Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Ergative Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Ergative Malware

Unread postby Galaxy9 » October 16th, 2012, 2:47 am

Hello;

I am using Windows 7.
Today morning I was downloading some e-books.
The next when I started my browser (Firefox), the home page had changed to ergative.com, ergative search engine added to the options in search bar in the browser.

Spybot & Avast do not detect any malware.

I checked, even the internet explorer has got the home page changed to ergative.com.

I uninstalled the google books downloader, though I don't think the malware came through that.It must have been from another site from where I was downloading an e-book directly, which had also given a pop-up when I clicked o the download button.

As instructed I am posting the logs here :

DDS log:

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by MsKhan at 9:19:20 on 2012-10-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1767.491 [GMT 3:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\SupportAppXL\AutoDect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mobily Connect Card\Modem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\MsKhan\Downloads\RogueKiller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ergative.com/
uSearch Bar = hxxp://feed.helperbar.com/?publisher=Wh ... type=ds&q={searchTerms}
uSearch Page = hxxp://feed.helperbar.com/?publisher=Wh ... type=ds&q={searchTerms}
mStart Page = hxxp://www.bigseekpro.com/quicklogodesigner/{75BFD480-89E5-2AA6-7BFD-219F59DBBED3}
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=Wh ... type=ds&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [SalaatTime] c:\program files\salaat time\SalaatTime.exe
uRun: [Google Update] "c:\users\mskhan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [XeroxEndeavorBackgroundTask] rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [autodetect] c:\windows\system32\supportappxl\AutoDect.exe
StartupFolder: c:\users\mskhan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe
StartupFolder: c:\users\mskhan\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{69F83F1C-B66A-4333-9188-C92CDEE85774} : NameServer = 86.51.35.24 86.51.34.24
TCP: Interfaces\{C2562CD2-EEF4-4350-8B92-30D41BAAA605} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2562CD2-EEF4-4350-8B92-30D41BAAA605}\14661617378616D656C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2562CD2-EEF4-4350-8B92-30D41BAAA605}\1486D65646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2562CD2-EEF4-4350-8B92-30D41BAAA605}\354534 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2562CD2-EEF4-4350-8B92-30D41BAAA605}\4586F6D637F6E6243434734423 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C2562CD2-EEF4-4350-8B92-30D41BAAA605}\84F6D656022427F616462616E646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2562CD2-EEF4-4350-8B92-30D41BAAA605}\B68616E6 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mskhan\appdata\roaming\mozilla\firefox\profiles\bgmplzot.default-1350365110974\
FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogi ... t/english/
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mskhan\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\mskhan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mskhan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-08-23 12:51; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-10-13 12:06; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-13 12:06; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;c:\windows\system32\drivers\AppleHFS.sys [2011-8-15 58200]
R0 AppleMNT;AppleMNT;c:\windows\system32\drivers\AppleMNT.sys [2011-8-15 15320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-24 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-24 355632]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-8-15 194432]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2009-9-21 99616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-24 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-24 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-23 44808]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-8-15 15064]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-7-26 184848]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-28 1153368]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [2011-9-6 10880]
R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [2011-9-6 29824]
R3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\drivers\CS420x86.sys [2010-11-24 14336]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2011-9-6 26624]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2012-9-30 105088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-10 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250808]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\drivers\AppleBtBc.sys [2011-9-6 18944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-7-10 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-7-10 33832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-28 80184]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-10 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-4 115168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-8 15872]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-28 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-27 1343400]
.
=============== Created Last 30 ================
.
2012-10-16 05:50:44 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-16 03:15:40 -------- d-----w- c:\program files\Google Books Downloader
2012-10-11 13:09:30 -------- d--ha-w- C:\.Trashes
2012-10-11 13:09:30 -------- d--ha-w- C:\.fseventsd
2012-10-10 04:04:00 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 04:02:52 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 04:02:50 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 04:02:47 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 04:02:47 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-08 07:48:00 -------- d-----w- c:\program files\CCleaner
2012-09-30 13:46:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2012-09-30 13:46:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-09-30 13:46:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-09-30 13:46:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-09-30 13:45:39 -------- d-----w- c:\windows\system32\SupportMM
2012-09-30 13:45:22 -------- d-----w- c:\program files\Mobily Connect Card
2012-09-30 08:24:25 -------- d-----w- c:\users\mskhan\appdata\local\Ilivid Player
2012-09-27 15:11:02 -------- d-----w- c:\users\mskhan\appdata\local\WeeebStore
2012-09-27 15:03:22 -------- d-----w- c:\users\mskhan\appdata\local\cache
2012-09-27 15:03:11 -------- d-----w- c:\program files\Weeeb Store
2012-09-27 14:36:16 -------- d-----w- c:\users\mskhan\appdata\local\Configure
2012-09-27 14:36:08 -------- d-----w- c:\users\mskhan\appdata\local\Maker3D
2012-09-27 08:38:07 -------- d-----w- c:\windows\system32\gs
2012-09-27 08:35:52 117507 ----a-w- c:\windows\system32\Msinet.ocx
2012-09-27 08:35:51 3979680 ----a-w- c:\windows\system32\Flash10c.ocx
2012-09-27 08:35:50 109248 ----a-w- c:\windows\system32\Mswinsck.ocx
2012-09-27 08:35:29 368912 ----a-w- c:\windows\system32\vbar332.dll
2012-09-27 08:21:05 -------- d-----w- c:\users\mskhan\appdata\local\TempDIR
2012-09-27 02:58:09 -------- d-----w- c:\users\mskhan\appdata\local\Amazon
2012-09-26 18:52:36 -------- d-----w- c:\users\mskhan\appdata\roaming\Pdfsvg
2012-09-26 04:59:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 06:11:34 -------- d-----w- c:\users\mskhan\appdata\roaming\OpenOffice.org
2012-09-18 16:37:15 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-09-18 15:03:36 -------- d-----w- c:\program files\common files\Nuance
2012-09-18 15:02:20 -------- d-----w- c:\program files\Nuance
.
==================== Find3M ====================
.
2012-10-11 06:15:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 06:15:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-28 17:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 17:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13:14 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-05 22:13:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-26 11:39:12 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-07-26 11:39:10 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2006-10-12 03:09:40 94208 --sh--w- c:\windows\system32\SalaatTime.dll
.
============= FINISH: 9:20:24.94 ===============


Attach log :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 27-May-10 5:32:50 PM
System Uptime: 16-Oct-12 6:57:03 AM (3 hours ago)
.
Motherboard: Apple Inc. | | Mac-F22C8AC8
Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz | U2E1 | 2261/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 41 GiB total, 4.353 GiB free.
D: is CDROM ()
E: is FIXED (HFS) - 192 GiB total, 165.328 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl3f20ba84
Device ID: ROOT\LEGACY_MPKSL3F20BA84\0000
Manufacturer:
Name: MpKsl3f20ba84
PNP Device ID: ROOT\LEGACY_MPKSL3F20BA84\0000
Service: MpKsl3f20ba84
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MMC Storage
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ZTE&PROD_MMC_STORAGE&REV_2.31#7&13C46B56&0&MF1900ZTED010000&0#
Manufacturer: ZTE
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ZTE&PROD_MMC_STORAGE&REV_2.31#7&13C46B56&0&MF1900ZTED010000&0#
Service: WUDFRd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl61dc57e9
Device ID: ROOT\LEGACY_MPKSL61DC57E9\0000
Manufacturer:
Name: MpKsl61dc57e9
PNP Device ID: ROOT\LEGACY_MPKSL61DC57E9\0000
Service: MpKsl61dc57e9
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl1603e559
Device ID: ROOT\LEGACY_MPKSL1603E559\0000
Manufacturer:
Name: MpKsl1603e559
PNP Device ID: ROOT\LEGACY_MPKSL1603E559\0000
Service: MpKsl1603e559
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsle24be08a
Device ID: ROOT\LEGACY_MPKSLE24BE08A\0000
Manufacturer:
Name: MpKsle24be08a
PNP Device ID: ROOT\LEGACY_MPKSLE24BE08A\0000
Service: MpKsle24be08a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9a03ac21
Device ID: ROOT\LEGACY_MPKSL9A03AC21\0000
Manufacturer:
Name: MpKsl9a03ac21
PNP Device ID: ROOT\LEGACY_MPKSL9A03AC21\0000
Service: MpKsl9a03ac21
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl425cda93
Device ID: ROOT\LEGACY_MPKSL425CDA93\0000
Manufacturer:
Name: MpKsl425cda93
PNP Device ID: ROOT\LEGACY_MPKSL425CDA93\0000
Service: MpKsl425cda93
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl1791509e
Device ID: ROOT\LEGACY_MPKSL1791509E\0000
Manufacturer:
Name: MpKsl1791509e
PNP Device ID: ROOT\LEGACY_MPKSL1791509E\0000
Service: MpKsl1791509e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsle5083f43
Device ID: ROOT\LEGACY_MPKSLE5083F43\0000
Manufacturer:
Name: MpKsle5083f43
PNP Device ID: ROOT\LEGACY_MPKSLE5083F43\0000
Service: MpKsle5083f43
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9b72c928
Device ID: ROOT\LEGACY_MPKSL9B72C928\0000
Manufacturer:
Name: MpKsl9b72c928
PNP Device ID: ROOT\LEGACY_MPKSL9B72C928\0000
Service: MpKsl9b72c928
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsle747a36e
Device ID: ROOT\LEGACY_MPKSLE747A36E\0000
Manufacturer:
Name: MpKsle747a36e
PNP Device ID: ROOT\LEGACY_MPKSLE747A36E\0000
Service: MpKsle747a36e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl7a973522
Device ID: ROOT\LEGACY_MPKSL7A973522\0000
Manufacturer:
Name: MpKsl7a973522
PNP Device ID: ROOT\LEGACY_MPKSL7A973522\0000
Service: MpKsl7a973522
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4532c3e3
Device ID: ROOT\LEGACY_MPKSL4532C3E3\0000
Manufacturer:
Name: MpKsl4532c3e3
PNP Device ID: ROOT\LEGACY_MPKSL4532C3E3\0000
Service: MpKsl4532c3e3
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0012d045
Device ID: ROOT\LEGACY_MPKSL0012D045\0000
Manufacturer:
Name: MpKsl0012d045
PNP Device ID: ROOT\LEGACY_MPKSL0012D045\0000
Service: MpKsl0012d045
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsle8c2f775
Device ID: ROOT\LEGACY_MPKSLE8C2F775\0000
Manufacturer:
Name: MpKsle8c2f775
PNP Device ID: ROOT\LEGACY_MPKSLE8C2F775\0000
Service: MpKsle8c2f775
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9f559834
Device ID: ROOT\LEGACY_MPKSL9F559834\0000
Manufacturer:
Name: MpKsl9f559834
PNP Device ID: ROOT\LEGACY_MPKSL9F559834\0000
Service: MpKsl9f559834
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Apple Broadcom Built-in Bluetooth
Device ID: USB\VID_05AC&PID_8218\6&1170F7B8&0&3
Manufacturer: Apple Inc.
Name: Apple Broadcom Built-in Bluetooth
PNP Device ID: USB\VID_05AC&PID_8218\6&1170F7B8&0&3
Service: BTHUSB
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsleb4e548a
Device ID: ROOT\LEGACY_MPKSLEB4E548A\0000
Manufacturer:
Name: MpKsleb4e548a
PNP Device ID: ROOT\LEGACY_MPKSLEB4E548A\0000
Service: MpKsleb4e548a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla38cfae1
Device ID: ROOT\LEGACY_MPKSLA38CFAE1\0000
Manufacturer:
Name: MpKsla38cfae1
PNP Device ID: ROOT\LEGACY_MPKSLA38CFAE1\0000
Service: MpKsla38cfae1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4fc276d1
Device ID: ROOT\LEGACY_MPKSL4FC276D1\0000
Manufacturer:
Name: MpKsl4fc276d1
PNP Device ID: ROOT\LEGACY_MPKSL4FC276D1\0000
Service: MpKsl4fc276d1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl1f778765
Device ID: ROOT\LEGACY_MPKSL1F778765\0000
Manufacturer:
Name: MpKsl1f778765
PNP Device ID: ROOT\LEGACY_MPKSL1F778765\0000
Service: MpKsl1f778765
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl072ab2f2
Device ID: ROOT\LEGACY_MPKSL072AB2F2\0000
Manufacturer:
Name: MpKsl072ab2f2
PNP Device ID: ROOT\LEGACY_MPKSL072AB2F2\0000
Service: MpKsl072ab2f2
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsled986a26
Device ID: ROOT\LEGACY_MPKSLED986A26\0000
Manufacturer:
Name: MpKsled986a26
PNP Device ID: ROOT\LEGACY_MPKSLED986A26\0000
Service: MpKsled986a26
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl81c76df4
Device ID: ROOT\LEGACY_MPKSL81C76DF4\0000
Manufacturer:
Name: MpKsl81c76df4
PNP Device ID: ROOT\LEGACY_MPKSL81C76DF4\0000
Service: MpKsl81c76df4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl1fcb120c
Device ID: ROOT\LEGACY_MPKSL1FCB120C\0000
Manufacturer:
Name: MpKsl1fcb120c
PNP Device ID: ROOT\LEGACY_MPKSL1FCB120C\0000
Service: MpKsl1fcb120c
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl70f81c30
Device ID: ROOT\LEGACY_MPKSL70F81C30\0000
Manufacturer:
Name: MpKsl70f81c30
PNP Device ID: ROOT\LEGACY_MPKSL70F81C30\0000
Service: MpKsl70f81c30
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl37fcdb8c
Device ID: ROOT\LEGACY_MPKSL37FCDB8C\0000
Manufacturer:
Name: MpKsl37fcdb8c
PNP Device ID: ROOT\LEGACY_MPKSL37FCDB8C\0000
Service: MpKsl37fcdb8c
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl2095de9a
Device ID: ROOT\LEGACY_MPKSL2095DE9A\0000
Manufacturer:
Name: MpKsl2095de9a
PNP Device ID: ROOT\LEGACY_MPKSL2095DE9A\0000
Service: MpKsl2095de9a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0889038b
Device ID: ROOT\LEGACY_MPKSL0889038B\0000
Manufacturer:
Name: MpKsl0889038b
PNP Device ID: ROOT\LEGACY_MPKSL0889038B\0000
Service: MpKsl0889038b
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslcd67b5c7
Device ID: ROOT\LEGACY_MPKSLCD67B5C7\0000
Manufacturer:
Name: MpKslcd67b5c7
PNP Device ID: ROOT\LEGACY_MPKSLCD67B5C7\0000
Service: MpKslcd67b5c7
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl5b1f663a
Device ID: ROOT\LEGACY_MPKSL5B1F663A\0000
Manufacturer:
Name: MpKsl5b1f663a
PNP Device ID: ROOT\LEGACY_MPKSL5B1F663A\0000
Service: MpKsl5b1f663a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0b368f38
Device ID: ROOT\LEGACY_MPKSL0B368F38\0000
Manufacturer:
Name: MpKsl0b368f38
PNP Device ID: ROOT\LEGACY_MPKSL0B368F38\0000
Service: MpKsl0b368f38
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader for Palm OS, 3.05
Adobe Shockwave Player 11.6
Amazon Kindle
Apple Application Support
avast! Free Antivirus
Boot Camp Services
Brownstone Equation Editor 5
CCleaner
DjVuLibre+DjView
Dragon NaturallySpeaking 10
FotoSketcher 2.20
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Java Auto Updater
Java(TM) 6 Update 35
KeyBlaze Typing Tutor
Kies Air Discovery Service
MartView
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobily Connect Card
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nitro Reader 2
Norton Internet Security
NVIDIA Drivers
Nymgo4.1
OGA Notifier 2.0.0048.0
Photo To Color Sketch 6.97
QuickTime
Rapid Review - Pathology
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Salaat Time 2.1
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype™ 5.10
Spybot - Search & Destroy
Stedman's Electronic Medical Dictionary 6.0
swMSM
Tutor
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 1.0.1
Weeeb Store 1.02 Beta
WIDCOMM Bluetooth Software
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
Windows Driver Package - Apple Inc. Bluetooth (11/23/2009 3.0.0.4)
Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)
Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
Windows Driver Package - Broadcom (BCM43XX) Net (06/24/2009 5.30.20.0)
Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/05/2009 6.6001.1.14)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)
Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
WM Converter
.
==== Event Viewer Messages From Past Week ========
.
16-Oct-12 7:12:45 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
16-Oct-12 6:48:42 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
16-Oct-12 5:57:13 AM, Error: Service Control Manager [7024] - The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.
15-Oct-12 11:03:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for SQL Server 2005 Service Pack 2 (KB960089).
15-Oct-12 10:15:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHAND-51F8D2998 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C2562CD2-EEF4-4350-8B92-30. The master browser is stopping or an election is being forced.
14-Oct-12 8:11:45 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{69F83F1C-B66A-4333-9188-C92CDEE85774} because another computer on the network has the same name. The server could not start.
14-Oct-12 8:03:14 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.14 did not allow the name to be claimed by this computer.
14-Oct-12 7:00:57 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
12-Oct-12 12:09:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11-Oct-12 11:20:29 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer RAJNIC-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C2562CD2-EEF4-4350-8B92-30D41BAA. The master browser is stopping or an election is being forced.
10-Oct-12 7:55:06 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer UNIQUE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C2562CD2-EEF4-4350-8B92-30D41BAA. The master browser is stopping or an election is being forced.
09-Oct-12 3:07:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================

Just in case this would help, I had run RogueKiller, but DIDN'T DELETE or FIX anything.

This is the report it gave :

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : MsKhan [Admin rights]
Mode : Scan -- Date : 10/16/2012 09:24:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : XeroxEndeavorBackgroundTask (rundll32.exe xrWCbgnd.dll,LaunchBgTask 1) -> FOUND
[TASK][SUSP PATH] {BE6F1C6B-7F91-48A1-90C5-BAA299E9C3FA} : C:\Windows\System32\pcalua.exe -a C:\Users\MsKhan\Desktop\Setup.exe -d C:\Users\MsKhan\Desktop -> FOUND
[TASK][SUSP PATH] {CA0213D8-B11A-4925-ADCB-B523A1A6FB20} : C:\Windows\System32\pcalua.exe -a C:\Users\MsKhan\AppData\Local\Temp\50comupd.exe -d C:\Windows\System32 -c /r:n /q:a -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{69F83F1C-B66A-4333-9188-C92CDEE85774} : NameServer (86.51.35.24 86.51.34.24) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 http://www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSXF ATA Device +++++
--- User ---
[MBR] b232dcaaf5d679bae44607b2e1656b80
[BSP] 474bb574ebc1d6bd7a0662e08695b8f8 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 409640 | Size: 196480 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 403064832 | Size: 41666 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



-------------------------------------------------------

While my problem is being fixed; can you advise me if it is safe to surf and enter my passwords, eg for mails, Facebook, and other sites, where I need to enter passwords ?
Galaxy9
Active Member
 
Posts: 4
Joined: October 16th, 2012, 2:22 am
Advertisement
Register to Remove

Re: Ergative Malware

Unread postby Cypher » October 18th, 2012, 6:24 am

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Ergative Malware

Unread postby Cypher » October 18th, 2012, 6:29 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


A couple of questions..
Is this computer user for business purposes?
Microsoft Office Enterprise 2007

Can you tell me how this came to be installed on your computer?

Please download MGA Diagnostic Tool and save it to your Desktop.

  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Ergative Malware

Unread postby Galaxy9 » October 18th, 2012, 6:44 pm

Hello Cypher,

Thank you so much for responding !

My Laptop is a Macbook, with Windows 7 installed on the partition. I don't know how to install this, and I had always used Windows before owning this MacBook. So to help me with transition to Apple, my husband's friend had installed the Windows on the partition, which he had purchased on my behalf along with some softwares that I needed. At that time I was very enthusiastic to learn new applications and had wanted to learn to use Excel as well as other things, but that never happened and I ended up using only Microsoft Word, PowerPoint OneNote and a bit of Excel just to make tables. Now he has left the country and therefore cannot help me anymore.

I understand this forum is only for home users, and I can only assure you that it is indeed being used only for home use. I have no way to prove it :-( I have often installed several (most of which were free) softwares before out of need/curiosity/learning purpose and then later uninstalled if it was not needed or if I found it difficult to learn or use. That's it.

Since I checked the reply just before winding up a late night, I hope to backup the files the first thing tomorrow morning and also run the Diagnostic tool and paste the report.

Would you advise me to back up the Apple partition also, (though it doesn't have much data stored). Is it possible, that I would lose data in the other partition too ?

Once again; I cannot than you enough for extending your help to me !
Galaxy9
Active Member
 
Posts: 4
Joined: October 16th, 2012, 2:22 am

Re: Ergative Malware

Unread postby Cypher » October 19th, 2012, 5:50 am

Hi Galaxy9,
My Laptop is a Macbook, with Windows 7 installed on the partition.

This forum is for malware removal from PCs, running Windows operating system software.

We do not work with Mac computers.

I suggest you look to an Apple Macbook support forum: http://www.google.com/search?rlz=1T4GGH ... ok+support

This topic will now be closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 330 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware