sabrasmom

29 Posts

6762

December 3rd, 2007 23:00

HELP! Possible trojan virus on computer.

Over the weekend, Trojan KillAv was detected by my Norton virus scan. It was unable to remove it or quarantine it. Directly after that my homepage changed and I was receiving pop-ups. Since my Norton subscription was about to expire, I purchased Trend Micro Internet Security Plus. Upon installation, I was asked to remove Norton as it downloaded. Since the virus was already there, I did this. Trend Micro also detected Trojan Killav but was unable to remove or quarantine it and I could not finish updating the virus definitions because my internet went down.

Now, I cannot normally start my computer since my Windows XP Pro S2 system comes up to the blue screen right after I log into any of my accounts saying the error "Stop: 0x0000007E (0xc0000005, 0x80536c46, 0xF88F5BDC, 0xF88F58D8)" Upon logging on in safemode, I noticed that my control panel, taskbar, and even registry editor were not operating. From different forums, I was able to restore the control panel, taskbar, and registry editor. However, I still get the blue screen with the error and cannot get my internet to work on the computer. Can someone please help?? (P.S. If you say that I would be better off reinstalling my back-up disk for the operating system, I would not have a problem doing this, but would need assistance on how to do this as well).

I have attached my HijackThis log to help with the process. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41, on 2007-12-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1862EF3D-29E4-4127-9615-B1C49977066A} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBTray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4123.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol748.txt
O20 - Winlogon Notify: mcdpm3 - C:\WINDOWS\Registration\mcdpm3.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10459 bytes

Responses(41)

B

bamajim

10.4K Posts

0

December 4th, 2007 20:00

sabrasmom

We will try to do this without a reinstall. I noticed you had Combofix in your log. Did you try to run it and what was the outcome?

1. Go HERE and download FakeAlertFix

Save it to your Desktop. But do not run it yet.

2. Reboot into Safe Mode
This can be done by

Restart your PC, and after it starts, but before you see the Windows Splash screen
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter

3. Run FakeAlertFix

Double click the fakealertfix.Zip file to unzip it.
Open the FakeAlertFix Folder
Double Click FakeAlertFix.vbe to run the program
Then Select O.K. at the prompt
Allow the program to run
When it is finished it wil produce a log C:\FakeAlertFix.txt
Copy and paste the results of that log in your reply

4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log.
As well as the C:\FakeAlertfix.txt log

Note: you may have to post the results in more than one reply

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

sabrasmom

29 Posts

0

December 4th, 2007 22:00

Thank you for trying to help me!

Here is the FakeAlertFix info:

========================================
FakeAlertFix

Version 1.5.0

By bamajim @ CastleCops.com

========================================

C:\WINDOWS\system32\protector.exe Found!
C:\WINDOWS\system32\protector.exe Deleted!
========================================

Values under HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

%windir%\system32\winav.exe

****** Files in System32\Drivers ******

c:\windows\system32\drivers\1028_dell_ins_i6000.mrk
c:\windows\system32\drivers\1394bus.sys
c:\windows\system32\drivers\abp480n5.sys
c:\windows\system32\drivers\acpi.sys
c:\windows\system32\drivers\acpiec.sys
c:\windows\system32\drivers\adpu160m.sys
c:\windows\system32\drivers\aec.sys
c:\windows\system32\drivers\aegisp.sys
c:\windows\system32\drivers\afd.sys
c:\windows\system32\drivers\agp440.sys
c:\windows\system32\drivers\agpcpq.sys
c:\windows\system32\drivers\aha154x.sys
c:\windows\system32\drivers\aic78u2.sys
c:\windows\system32\drivers\aic78xx.sys
c:\windows\system32\drivers\aliide.sys
c:\windows\system32\drivers\alim1541.sys
c:\windows\system32\drivers\amdagp.sys
c:\windows\system32\drivers\amdk6.sys
c:\windows\system32\drivers\amdk7.sys
c:\windows\system32\drivers\amsint.sys
c:\windows\system32\drivers\apfiltr.sys
c:\windows\system32\drivers\appdrv.sys
c:\windows\system32\drivers\arp1394.sys
c:\windows\system32\drivers\asc.sys
c:\windows\system32\drivers\asc3350p.sys
c:\windows\system32\drivers\asc3550.sys
c:\windows\system32\drivers\asctrm.sys
c:\windows\system32\drivers\asyncmac.sys
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\drivers\atmarpc.sys
c:\windows\system32\drivers\atmepvc.sys
c:\windows\system32\drivers\atmlane.sys
c:\windows\system32\drivers\atmuni.sys
c:\windows\system32\drivers\audstub.sys
c:\windows\system32\drivers\ax88772.sys
c:\windows\system32\drivers\battc.sys
c:\windows\system32\drivers\bcm4sbxp.sys
c:\windows\system32\drivers\bcmwl5.sys
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\bridge.sys
c:\windows\system32\drivers\bvrp_pci.sys
c:\windows\system32\drivers\cbidf2k.sys
c:\windows\system32\drivers\cd20xrnt.sys
c:\windows\system32\drivers\cdaudio.sys
c:\windows\system32\drivers\cdfs.sys
c:\windows\system32\drivers\cdrom.sys
c:\windows\system32\drivers\cinemst2.sys
c:\windows\system32\drivers\classpnp.sys
c:\windows\system32\drivers\cmbatt.sys
c:\windows\system32\drivers\cmdide.sys
c:\windows\system32\drivers\coh_mon.cat
c:\windows\system32\drivers\coh_mon.inf
c:\windows\system32\drivers\coh_mon.sys
c:\windows\system32\drivers\compbatt.sys
c:\windows\system32\drivers\cpqarray.sys
c:\windows\system32\drivers\cpqdap01.sys
c:\windows\system32\drivers\crusoe.sys
c:\windows\system32\drivers\dac2w2k.sys
c:\windows\system32\drivers\dac960nt.sys
c:\windows\system32\drivers\del5422.cty
c:\windows\system32\drivers\disk.sys
c:\windows\system32\drivers\diskdump.sys
c:\windows\system32\drivers\dmboot.sys
c:\windows\system32\drivers\dmio.sys
c:\windows\system32\drivers\dmload.sys
c:\windows\system32\drivers\dmusic.sys
c:\windows\system32\drivers\dpti2o.sys
c:\windows\system32\drivers\drmk.sys
c:\windows\system32\drivers\drmkaud.sys
c:\windows\system32\drivers\drvmcdb.sys
c:\windows\system32\drivers\drvnddm.sys
c:\windows\system32\drivers\dsunidrv.sys
c:\windows\system32\drivers\dxapi.sys
c:\windows\system32\drivers\dxg.sys
c:\windows\system32\drivers\dxgthk.sys
c:\windows\system32\drivers\e100b325.sys
c:\windows\system32\drivers\enum1394.sys
c:\windows\system32\drivers\fastfat.sys
c:\windows\system32\drivers\fdc.sys
c:\windows\system32\drivers\fips.sys
c:\windows\system32\drivers\flpydisk.sys
c:\windows\system32\drivers\fltmgr.sys
c:\windows\system32\drivers\fsvga.sys
c:\windows\system32\drivers\fs_rec.sys
c:\windows\system32\drivers\ftdisk.sys
c:\windows\system32\drivers\gbdevice.sys
c:\windows\system32\drivers\gbfshook.sys
c:\windows\system32\drivers\gm.dls
c:\windows\system32\drivers\gmreadme.txt
c:\windows\system32\drivers\goback2k.sys
c:\windows\system32\drivers\hidclass.sys
c:\windows\system32\drivers\hidparse.sys
c:\windows\system32\drivers\hidusb.sys
c:\windows\system32\drivers\hpn.sys
c:\windows\system32\drivers\hsfhwich.sys
c:\windows\system32\drivers\hsf_cnxt.sys
c:\windows\system32\drivers\hsf_dp.sys
c:\windows\system32\drivers\http.sys
c:\windows\system32\drivers\i2omgmt.sys
c:\windows\system32\drivers\i2omp.sys
c:\windows\system32\drivers\i8042prt.sys
c:\windows\system32\drivers\ialmnt5.sys
c:\windows\system32\drivers\imapi.sys
c:\windows\system32\drivers\ini910u.sys
c:\windows\system32\drivers\intelide.sys
c:\windows\system32\drivers\intelppm.sys
c:\windows\system32\drivers\ip6fw.sys
c:\windows\system32\drivers\ipfltdrv.sys
c:\windows\system32\drivers\ipinip.sys
c:\windows\system32\drivers\ipnat.sys
c:\windows\system32\drivers\ipsec.sys
c:\windows\system32\drivers\irenum.sys
c:\windows\system32\drivers\isapnp.sys
c:\windows\system32\drivers\kbdclass.sys
c:\windows\system32\drivers\kmixer.sys
c:\windows\system32\drivers\ks.sys
c:\windows\system32\drivers\ksecdd.sys
c:\windows\system32\drivers\mcd.sys
c:\windows\system32\drivers\mcstrm.sys
c:\windows\system32\drivers\mdmxsdk.sys
c:\windows\system32\drivers\mf.sys
c:\windows\system32\drivers\mnmdd.sys
c:\windows\system32\drivers\modem.sys
c:\windows\system32\drivers\mouclass.sys
c:\windows\system32\drivers\mountmgr.sys
c:\windows\system32\drivers\mqac.sys
c:\windows\system32\drivers\mraid35x.sys
c:\windows\system32\drivers\mrxdav.sys
c:\windows\system32\drivers\mrxsmb.sys
c:\windows\system32\drivers\msfs.sys
c:\windows\system32\drivers\msgpc.sys
c:\windows\system32\drivers\mskssrv.sys
c:\windows\system32\drivers\mspclock.sys
c:\windows\system32\drivers\mspqm.sys
c:\windows\system32\drivers\mssmbios.sys
c:\windows\system32\drivers\mup.sys
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\ndistapi.sys
c:\windows\system32\drivers\ndisuio.sys
c:\windows\system32\drivers\ndiswan.sys
c:\windows\system32\drivers\ndproxy.sys
c:\windows\system32\drivers\netbios.sys
c:\windows\system32\drivers\netbt.sys
c:\windows\system32\drivers\nic1394.sys
c:\windows\system32\drivers\nikedrv.sys
c:\windows\system32\drivers\nmnt.sys
c:\windows\system32\drivers\npdriver.sys
c:\windows\system32\drivers\npfs.sys
c:\windows\system32\drivers\ntfs.sys
c:\windows\system32\drivers\null.sys
c:\windows\system32\drivers\nv4_mini.sys
c:\windows\system32\drivers\nwlnkflt.sys
c:\windows\system32\drivers\nwlnkfwd.sys
c:\windows\system32\drivers\nwlnkipx.sys
c:\windows\system32\drivers\nwlnknb.sys
c:\windows\system32\drivers\nwlnkspx.sys
c:\windows\system32\drivers\nwrdr.sys
c:\windows\system32\drivers\ohci1394.sys
c:\windows\system32\drivers\omci.sys
c:\windows\system32\drivers\oprghdlr.sys
c:\windows\system32\drivers\p3.sys
c:\windows\system32\drivers\parport.sys
c:\windows\system32\drivers\partmgr.sys
c:\windows\system32\drivers\parvdm.sys
c:\windows\system32\drivers\pci.sys
c:\windows\system32\drivers\pciide.sys
c:\windows\system32\drivers\pciidex.sys
c:\windows\system32\drivers\pcmcia.sys
c:\windows\system32\drivers\perc2.sys
c:\windows\system32\drivers\perc2hib.sys
c:\windows\system32\drivers\portcls.sys
c:\windows\system32\drivers\processr.sys
c:\windows\system32\drivers\psched.sys
c:\windows\system32\drivers\ptilink.sys
c:\windows\system32\drivers\pxhelp20.sys
c:\windows\system32\drivers\ql1080.sys
c:\windows\system32\drivers\ql10wnt.sys
c:\windows\system32\drivers\ql12160.sys
c:\windows\system32\drivers\ql1240.sys
c:\windows\system32\drivers\ql1280.sys
c:\windows\system32\drivers\rasacd.sys
c:\windows\system32\drivers\rasl2tp.sys
c:\windows\system32\drivers\raspppoe.sys
c:\windows\system32\drivers\raspptp.sys
c:\windows\system32\drivers\raspti.sys
c:\windows\system32\drivers\rawwan.sys
c:\windows\system32\drivers\rdbss.sys
c:\windows\system32\drivers\rdpcdd.sys
c:\windows\system32\drivers\rdpdr.sys
c:\windows\system32\drivers\rdpwd.sys
c:\windows\system32\drivers\redbook.sys
c:\windows\system32\drivers\rio8drv.sys
c:\windows\system32\drivers\riodrv.sys
c:\windows\system32\drivers\rmcast.sys
c:\windows\system32\drivers\rndismp.sys
c:\windows\system32\drivers\rootmdm.sys
c:\windows\system32\drivers\scsiport.sys
c:\windows\system32\drivers\sdbus.sys
c:\windows\system32\drivers\sddriver.sys
c:\windows\system32\drivers\secdrv.sys
c:\windows\system32\drivers\ser2pl.sys
c:\windows\system32\drivers\serenum.sys
c:\windows\system32\drivers\serial.sys
c:\windows\system32\drivers\sffdisk.sys
c:\windows\system32\drivers\sffp_sd.sys
c:\windows\system32\drivers\sfloppy.sys
c:\windows\system32\drivers\sisagp.sys
c:\windows\system32\drivers\smclib.sys
c:\windows\system32\drivers\sonydcam.sys
c:\windows\system32\drivers\sparrow.sys
c:\windows\system32\drivers\splitter.sys
c:\windows\system32\drivers\sr.sys
c:\windows\system32\drivers\srv.sys
c:\windows\system32\drivers\sscdbhk5.sys
c:\windows\system32\drivers\ssrtln.sys
c:\windows\system32\drivers\stac97.sys
c:\windows\system32\drivers\stream.sys
c:\windows\system32\drivers\swenum.sys
c:\windows\system32\drivers\swmidi.sys
c:\windows\system32\drivers\symc810.sys
c:\windows\system32\drivers\symc8xx.sys
c:\windows\system32\drivers\symevent.cat
c:\windows\system32\drivers\symevent.inf
c:\windows\system32\drivers\symevent.sys
c:\windows\system32\drivers\sym_hi.sys
c:\windows\system32\drivers\sym_u3.sys
c:\windows\system32\drivers\sysaudio.sys
c:\windows\system32\drivers\tape.sys
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\drivers\tcpip6.sys
c:\windows\system32\drivers\tdi.sys
c:\windows\system32\drivers\tdpipe.sys
c:\windows\system32\drivers\tdtcp.sys
c:\windows\system32\drivers\termdd.sys
c:\windows\system32\drivers\tmactmon.sys
c:\windows\system32\drivers\tmcomm.sys
c:\windows\system32\drivers\tmevtmgr.sys
c:\windows\system32\drivers\tmpreflt.sys
c:\windows\system32\drivers\tmtdi.sys
c:\windows\system32\drivers\tmxpflt.sys
c:\windows\system32\drivers\tm_cfw.sys
c:\windows\system32\drivers\tosdvd.sys
c:\windows\system32\drivers\toside.sys
c:\windows\system32\drivers\tsbvcap.sys
c:\windows\system32\drivers\tunmp.sys
c:\windows\system32\drivers\udfs.sys
c:\windows\system32\drivers\ultra.sys
c:\windows\system32\drivers\update.sys
c:\windows\system32\drivers\usb8023.sys
c:\windows\system32\drivers\usbaudio.sys
c:\windows\system32\drivers\usbcamd.sys
c:\windows\system32\drivers\usbcamd2.sys
c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\drivers\usbd.sys
c:\windows\system32\drivers\usbehci.sys
c:\windows\system32\drivers\usbhub.sys
c:\windows\system32\drivers\usbintel.sys
c:\windows\system32\drivers\usbport.sys
c:\windows\system32\drivers\usbprint.sys
c:\windows\system32\drivers\usbscan.sys
c:\windows\system32\drivers\usbstor.sys
c:\windows\system32\drivers\usbuhci.sys
c:\windows\system32\drivers\vdmindvd.sys
c:\windows\system32\drivers\vga.sys
c:\windows\system32\drivers\viaagp.sys
c:\windows\system32\drivers\viaide.sys
c:\windows\system32\drivers\videoprt.sys
c:\windows\system32\drivers\volsnap.sys
c:\windows\system32\drivers\vsapint.sys
c:\windows\system32\drivers\wanarp.sys
c:\windows\system32\drivers\wdmaud.sys
c:\windows\system32\drivers\wmilib.sys
c:\windows\system32\drivers\wpdusb.sys
c:\windows\system32\drivers\ws2ifsl.sys

sabrasmom

29 Posts

0

December 4th, 2007 22:00

I almost was unable to get a HijackThis log on normal mode, due to the blue error screen with the STOP: 0x0000007e coming up directly after. However, I did manage so here is the log. Also, combofix is unable to help with the problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:03 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\dcxxygx.exe
C:\WINDOWS\Temp\startdrv.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\spoolc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1862EF3D-29E4-4127-9615-B1C49977066A} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4123.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol748.txt
O20 - Winlogon Notify: mcdpm3 - C:\WINDOWS\Registration\mcdpm3.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12305 bytes

B

bamajim

10.4K Posts

0

December 4th, 2007 23:00

sabrasmom

You are most welcome. This is a very nasty and destructive infection, so let's see if we can whip it.

1. Please download the Killbox.

1)Save it to the desktop
2) Rt Click->>Extract all->.Extract it to your Desktop
3) Double Click Killbox.exe to run it
4)Select " Delete on Reboot", and then select "All files".
5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
- C:\WINDOWS\system32\bronto.dll
  C:\WINDOWS\dcxxygx.exe
  C:\WINDOWS\Temp\startdrv.exe
  C:\WINDOWS\system32\sol748.txt
6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
7) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.

2. Rerun Hijackthis (scan only) and place checks beside the following entries

O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol748.txt
O20 - Winlogon Notify: mcdpm3 - C:\WINDOWS\Registration\mcdpm3.dll (file missing)

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

B

bamajim

10.4K Posts

0

December 5th, 2007 00:00

Sabrasmom

While researching something else, I noticed you posted your log at another forum.

http://boards.cexx.org/index.php?topic=16831.msg69818

Please decide which thread you would like to continue with, and either post here or at Cexx.org and tell one of us that you are being helped at another forum.

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

sabrasmom

29 Posts

0

December 5th, 2007 02:00

bamajim,

I did post at two forums, as I am trying to get my laptop fix as soon as possible so that I may finish reports on the go. I figured the first one that starts pointing me in the right direction, I should go with. I tried the first suggestion on the other one and got stuck, so I will stick with this forum and your help, since it seems like we are on the right direction. I was able to delete all requested HijackThis files, except for the winter one. This is because I could only access the HijackThis in safe mode, because if I tried to do more than a scan in normal, the blue screen would come up. Upon deleting these in safe mode, I restarted in normal and quickly saw upon first glance that the winter one is still present there (although it was not shown in safe mode). Here is my HijackThis in safe mode (if you need it in normal mode, I can try to obtain that one as well, but I believe before, I just got lucky):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54, on 2007-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1862EF3D-29E4-4127-9615-B1C49977066A} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4123.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol748.txt
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9834 bytes

sabrasmom

29 Posts

0

December 5th, 2007 02:00

FYI - I still get the icons and taskbar logging into safe mode.

sabrasmom

29 Posts

0

December 5th, 2007 02:00

bamajim,

I really appreciate all your help so far. I just wanted to inform you that I tried to log into normal mode and get the scan log from the HijackThis so that you may see that as well. However, upon logging into either one of my two accounts, I no longer have a taskbar or desktop icons. I did have this problem a few months ago and I was informed to install the Combofix. From then on out, they were always present. On the bright side, I no longer get the blue error screen and I can access the task manager through processing ctrl+alt+del.

sabrasmom

B

bamajim

10.4K Posts

0

December 5th, 2007 15:00

sabrasmom

I can understand you wanting to get your PC repaired as soon as possible. But you must understand that all of us who work these antimalware forums do so as volunteers. With so many infected PC's and so few volunteers, we try to help as many as possible and two workers working on the same PC is wasting time. Having said that let's continue.

There are a couple of steps we are going to take to try to get to the root of the problem.

1. Go here

Download winlogon3_100 and save it to your Desktop. Double Click it to unzip it. It will ask for a password, it is AL. Then double click winlogon3.vbe to run it. It will produce a log, copy and paste that as a reply to this thread.

NEXT 1. Go HERE and download FakeAlertFix

Save it to your Desktop. But do not run it yet.

2. Reboot into Safe Mode
This can be done by

Restart your PC, and after it starts, but before you see the Windows Splash screen
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter

MAKE SURE IE IS CLOSED WHEN YOU RUN THE TOOL

3. Run FakeAlertFix

Double click the fakealertfix.Zip file to unzip it.
Open the FakeAlertFix Folder
Double Click FakeAlertFix.vbe to run the program
Then Select O.K. at the prompt
Allow the program to run
When it is finished it wil produce a log C:\FakeAlertFix.txt
Copy and paste the results of that log in your reply

4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log.
As well as the C:\FakeAlertfix.txt log

Note: you may have to post the results in more than one reply

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

sabrasmom

29 Posts

0

December 5th, 2007 20:00

bamajim,

It looks like we are in a losing battle. I was able to do the winlogon3_100, but before I could copy the log for that in normal mode, the blue error screen came on. Now, I cannot even log into normal mode or safe mode because I get the blue screen at the Windows startup page, but with the error code of "STOP: 0x0000007B (0xF8B30528, 0xC0000034, 0x00000000, 0x00000000) with the message above it saying "Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer." Is there anything I can do?

sabrasmom

29 Posts

0

December 5th, 2007 22:00

bamajim,

I didn't really look at the log. I was just trying to copy it quickly before the blue screen came up. But I do have the XP OS disk that came with the computer.

sabrasmom

B

bamajim

10.4K Posts

0

December 5th, 2007 22:00

sabrasmom

On the winlogon3 log was there a difference between the 2 winlogon files that you could see in the log?

2. Do you have the XP OS (operating System) disk that came with the PC?

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

B

bamajim

10.4K Posts

0

December 5th, 2007 22:00

sabrasmom

We are going to try to do an XP repair. You will need the OS disk and another PC to access the info from the Internet.

Follow the instructions at this link

http://www.geekstogo.com/forum/How-to-repair-Windows-XP-t138.html

Microsoft MVP Windows-Security

CastleCops Instructor

"The world is what you make of it"

sabrasmom

29 Posts

0

December 6th, 2007 00:00

As for the HijackThis log, I was unable to get it from the normal mode due to the error screen coming up and the computer restarting automatically. Also, my internet is not working on it as well, so I am unable to download the critical Windows updates. Here is the HijackThis log in safe mode:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:32 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1862EF3D-29E4-4127-9615-B1C49977066A} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4123.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol748.txt
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoBack Polling Service (GBPoll) - Unknown owner - C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9818 bytes

sabrasmom

29 Posts

0

December 6th, 2007 00:00

bamajim,

I was able to do the XP repair, except the computer keeps rebooting in normal mode if I wait more than a minute to pick the account. Also in normal mode, the blue screen with the original stop error is shown and from then it reboots by itself right away. I was able to put fakealertfix on my desktop in normal mode before the blue screen went up. Then I went to safe mode and ran it. Here are the results from that. I had to cut the results in half and make two posts of them, as they are long:

========================================
FakeAlertFix

Version 1.5.0

By bamajim @ CastleCops.com

========================================

C:\WINDOWS\system32\protector.exe Found!
C:\WINDOWS\system32\protector.exe Deleted!
========================================

Values under HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

%windir%\system32\winav.exe

****** Files in System32\Drivers ******

c:\windows\system32\drivers\1028_dell_ins_i6000.mrk
c:\windows\system32\drivers\1394bus.sys
c:\windows\system32\drivers\abp480n5.sys
c:\windows\system32\drivers\acpi.sys
c:\windows\system32\drivers\acpiec.sys
c:\windows\system32\drivers\adpu160m.sys
c:\windows\system32\drivers\aec.sys
c:\windows\system32\drivers\aegisp.sys
c:\windows\system32\drivers\afd.sys
c:\windows\system32\drivers\agp440.sys
c:\windows\system32\drivers\agpcpq.sys
c:\windows\system32\drivers\aha154x.sys
c:\windows\system32\drivers\aic78u2.sys
c:\windows\system32\drivers\aic78xx.sys
c:\windows\system32\drivers\aliide.sys
c:\windows\system32\drivers\alim1541.sys
c:\windows\system32\drivers\amdagp.sys
c:\windows\system32\drivers\amdk6.sys
c:\windows\system32\drivers\amdk7.sys
c:\windows\system32\drivers\amsint.sys
c:\windows\system32\drivers\apfiltr.sys
c:\windows\system32\drivers\appdrv.sys
c:\windows\system32\drivers\arp1394.sys
c:\windows\system32\drivers\asc.sys
c:\windows\system32\drivers\asc3350p.sys
c:\windows\system32\drivers\asc3550.sys
c:\windows\system32\drivers\asctrm.sys
c:\windows\system32\drivers\asyncmac.sys
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\drivers\atmarpc.sys
c:\windows\system32\drivers\atmepvc.sys
c:\windows\system32\drivers\atmlane.sys
c:\windows\system32\drivers\atmuni.sys
c:\windows\system32\drivers\audstub.sys
c:\windows\system32\drivers\ax88772.sys
c:\windows\system32\drivers\battc.sys
c:\windows\system32\drivers\bcm4sbxp.sys
c:\windows\system32\drivers\bcmwl5.sys
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\bridge.sys
c:\windows\system32\drivers\bvrp_pci.sys
c:\windows\system32\drivers\cbidf2k.sys
c:\windows\system32\drivers\cd20xrnt.sys
c:\windows\system32\drivers\cdaudio.sys
c:\windows\system32\drivers\cdfs.sys
c:\windows\system32\drivers\cdrom.sys
c:\windows\system32\drivers\cinemst2.sys
c:\windows\system32\drivers\classpnp.sys
c:\windows\system32\drivers\cmbatt.sys
c:\windows\system32\drivers\cmdide.sys
c:\windows\system32\drivers\coh_mon.cat
c:\windows\system32\drivers\coh_mon.inf
c:\windows\system32\drivers\coh_mon.sys
c:\windows\system32\drivers\compbatt.sys
c:\windows\system32\drivers\cpqarray.sys
c:\windows\system32\drivers\cpqdap01.sys
c:\windows\system32\drivers\crusoe.sys
c:\windows\system32\drivers\dac2w2k.sys
c:\windows\system32\drivers\dac960nt.sys
c:\windows\system32\drivers\del5422.cty
c:\windows\system32\drivers\disk.sys
c:\windows\system32\drivers\diskdump.sys
c:\windows\system32\drivers\dmboot.sys
c:\windows\system32\drivers\dmio.sys
c:\windows\system32\drivers\dmload.sys
c:\windows\system32\drivers\dmusic.sys
c:\windows\system32\drivers\dpti2o.sys
c:\windows\system32\drivers\drmk.sys
c:\windows\system32\drivers\drmkaud.sys
c:\windows\system32\drivers\drvmcdb.sys
c:\windows\system32\drivers\drvnddm.sys
c:\windows\system32\drivers\dsunidrv.sys
c:\windows\system32\drivers\dxapi.sys
c:\windows\system32\drivers\dxg.sys
c:\windows\system32\drivers\dxgthk.sys
c:\windows\system32\drivers\e100b325.sys
c:\windows\system32\drivers\enum1394.sys
c:\windows\system32\drivers\fastfat.sys
c:\windows\system32\drivers\fdc.sys
c:\windows\system32\drivers\fips.sys
c:\windows\system32\drivers\flpydisk.sys
c:\windows\system32\drivers\fltmgr.sys
c:\windows\system32\drivers\fsvga.sys
c:\windows\system32\drivers\fs_rec.sys
c:\windows\system32\drivers\ftdisk.sys
c:\windows\system32\drivers\gbdevice.sys
c:\windows\system32\drivers\gbfshook.sys
c:\windows\system32\drivers\gm.dls
c:\windows\system32\drivers\gmreadme.txt
c:\windows\system32\drivers\goback2k.sys
c:\windows\system32\drivers\hidclass.sys
c:\windows\system32\drivers\hidparse.sys
c:\windows\system32\drivers\hidusb.sys
c:\windows\system32\drivers\hpn.sys
c:\windows\system32\drivers\hsfhwich.sys
c:\windows\system32\drivers\hsf_cnxt.sys
c:\windows\system32\drivers\hsf_dp.sys
c:\windows\system32\drivers\http.sys
c:\windows\system32\drivers\i2omgmt.sys
c:\windows\system32\drivers\i2omp.sys
c:\windows\system32\drivers\i8042prt.sys
c:\windows\system32\drivers\ialmnt5.sys
c:\windows\system32\drivers\imapi.sys
c:\windows\system32\drivers\ini910u.sys
c:\windows\system32\drivers\intelide.sys
c:\windows\system32\drivers\intelppm.sys
c:\windows\system32\drivers\ip6fw.sys
c:\windows\system32\drivers\ipfltdrv.sys
c:\windows\system32\drivers\ipinip.sys
c:\windows\system32\drivers\ipnat.sys
c:\windows\system32\drivers\ipsec.sys
c:\windows\system32\drivers\irenum.sys
c:\windows\system32\drivers\isapnp.sys
c:\windows\system32\drivers\kbdclass.sys
c:\windows\system32\drivers\kmixer.sys
c:\windows\system32\drivers\ks.sys
c:\windows\system32\drivers\ksecdd.sys
c:\windows\system32\drivers\mcd.sys
c:\windows\system32\drivers\mcstrm.sys
c:\windows\system32\drivers\mdmxsdk.sys
c:\windows\system32\drivers\mf.sys
c:\windows\system32\drivers\mnmdd.sys
c:\windows\system32\drivers\modem.sys
c:\windows\system32\drivers\mouclass.sys
c:\windows\system32\drivers\mountmgr.sys
c:\windows\system32\drivers\mqac.sys
c:\windows\system32\drivers\mraid35x.sys
c:\windows\system32\drivers\mrxdav.sys
c:\windows\system32\drivers\mrxsmb.sys
c:\windows\system32\drivers\msfs.sys
c:\windows\system32\drivers\msgpc.sys
c:\windows\system32\drivers\mskssrv.sys
c:\windows\system32\drivers\mspclock.sys
c:\windows\system32\drivers\mspqm.sys
c:\windows\system32\drivers\mssmbios.sys
c:\windows\system32\drivers\mup.sys
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\ndistapi.sys
c:\windows\system32\drivers\ndisuio.sys
c:\windows\system32\drivers\ndiswan.sys
c:\windows\system32\drivers\ndproxy.sys
c:\windows\system32\drivers\netbios.sys
c:\windows\system32\drivers\netbt.sys
c:\windows\system32\drivers\nic1394.sys
c:\windows\system32\drivers\nikedrv.sys
c:\windows\system32\drivers\nmnt.sys
c:\windows\system32\drivers\npdriver.sys
c:\windows\system32\drivers\npfs.sys
c:\windows\system32\drivers\ntfs.sys
c:\windows\system32\drivers\null.sys
c:\windows\system32\drivers\nv4_mini.sys
c:\windows\system32\drivers\nwlnkflt.sys
c:\windows\system32\drivers\nwlnkfwd.sys
c:\windows\system32\drivers\nwlnkipx.sys
c:\windows\system32\drivers\nwlnknb.sys
c:\windows\system32\drivers\nwlnkspx.sys
c:\windows\system32\drivers\nwrdr.sys
c:\windows\system32\drivers\ohci1394.sys
c:\windows\system32\drivers\omci.sys
c:\windows\system32\drivers\oprghdlr.sys
c:\windows\system32\drivers\p3.sys
c:\windows\system32\drivers\parport.sys
c:\windows\system32\drivers\partmgr.sys
c:\windows\system32\drivers\parvdm.sys
c:\windows\system32\drivers\pci.sys
c:\windows\system32\drivers\pciide.sys
c:\windows\system32\drivers\pciidex.sys
c:\windows\system32\drivers\pcmcia.sys
c:\windows\system32\drivers\perc2.sys
c:\windows\system32\drivers\perc2hib.sys
c:\windows\system32\drivers\portcls.sys
c:\windows\system32\drivers\processr.sys
c:\windows\system32\drivers\psched.sys
c:\windows\system32\drivers\ptilink.sys
c:\windows\system32\drivers\pxhelp20.sys
c:\windows\system32\drivers\ql1080.sys
c:\windows\system32\drivers\ql10wnt.sys
c:\windows\system32\drivers\ql12160.sys
c:\windows\system32\drivers\ql1240.sys
c:\windows\system32\drivers\ql1280.sys
c:\windows\system32\drivers\rasacd.sys
c:\windows\system32\drivers\rasl2tp.sys
c:\windows\system32\drivers\raspppoe.sys
c:\windows\system32\drivers\raspptp.sys
c:\windows\system32\drivers\raspti.sys
c:\windows\system32\drivers\rawwan.sys
c:\windows\system32\drivers\rdbss.sys
c:\windows\system32\drivers\rdpcdd.sys
c:\windows\system32\drivers\rdpdr.sys
c:\windows\system32\drivers\rdpwd.sys
c:\windows\system32\drivers\redbook.sys
c:\windows\system32\drivers\rio8drv.sys
c:\windows\system32\drivers\riodrv.sys
c:\windows\system32\drivers\rmcast.sys
c:\windows\system32\drivers\rndismp.sys
c:\windows\system32\drivers\rootmdm.sys
c:\windows\system32\drivers\scsiport.sys
c:\windows\system32\drivers\sdbus.sys
c:\windows\system32\drivers\sddriver.sys
c:\windows\system32\drivers\secdrv.sys
c:\windows\system32\drivers\ser2pl.sys
c:\windows\system32\drivers\serenum.sys
c:\windows\system32\drivers\serial.sys
c:\windows\system32\drivers\sffdisk.sys
c:\windows\system32\drivers\sffp_sd.sys
c:\windows\system32\drivers\sfloppy.sys
c:\windows\system32\drivers\sisagp.sys
c:\windows\system32\drivers\smclib.sys
c:\windows\system32\drivers\sonydcam.sys
c:\windows\system32\drivers\sparrow.sys
c:\windows\system32\drivers\splitter.sys
c:\windows\system32\drivers\sr.sys
c:\windows\system32\drivers\srv.sys
c:\windows\system32\drivers\sscdbhk5.sys
c:\windows\system32\drivers\ssrtln.sys
c:\windows\system32\drivers\stac97.sys
c:\windows\system32\drivers\stream.sys
c:\windows\system32\drivers\swenum.sys
c:\windows\system32\drivers\swmidi.sys
c:\windows\system32\drivers\symc810.sys
c:\windows\system32\drivers\symc8xx.sys
c:\windows\system32\drivers\symevent.cat
c:\windows\system32\drivers\symevent.inf
c:\windows\system32\drivers\symevent.sys
c:\windows\system32\drivers\sym_hi.sys
c:\windows\system32\drivers\sym_u3.sys
c:\windows\system32\drivers\sysaudio.sys
c:\windows\system32\drivers\tape.sys
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\drivers\tcpip6.sys
c:\windows\system32\drivers\tdi.sys
c:\windows\system32\drivers\tdpipe.sys
c:\windows\system32\drivers\tdtcp.sys
c:\windows\system32\drivers\termdd.sys
c:\windows\system32\drivers\tmactmon.sys
c:\windows\system32\drivers\tmcomm.sys
c:\windows\system32\drivers\tmevtmgr.sys
c:\windows\system32\drivers\tmpreflt.sys
c:\windows\system32\drivers\tmtdi.sys
c:\windows\system32\drivers\tmxpflt.sys
c:\windows\system32\drivers\tm_cfw.sys
c:\windows\system32\drivers\tosdvd.sys
c:\windows\system32\drivers\toside.sys
c:\windows\system32\drivers\tsbvcap.sys
c:\windows\system32\drivers\tunmp.sys
c:\windows\system32\drivers\udfs.sys
c:\windows\system32\drivers\ultra.sys
c:\windows\system32\drivers\update.sys
c:\windows\system32\drivers\usb8023.sys
c:\windows\system32\drivers\usbaudio.sys
c:\windows\system32\drivers\usbcamd.sys
c:\windows\system32\drivers\usbcamd2.sys
c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\drivers\usbd.sys
c:\windows\system32\drivers\usbehci.sys
c:\windows\system32\drivers\usbhub.sys
c:\windows\system32\drivers\usbintel.sys
c:\windows\system32\drivers\usbport.sys
c:\windows\system32\drivers\usbprint.sys
c:\windows\system32\drivers\usbscan.sys
c:\windows\system32\drivers\usbstor.sys
c:\windows\system32\drivers\usbuhci.sys
c:\windows\system32\drivers\vdmindvd.sys
c:\windows\system32\drivers\vga.sys
c:\windows\system32\drivers\viaagp.sys
c:\windows\system32\drivers\viaide.sys
c:\windows\system32\drivers\videoprt.sys
c:\windows\system32\drivers\volsnap.sys
c:\windows\system32\drivers\vsapint.sys
c:\windows\system32\drivers\wanarp.sys
c:\windows\system32\drivers\wdmaud.sys
c:\windows\system32\drivers\wmilib.sys
c:\windows\system32\drivers\wpdusb.sys
c:\windows\system32\drivers\ws2ifsl.sys
========================================

1
2
3

View All

No Events found!

Virus & Spyware

HELP! Possible trojan virus on computer.

Was this post helpful?