Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37

Thread: Malware - PC Crashes / Browser redirects

  1. #11
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default ComboFix log

    Combofix.log

    ComboFix 11-01-31.02 - Sanjana 02/03/2011 22:55:11.3.2 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2301 [GMT -5:00]
    Running from: c:\users\Sanjana\Desktop\Gentleman.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}
    c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}\chrome\content\overlay.xul
    c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}\install.rdf
    c:\users\Sanjana\AppData\Local\ayetaciw.dll
    c:\users\Sanjana\AppData\Roaming\Local
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\aihwspzctzzz.avi.ddr
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aihwspzctzzz.avi.ddp
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xasttl.mp4
    c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\xasttl.mp4.ddr

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
    .

    2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\TEMP\AppData\Local\temp
    2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 03:49 . 2011-02-04 03:49 -------- d-----w- C:\32788R22FWJFW
    2011-01-27 16:28 . 2011-01-27 16:28 -------- d-----w- c:\users\Sanjana\hob
    2011-01-23 07:23 . 2011-01-23 07:23 -------- d-----w- c:\windows\Sun
    2011-01-23 05:51 . 2011-01-30 11:09 0 ----a-w- c:\users\Sanjana\AppData\Local\Vpumebirit.bin
    2011-01-23 05:49 . 2011-01-30 11:47 -------- d-----w- c:\programdata\eAeLb06504
    2011-01-07 02:58 . 2011-01-11 05:05 -------- d-----w- c:\users\Sanjana\AppData\Roaming\ImgBurn
    2011-01-07 02:37 . 2011-01-07 02:37 -------- d-----w- c:\program files\ImgBurn

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-04 03:45 . 2010-02-05 01:18 0 ----a-w- c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
    2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-10 04:33 . 2010-12-23 03:50 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5843D9DB-F9CD-4AA8-80A8-334D84F11667}\mpengine.dll
    2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
    "DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2010-01-31 55072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-29 274608]

    c:\users\Sanjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    "Google Update"="c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-31 29472]
    R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
    R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1343400]
    R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
    S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
    S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]

    2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000Core.job
    - c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000UA.job
    - c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]

    2011-02-02 c:\windows\Tasks\Norton Security Scan for Sanjana.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-28 14:06]

    2011-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1208262141-4149667152-2894938055-1000.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
    FF - ProfilePath - c:\users\Sanjana\AppData\Roaming\Mozilla\Firefox\Profiles\lps6crmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):7f,af,35,60,0d,ba,19,77,58,09,13,4d,26,61,d8,9a,e5,f8,6d,09,79,
    c0,32,d9,a3,ec,dd,34,40,6d,92,49,27,d7,b2,7f,00,8d,82,32,00,00,00,00,00,00,\

    [HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{7a41ce08-36ed-4270-8a34-880f76d8acda}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000012e
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,85,b1,12,f9,90,dd,23,a1,8a,df,a8,03,3f,97,a3,12,d7,99,f3,3a,88,2b,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(2352)
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\java.exe
    c:\windows\system32\conhost.exe
    c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\system32\sdclt.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-03 23:10:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-04 04:10
    ComboFix2.txt 2010-09-25 05:31

    Pre-Run: 137,791,590,400 bytes free
    Post-Run: 137,188,327,424 bytes free

    - - End Of File - - 1700EFA665FBB49FEDF0E80AA9014754

  2. #12
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi sanjupan,


    Please follow these steps:


    Step 1 | Please download mbr.exe from one of the following mirrors and save it to your desktop:


    This is THE Mirror

    --------------------------------------------------------------------


    • Double click on mbr.exe to run it (Vista/Windows 7 users double click the file and choose "Run as administrator").
    • Please open the file mbr.log and post it's contents in your next reply. You will find this file in the same location as mbr.exe (probably in your desktop)



    Step 2 | Please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1
    Download Mirror #2


    --------------------------------------------------------------------
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :dir
      c:\users\Sanjana\hob /s
      c:\programdata\eAeLb06504 /s
      
      :contents
      c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt


    Step 3 | ComboFix - CFScript

    WARNING !
    This script is for THIS user and computer ONLY!
    Using this tool incorrectly could damage your Operating System... preventing it from starting again!


    You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

    Please open Notepad and copy/paste all the text below... into the window:

    Code:
    DDS::
    uInternet Settings,ProxyOverride = *.local
    1. Save it to your desktop as CFScript.txt
    2. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    3. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:



      This will cause ComboFix to run again.
      Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
      Do Not touch your computer when ComboFix is running!

      When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
    4. Please copy/paste the contents of log.txt... in your next reply.


    ** Enable your Antivirus and Firewall, before connecting to the Internet again! **

  3. #13
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default MBR Log

    MBR Log

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

  4. #14
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default SystemLook look

    SystemLook 04.09.10 by jpshortstuff
    Log created at 17:30 on 06/02/2011 by Sanjana
    Administrator - Elevation successful

    ========== dir ==========

    c:\users\Sanjana\hob - Parameters: "/s"

    ---Files---
    None found.

    c:\users\Sanjana\hob\jwt d------ [16:28 27/01/2011]

    c:\users\Sanjana\hob\jwt\.jwscache d------ [16:28 27/01/2011]

    c:\users\Sanjana\hob\jwt\.jwscache\lib d------ [16:28 27/01/2011]
    rel91.gif --a---- 144 bytes [16:28 27/01/2011] [16:28 27/01/2011]

    c:\programdata\eAeLb06504 - Parameters: "/s"

    ---Files---
    eAeLb06504 --a---- 94 bytes [05:49 23/01/2011] [05:58 23/01/2011]

    No folders found.

    ========== contents ==========

    c:\users\Sanjana\AppData\Local\WavXMapDrive.bat - Opened succesfully.



    -= EOF =-

  5. #15
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default Combofix log

    Combofix log

    ComboFix 11-02-05.01 - Sanjana 02/06/2011 17:54:24.4.2 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2467 [GMT -5:00]
    Running from: c:\users\Sanjana\Desktop\Gentleman.exe
    Command switches used :: c:\users\Sanjana\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
    .

    2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp
    2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-06 08:00 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-02-06 08:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-02-04 12:19 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADC27CD4-2D32-4C2E-A9B0-49785918A33D}\mpengine.dll
    2011-02-04 12:19 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-02-04 12:19 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-04 12:19 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-04 04:10 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2011-02-04 03:54 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-01-27 16:28 . 2011-01-27 16:28 -------- d-----w- c:\users\Sanjana\hob
    2011-01-23 07:23 . 2011-01-23 07:23 -------- d-----w- c:\windows\Sun
    2011-01-23 05:51 . 2011-01-30 11:09 0 ----a-w- c:\users\Sanjana\AppData\Local\Vpumebirit.bin
    2011-01-23 05:49 . 2011-01-30 11:47 -------- d-----w- c:\programdata\eAeLb06504

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-06 22:23 . 2010-02-05 01:18 0 ----a-w- c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
    2011-02-02 22:11 . 2010-02-05 02:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
    "DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2010-01-31 55072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-29 274608]

    c:\users\Sanjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    "Google Update"="c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-31 29472]
    R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
    R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1343400]
    R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
    S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
    S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
    S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000Core.job
    - c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000UA.job
    - c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]

    2011-02-06 c:\windows\Tasks\Norton Security Scan for Sanjana.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-28 14:06]

    2011-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1208262141-4149667152-2894938055-1000.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
    FF - ProfilePath - c:\users\Sanjana\AppData\Roaming\Mozilla\Firefox\Profiles\lps6crmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):7f,af,35,60,0d,ba,19,77,58,09,13,4d,26,61,d8,9a,e5,f8,6d,09,79,
    c0,32,d9,a3,ec,dd,34,40,6d,92,49,27,d7,b2,7f,00,8d,82,32,00,00,00,00,00,00,\

    [HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{7a41ce08-36ed-4270-8a34-880f76d8acda}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000012e
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,85,b1,12,f9,90,dd,23,a1,8a,df,a8,03,3f,97,a3,12,d7,99,f3,3a,88,2b,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4180)
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    .
    Completion time: 2011-02-06 18:01:34
    ComboFix-quarantined-files.txt 2011-02-06 23:01
    ComboFix2.txt 2011-02-04 04:10
    ComboFix3.txt 2010-09-25 05:31

    Pre-Run: 138,927,542,272 bytes free
    Post-Run: 138,919,854,080 bytes free

    - - End Of File - - 25AB5F66568FB2EB50F4C27022988B68

  6. #16
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi there,


    The logs look much better. How's your machine running now?


    Please follow these steps:


    Step 1 | Please open and post the contents of the file Attach.txt. You will find this file in the same locations as DDS, probably in your desktop.


    Step 2 | Please go here: http://virusscan.jotti.org /

    • When the jotti page has finished loading, click the "Browse" button and navigate to the following files and click Submit:

      • c:\users\Sanjana\hob\jwt\.jwscache\lib\rel91.gif
      • c:\programdata\eAeLb06504\eAeLb06504

    • Copy the results and paste them here
    • Note: You will not be able to upload and scan all files at once. You will have to submit and scan each file separately.



    Step 3 | Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



    Step 4 | Let's perform an ESET Online Scan

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on: (Selecting Uninstall application on close if you so wish)

  7. #17
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    I dont see the file Attach.txt for last time on desktop.
    The one I see is for 30 Jan on my local folder. Do I need to run DDS or anything to get it?

  8. #18
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi there,


    No need to rerun DDS. That one from 30 January would be fine, please post it's contents. After that, proceed with the rest of the procedure.

  9. #19
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi,


    Are you still there?

  10. #20
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    Step1
    -------

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/4/2010 8:17:46 PM
    System Uptime: 1/30/2011 6:48:31 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0DW634
    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2509/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 218 GiB total, 125.579 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP92: 11/28/2010 7:04:24 PM - Windows Backup
    RP93: 12/5/2010 7:00:18 PM - Windows Backup
    RP94: 12/12/2010 7:00:19 PM - Windows Backup
    RP95: 12/19/2010 7:01:53 PM - Windows Backup
    RP96: 12/22/2010 10:49:55 PM - Windows Update
    RP97: 12/27/2010 12:48:29 AM - Windows Backup
    RP98: 1/9/2011 7:34:51 PM - Windows Backup
    RP99: 1/16/2011 7:10:33 PM - Windows Backup
    RP100: 1/24/2011 7:31:44 AM - Scheduled Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    All Day Battery Life Configuration
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AuthenTec Fingerprint Software
    Aventail Access Manager
    Aventail Web Proxy Agent
    Aventail Webifiers
    BioAPI Framework
    Bonjour
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    Citrix Presentation Server Web Client for Win32
    Confidence Online(tm) for Web Applications
    Crystal Reports for Visual Studio
    DCP32MMWrapper
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Backup and Recovery Manager
    Dell Control Point
    Dell ControlPoint Connection Manager
    Dell ControlPoint Security Manager
    Dell ControlPoint System Manager
    Dell Edoc Viewer
    Dell Embassy Trust Suite by Wave Systems
    Dell Security Device Driver Pack
    Dell Touchpad
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    Document Manager Lite
    Dotfuscator Software Services - Community Edition
    EMBASSY Security Center
    EMBASSY Security Setup
    ERUNT 1.1j
    ESC Home Page Plugin
    Gemalto
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    HxD Hex Editor version 1.7.7.0
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 3
    Juniper Networks Setup Client
    Juniper Terminal Services Client
    Junk Mail filter update
    Linksys EasyLink Advisor
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Choice Guard
    Microsoft Help Viewer 1.0
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Runtime v1.0 SP1 (x86)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Sync Framework Services v1.0 SP1 (x86)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Office Developer Tools (x86)
    Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Visual Studio 2010 Ultimate - ENU
    Microsoft Visual Studio Macro Tools
    Mozilla Firefox (3.6.3)
    Mp3tag v2.46a
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Scan
    NTRU TCG Software Stack
    PowerDVD DX
    Preboot Manager
    Private Information Manager
    Pure Networks Platform
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Wizards
    Service Pack 1 for SQL Server 2008 (KB968369)
    SO32MMWrapper
    Sony USB Driver
    Spybot - Search & Destroy
    Sql Server Customer Experience Improvement Program
    Trusted Drive Manager
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft OneNote 2010 (KB2288640)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)
    UPEK TouchChip Fingerprint Reader
    VC80CRTRedist - 8.0.50727.4053
    Veoh Web Player
    VirtualCloneDrive
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.4
    Vuze
    Wave Infrastructure Installer
    Wave Support Software
    Web Deployment Tool
    WebEx
    WebEx Support Manager for Internet Explorer
    WIDCOMM Bluetooth Software
    Winamp
    Winamp Detector Plug-in
    Winamp Remote
    Windows 7 Upgrade Advisor
    Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
    Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    1/30/2011 7:03:38 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
    1/30/2011 7:02:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/30/2011 6:49:22 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    1/30/2011 6:41:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/30/2011 6:38:48 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 6:38:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/30/2011 6:38:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/30/2011 6:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/30/2011 6:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/30/2011 6:38:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/30/2011 6:38:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/30/2011 6:25:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xc00102e8, 0x00000002, 0x00000000, 0x8367645d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013011-28626-01.
    1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
    1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s).
    1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
    1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
    1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/29/2011 5:08:26 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    1/29/2011 10:14:17 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
    1/29/2011 10:14:17 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
    1/29/2011 10:14:17 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
    1/27/2011 7:16:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/27/2011 2:03:07 PM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 11:32:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    1/27/2011 11:32:45 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 11:32:15 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
    1/27/2011 11:32:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    1/27/2011 11:30:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
    1/27/2011 11:30:25 AM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 11:30:25 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/27/2011 11:29:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    1/27/2011 11:29:55 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/25/2011 9:31:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00009087 (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-21247-01.
    1/25/2011 9:22:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x83647e85). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-21309-01.
    1/25/2011 9:18:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x8364ee85). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-23571-01.
    1/25/2011 12:12:37 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s).
    1/25/2011 12:12:37 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 6 time(s).
    1/25/2011 11:06:06 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-1D-BC-16-DC-FF. Network operations on this system may be disrupted as a result.
    1/25/2011 11:06:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    1/25/2011 10:17:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x8fdb2a0b, 0x00000002, 0x00000001, 0x836281da). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-23353-01.
    1/24/2011 1:28:26 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s).
    1/23/2011 2:50:59 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
    1/23/2011 2:02:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    1/23/2011 1:04:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x820d62f1, 0x8c81ba60, 0x8c81b640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012311-21434-01.
    1/23/2011 1:01:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cfb2f1, 0x8e51fa60, 0x8e51f640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012311-25771-01.

    ==== End Of File ===========================

    ------------------------------------------------------
    Step2
    -------
    Filename: rel91.gif

    http://virusscan.jotti.org/en/scanre...9c232e54ebea54

    2011-02-14 Found nothing 2011-02-15 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-15 Found nothing
    2011-02-15 Found nothing 2011-02-13 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing


    =============
    Filename: eAeLb06504

    http://virusscan.jotti.org/en/scanre...411649e108dd61

    2011-02-10 Found nothing 2011-02-15 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing 2011-02-15 Found nothing
    2011-02-15 Found nothing 2011-02-13 Found nothing
    2011-02-14 Found nothing 2011-02-14 Found nothing
    2011-02-14 Found nothing

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •