003?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@NTEContextList
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@RegistrationEnabled 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DC48C0A8-A0FE-4140-9693-4AC4CB693D73}@RegisterAdapterName 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\LocalServer32@ "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\ProgID@ Symantec.stCallbackManager.1
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\TypeLib@ {51B9BCA6-4A06-11D3-B538-00902771A435}
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\VersionIndependentProgID@ Symantec.stCallbackManager

---- EOF - GMER 1.0.15 ----
Last edited by traveller2k on September 8th, 2010, 8:01 am, edited 1 time in total.
traveller2k
Active Member
 
Posts: 3
Joined: September 5th, 2010, 2:05 pm

Re: battle of the blue screen

Unread postby Carolyn » September 7th, 2010, 7:24 am

Hello traveller2k,

Thank you for describing the problems you are having - that is very helpful.

The GMER scan may be fine, but we really need the scan done in Normal Mode. Please try the following:

1. Disable Symantec Real-time Protection
    On the taskbar in the lower-right corner of the Windows Desktop, right-click the Symantec icon then uncheck Enable File System Realtime Protection

2. Run GMER again, but this time please uncheck Devices before running the scan:
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Uncheck Devices - it is in the list on the right side of the window.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.

Note: Do not run any programs while Gmer is running.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: battle of the blue screen

Unread postby traveller2k » September 8th, 2010, 7:45 am

Hi Carolyn

So this has been a real challenge. My system is now running so slowly that I have had to restart the scan in normal mode 3 times. I figured out that when the system goes in to screen saver mode, I just get a blank desktop and cant do anything. So I set the screensaver to come on after 1K minutes and left the scan running all night. The problem now is that I cant paste the results into notepad because my system is frozen for the past 2 hrs trying to simply open the start menu. Whenever I do manage to check the CPU useage, it is showing that it is at 100% useage. Something is really sucking all the resources.

Traveller2k
traveller2k
Active Member
 
Posts: 3
Joined: September 5th, 2010, 2:05 pm

Re: battle of the blue screen

Unread postby Carolyn » September 8th, 2010, 8:11 am

Hello again,

Sounds like a frustrating experience...

Before we continue: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose.

==============

I would like you to uninstall Symantec Antivirus and SuperAntispyware, as they may interfere with what we need to do. We can reinstall protection programs after we clean the computer.

Remove Symantec

Please click HERE and follow the instructions in STEP 3 to download and run the norton removal tool.

Remove SuperAntispyware
Please Click Start > Control Panel > Add/Remove Programs
Remove this programs by clicking Remove

SuperAntispyware

==============

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: battle of the blue screen

Unread postby Carolyn » September 10th, 2010, 11:08 am

Hello traveller2k,

Are you still in need of assistance? We close topics for inactivity after 3 days. Please reply to this topic by this time tomorrow if you want to keep it open.

Thank you!
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: battle of the blue screen

Unread postby Carolyn » September 11th, 2010, 11:49 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware