Jump to content

Croupier

Advanced Member
  • Content count

    936
  • Joined

  • Last visited

About Croupier

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Illinois

Previous Fields

  • Teams:
    PC Builders Club
  1. Mint 18.3 cinnamon help

    I was able to get it. Hold shift didn't work for me. just had to tap it at the right time. Booted to recovery and was able to launch terminal from there and reinstalled intel driver. Back up and working. It appears that flash player is causing my screen to go black for a few seconds.
  2. Mint 18.3 cinnamon help

    I installed mint tweaked it up and was having video problems. So i tried removing the intel driver and give the modesetting driver a try. sudo apt-get remove xserver-xorg-video-intel It failed now the PC will only boot to a black screen with a white blinking cursor and do nothing. I have a mint disc made. how can i boot from the disk and reinstall the intel driver. Or do i just have to start over? sudo apt-get install xserver-xorg-video-intel
  3. Data Recovery from mac air book

    OK. I belive the ssd is a PCIe its a 2015 air. So i guess im gonna hook it up in my linux pcie slot (hope that works) i could buy an external pcie ill look around later. once i can verify the drive works any tips on how to find the files i need. pics and docs only
  4. I have a mac airbook with a dead MB I need to gets some docs and pics off the drive. Any tips or help please Can i use a boot disk in another computer? Can i hook up the mac drive to a linux PC and explore the drive like in windows? Other options?
  5. suse 13.1 wifi problem

    well put! i knew it as i was typing Thanks for hanging in there with me! appreciate the help.
  6. suse 13.1 wifi problem

    I did that and installed ok. but nothing happend. still no wifi. I found these commands as a fix but they did not work in terminal also tried them as super user sudo apt-get remove bcmwl-kernel-source sudo apt-get install firmware-b43-installer how would i accomplish this in suse 13.1 ( i assume these commands are ubuntu specific) i hope im making sence. i appreciate the help.
  7. suse 13.1 wifi problem

    I read that last night. I downloaded the 64bit driver I guess I just don't know how to install it. At this point it's no big deal. I'll just put the windows machine on wireless and the Linux wired. I have a lot to learn!
  8. suse 13.1 wifi problem

    Im brand new (total NOOB!) 1st time linux user lots of googleing getting no where. can i make this adapter work Bus 001 Device 005: ID 13b1:003a Linksys AE2500 802.11abgn Wireless Adapter [broadcom BCM43236]
  9. Looking For Beta Testers

    I would like the oportunity to beta-test if you need.
  10. Autorun Virus

    Thank you very much juliet!! All looks good here. Once agian thank you for your time.
  11. Autorun Virus

    Computer is responding well. Seems to be back to normal. DDS (Ver_10-03-17.01) - NTFSx86 Run by Dave at 2:12:35.59 on Wed 07/28/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.895.477 [GMT -5:00] SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Dave\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\pyt900rz.default\ FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-15 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-15 56816] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 VSTHWATI;VSTHWATI;c:\windows\system32\drivers\VSTATI3.SYS [2009-7-13 236032] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408] S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2010-2-2 43520] S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2010-2-16 63488] S3 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-25 1343400] S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-15 108289] S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-15 185089] =============== Created Last 30 ================ 2010-07-27 18:44:48 0 d-sh--w- C:\$RECYCLE.BIN 2010-07-27 18:36:19 98816 ----a-w- c:\windows\sed.exe 2010-07-27 18:36:19 77312 ----a-w- c:\windows\MBR.exe 2010-07-27 18:36:19 256512 ----a-w- c:\windows\PEV.exe 2010-07-27 18:36:19 161792 ----a-w- c:\windows\SWREG.exe 2010-07-25 20:11:22 0 d-----w- C:\_OTM 2010-07-25 17:05:01 0 d-----w- C:\HJT 2010-07-25 14:12:44 0 d-----w- c:\programdata\Panda Security 2010-07-25 14:12:36 0 d-----w- c:\program files\Panda USB Vaccine 2010-07-25 04:52:47 0 d-----w- c:\program files\ESET 2010-07-17 08:02:51 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-07-17 08:02:51 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-07-17 08:02:51 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-07-17 08:02:51 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-07-17 08:02:51 1130824 ----a-w- c:\windows\system32\dfshim.dll ==================== Find3M ==================== 2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll 2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-02-15 10:10:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-02-15 10:14:04 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 2:13:14.64 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/15/2010 3:51:24 AM System Uptime: 7/28/2010 2:10:41 AM (0 hours ago) Motherboard: Quanta | | 3093 Processor: AMD Turion 64 Mobile Technology ML-34 | U23 | 1800/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 112 GiB total, 55.44 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: Description: Mass Storage Controller Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3091103C&REV_00\4&13826118&0&4BA4 Manufacturer: Name: Mass Storage Controller PNP Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3091103C&REV_00\4&13826118&0&4BA4 Service: ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 Lite AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Apple Application Support Apple Mobile Device Support Apple Software Update Auslogics Disk Defrag Avanquest update Avira AntiVir Personal - Free Antivirus BufferChm Check Designer Compatibility Pack for the 2007 Office system Conexant AC-Link Audio Copy Destinations DeviceDiscovery DocProc DriveImage XML (Private Edition) ESET Online Scanner v3 F300 F300_Help F300Trb Fax Google SketchUp 7 GPBaseService2 HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply ImgBurn iTunes Java Auto Updater Java 6 Update 18 Malwarebytes' Anti-Malware MarketResearch Microsoft Office XP Professional with FrontPage Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XML Parser Mozilla Firefox (3.6) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyCheckBook neroxml Network Newsflash ObjectDock OCR Software by I.R.I.S. 13.0 Panda USB Vaccine 1.0.1.4 QuickTime Scan Shop for HP Supplies SkyCaddie Desktop SmartWebPrinting SolutionCenter Status SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver TeamViewer 5 Toolbox TrayApp UnloadSupport VCRedistSetup WebReg WinPatrol 2009 WinRAR archiver Yahoo! Install Manager Yahoo! Toolbar Yahoo! Widgets ==== Event Viewer Messages From Past Week ======== 7/27/2010 1:46:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/27/2010 1:44:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/27/2010 1:42:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/27/2010 1:36:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 7/27/2010 1:34:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 7/27/2010 1:34:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 7/27/2010 1:30:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/27/2010 1:30:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/27/2010 1:30:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/27/2010 1:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/27/2010 1:30:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb discache SASDIFSV SASKUTIL spldr ssmdrv Wanarpv6 7/27/2010 1:20:57 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 7/25/2010 11:27:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Compaq-Laptop\Dave SID (S-1-5-21-729697239-3014815919-2578197032-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/25/2010 11:27:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Compaq-Laptop\Dave SID (S-1-5-21-729697239-3014815919-2578197032-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/24/2010 7:04:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb cdrom discache SASDIFSV SASKUTIL spldr ssmdrv Wanarpv6 7/24/2010 6:00:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 6:00:03 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 5:52:08 PM, Error: Disk [11] - The driver detected a controller error on \...\DR2. 7/24/2010 11:28:46 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 10:43:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 7/24/2010 10:33:03 PM, Error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s). 7/24/2010 10:32:38 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==== End Of File ===========================
  12. Autorun Virus

    Thanks agian. I followed your instructions it was done in safemode if that matters. Here are the logs ========= FILES ========== c:\users\dave\1x.exe moved successfully. c:\users\dave\ceixen.exe moved successfully. c:\users\dave\osiy.exe moved successfully. c:\users\dave\keiluf.exe moved successfully. c:\users\dave\ptix.exe moved successfully. c:\users\dave\teija.exe moved successfully. c:\users\dave\appdata\roaming\0ccb1a8b.exe moved successfully. ========== COMMANDS ========== OTM by OldTimer - Version 3.1.15.0 log created on 07272010_132910 ComboFix 10-07-26.04 - Dave 07/27/2010 13:37:47.1.1 - x86 NETWORK Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.895.634 [GMT -5:00] Running from: c:\users\Dave\Desktop\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Dave\AppData\Local\whfldfqyj c:\users\Dave\AppData\Local\whfldfqyj\otxyaxrtssd.exe c:\users\Dave\fiirad.exe . ((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 ))))))))))))))))))))))))))))))) . 2010-07-27 18:42 . 2010-07-27 18:42 -------- d-----w- c:\users\Dave\AppData\Local\temp 2010-07-27 18:42 . 2010-07-27 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-26 05:54 . 2010-07-26 05:54 -------- d-----w- c:\windows\Sun 2010-07-25 20:51 . 2010-07-25 20:51 -------- d-----w- c:\users\Dave\AppData\Local\Diagnostics 2010-07-25 20:11 . 2010-07-25 20:11 -------- d-----w- C:\_OTM 2010-07-25 17:05 . 2010-07-26 14:27 -------- d-----w- C:\HJT 2010-07-25 14:12 . 2010-07-25 14:12 -------- d-----w- c:\programdata\Panda Security 2010-07-25 14:12 . 2010-07-25 14:12 -------- d-----w- c:\program files\Panda USB Vaccine 2010-07-25 04:52 . 2010-07-25 04:52 -------- d-----w- c:\program files\ESET 2010-07-24 22:09 . 2010-07-24 22:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2010-07-17 08:02 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-07-17 08:02 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-07-17 08:02 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-07-17 08:02 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-07-17 08:02 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-07-17 06:33 . 2010-07-17 06:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-24 22:57 . 2010-02-16 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-24 22:10 . 2010-04-25 00:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2010-07-24 22:10 . 2010-04-25 00:46 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2010-07-24 22:09 . 2010-02-28 00:54 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-07-17 06:44 . 2010-02-21 05:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2010-07-17 06:33 . 2010-02-21 05:03 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2010-07-17 06:33 . 2010-02-21 05:01 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-07-17 06:33 . 2010-02-16 10:56 -------- d-----w- c:\users\Dave\AppData\Roaming\TeamViewer 2010-06-07 06:17 . 2010-06-07 06:17 -------- d-----w- c:\program files\Google 2010-05-28 23:39 . 2010-05-28 23:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_silabser_01009.Wdf 2010-05-27 07:24 . 2010-07-17 06:32 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-07-17 06:32 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 19:14 . 2010-02-15 09:57 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18 . 2010-07-17 06:32 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-09 09:14 . 2010-07-17 06:32 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-05-09 09:14 . 2010-07-17 06:32 417792 ----a-w- c:\windows\system32\msdri.dll 2010-05-01 14:49 . 2010-07-17 06:32 2326528 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 20:39 . 2010-02-16 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39 . 2010-02-16 02:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-2-15 3450608] Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408] R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-02 43520] R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-17 63488] R3 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328] R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 VSTHWATI;VSTHWATI;c:\windows\system32\DRIVERS\VSTATI3.SYS [2009-07-13 236032] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-26 1343400] R4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\pyt900rz.default\ FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-tvxxnvqw - c:\users\Dave\AppData\Local\whfldfqyj\otxyaxrtssd.exe HKLM-RunOnce-<NO NAME> - (no file) . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-07-27 13:44:41 ComboFix-quarantined-files.txt 2010-07-27 18:44 Pre-Run: 59,240,919,040 bytes free Post-Run: 59,526,373,376 bytes free - - End Of File - - 26AEEA3F81FDA740022E5C42075EA4C8
  13. Autorun Virus

    Well... Bad news. After scanning those files requested and during the kaspersky update "antivirus pro" popped up and then during the kaspersky scan lots of windows keep opening porn site stuff. So im still infected and its getting worse. I saved the kscan to desktop but it must be hidden or something cause I can't find it Also when I run HJT it only gives me the option to scan. I don't see anywhere to create the log file. So here are the file results - kaspersky was running along with antivirus pro and kaspersky only found one infection and it was the 1x.exe file we scanned. Thats what i saw when it finished. While I was scanning the files I noticed one more that had same tree logo so i included that. It was fiirad.exe Edit : I found kaspersky log (saved it as html instead of text ) Monday, July 26, 2010 Operating system: Microsoft Home Edition (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, July 26, 2010 01:23:35 Records in database: 4206437 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ Scan statistics Objects scanned 93430 Threats found 1 Infected objects found 1 Suspicious objects found 0 Scan duration 02:09:40 File name Threat Threats count C:\Users\Dave\1x.exe Infected: Trojan.Win32.VB.aine 1 Selected area has been scanned. File 1x.exe received on 2010.07.26 04:18:24 (UTC)Antivirus Version Last Update Result AhnLab-V3 2010.07.24.01 2010.07.23 - AntiVir 8.2.4.26 2010.07.25 - Antiy-AVL 2.0.3.7 2010.07.23 - Authentium 5.2.0.5 2010.07.25 - Avast 4.8.1351.0 2010.07.25 - Avast5 5.0.332.0 2010.07.25 - AVG 9.0.0.851 2010.07.25 - BitDefender 7.2 2010.07.26 - CAT-QuickHeal 11.00 2010.07.24 - ClamAV 0.96.0.3-git 2010.07.26 - Comodo 5539 2010.07.25 - DrWeb 5.0.2.03300 2010.07.26 Trojan.Inject.8986 Emsisoft 5.0.0.34 2010.07.26 - eSafe 7.0.17.0 2010.07.25 - eTrust-Vet 36.1.7737 2010.07.26 - F-Prot 4.6.1.107 2010.07.25 - F-Secure 9.0.15370.0 2010.07.26 - Fortinet 4.1.143.0 2010.07.24 - GData 21 2010.07.24 - Ikarus T3.1.1.84.0 2010.07.26 - Jiangmin 13.0.900 2010.07.25 - Kaspersky 7.0.0.125 2010.07.25 Trojan.Win32.VB.aine McAfee 5.400.0.1158 2010.07.26 - McAfee-GW-Edition 2010.1 2010.07.25 - Microsoft 1.6004 2010.07.25 - NOD32 5312 2010.07.26 - Norman 6.05.11 2010.07.25 - nProtect 2010-07-26.01 2010.07.26 - Panda 10.0.2.7 2010.07.26 Suspicious file PCTools 7.0.3.5 2010.07.26 - Prevx 3.0 2010.07.26 - Rising 22.57.03.08 2010.07.23 - Sophos 4.55.0 2010.07.25 - Sunbelt 6639 2010.07.26 - Symantec 20101.1.1.7 2010.07.26 - TheHacker 6.5.2.1.325 2010.07.26 - TrendMicro 9.120.0.1004 2010.07.26 - TrendMicro-HouseCall 9.120.0.1004 2010.07.26 - VBA32 3.12.12.6 2010.07.23 - ViRobot 2010.7.23.3956 2010.07.26 - VirusBuster 5.0.27.0 2010.07.25 Worm.VBNA.Gen.3 Additional information File size: 73728 bytes MD5...: 7d5358285f06c07cd111cd4f90c03989 SHA1..: e3ade9053d3787766c5bbec1614a7f6896e31fca SHA256: 567d1ed496741c780215d1d37f12bb07affdd4797cf504dfb0c096a6e93aeee8 ssdeep: 1536:kAOhugZazTgMtozeSXeLHecYlnYkfv1BK4EWHWcWjWdWAWxWWWBWLWSWLWM<BR>WAWzN:fOcNecYlnYkfv1BK4EWHWcWjWdWAWxWh<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1158<BR>timedatestamp.....: 0x4c4ab0a6 (Sat Jul 24 09:21:42 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x11064 0x11200 6.12 2f53dab8b9c3b7df5d3df10c69fb88d7<BR>.data 0x13000 0xcd8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x14000 0x894 0xa00 2.59 2178dad336cc508bc907a7fdf114c852<BR><BR>( 1 imports ) <BR>> MSVBVM60.DLL: -, -, -, MethCallEngine, -, -, -, -, -, -, -, EVENT_SINK_AddRef, -, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, ProcCallEngine, -, -, -, -, -, -, -, -, -, -, -<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 File osiy.exe received on 2010.07.26 04:27:59 (UTC)Antivirus Version Last Update Result AhnLab-V3 2010.07.24.01 2010.07.23 - AntiVir 8.2.4.26 2010.07.25 - Antiy-AVL 2.0.3.7 2010.07.23 - Authentium 5.2.0.5 2010.07.25 - Avast 4.8.1351.0 2010.07.25 - Avast5 5.0.332.0 2010.07.25 - AVG 9.0.0.851 2010.07.25 - BitDefender 7.2 2010.07.26 - CAT-QuickHeal 11.00 2010.07.24 - ClamAV 0.96.0.3-git 2010.07.26 - Comodo 5539 2010.07.25 - DrWeb 5.0.2.03300 2010.07.26 Win32.HLLW.Autoruner.25154 Emsisoft 5.0.0.34 2010.07.26 - eSafe 7.0.17.0 2010.07.25 - eTrust-Vet 36.1.7737 2010.07.26 - F-Prot 4.6.1.107 2010.07.25 - F-Secure 9.0.15370.0 2010.07.26 - Fortinet 4.1.143.0 2010.07.24 - GData 21 2010.07.24 - Ikarus T3.1.1.84.0 2010.07.26 - Jiangmin 13.0.900 2010.07.25 - Kaspersky 7.0.0.125 2010.07.25 - McAfee 5.400.0.1158 2010.07.26 - McAfee-GW-Edition 2010.1 2010.07.25 - Microsoft 1.6004 2010.07.25 - NOD32 5312 2010.07.26 - Norman 6.05.11 2010.07.25 - nProtect 2010-07-26.01 2010.07.26 - Panda 10.0.2.7 2010.07.26 W32/Vobfus.ES.worm PCTools 7.0.3.5 2010.07.26 - Prevx 3.0 2010.07.26 High Risk Cloaked Malware Rising 22.57.03.08 2010.07.23 - Sophos 4.55.0 2010.07.25 - Sunbelt 6639 2010.07.26 - SUPERAntiSpyware 4.40.0.1006 2010.07.25 - Symantec 20101.1.1.7 2010.07.26 - TheHacker 6.5.2.1.325 2010.07.26 Trojan/AutoRun.VB.rd TrendMicro 9.120.0.1004 2010.07.26 - TrendMicro-HouseCall 9.120.0.1004 2010.07.26 - VBA32 3.12.12.6 2010.07.23 - ViRobot 2010.7.23.3956 2010.07.26 - VirusBuster 5.0.27.0 2010.07.25 - Additional information File size: 372462 bytes MD5...: e85f27fc614e8547a6eeeafb258ec549 SHA1..: f7c675d58a847dd1389ebc8106594377ab812281 SHA256: df76ce3894fe79cb9226a61fc2c6255f525437f382caf48b9a48853242d2d9a6 ssdeep: 6144:lf796MRAjXvujSLdvvJUdWJ37aU7LMwflfMM0y8RsbxI+pcWT7bP9xbe5I0<BR>OJVST:Z79WjXvVjJ31fJlfMMHFFI+p3XbutMAT<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x14da6<BR>timedatestamp.....: 0x46a2c1e1 (Sun Jul 22 02:33:05 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x152c8 0x15400 6.53 614622e4762848a87131a09b6d207ef1<BR>.rdata 0x17000 0x3af4 0x3c00 4.51 cf0e5bba2b06e14bb69adda7e9b5d6ad<BR>.data 0x1b000 0x18cc 0x1400 4.49 e33b980b8ce14a20d7179454045ee20d<BR>.rsrc 0x1d000 0x803 0xa00 3.86 2496439a02275b5332cd34b708c932b0<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: Sleep, MultiByteToWideChar, WideCharToMultiByte, CompareFileTime, FindClose, FindFirstFileW, GetFileAttributesW, GetLastError, CreateDirectoryW, ExpandEnvironmentStringsW, lstrlenA, WriteFile, GetStdHandle, lstrcmpW, GetSystemTimeAsFileTime, lstrlenW, RemoveDirectoryW, FindNextFileW, DeleteFileW, VirtualAlloc, VirtualFree, GetACP, GetOEMCP, GetUserDefaultUILanguage, GetUserDefaultLCID, GetTempPathW, SetEnvironmentVariableW, SetCurrentDirectoryW, CloseHandle, lstrcmpiW, GetModuleFileNameW, CreateThread, GetVersionExW, CreateFileW, GetDriveTypeW, GetModuleHandleW, GetProcAddress, LoadLibraryA, MulDiv, GetSystemDirectoryW, TerminateThread, ResumeThread, SuspendThread, LocalFree, lstrcpyW, FormatMessageW, DeleteCriticalSection, GetFileSize, SetFilePointer, ReadFile, SetFileTime, SetEndOfFile, LeaveCriticalSection, EnterCriticalSection, WaitForMultipleObjects, CreateEventW, SetEvent, ResetEvent, InitializeCriticalSection, GetModuleHandleA, WaitForSingleObject, GetExitCodeThread, GetLocalTime, SystemTimeToFileTime, GetCommandLineW, SetFileAttributesW, GetStartupInfoA<BR>> USER32.dll: CharUpperW, GetWindowLongW, wsprintfW, wsprintfA, MessageBoxA, GetKeyState, SendMessageW, wvsprintfW, KillTimer, GetSystemMenu, EnableMenuItem, SetTimer, GetWindowTextW, DefWindowProcW, CallWindowProcW, GetWindowDC, DrawIconEx, MessageBeep, DialogBoxIndirectParamW, GetWindow, GetParent, GetClientRect, ClientToScreen, GetWindowTextLengthW, SetWindowPos, GetDC, DrawTextW, ReleaseDC, ShowWindow, GetWindowRect, ScreenToClient, LoadIconW, LoadImageW, SetWindowLongW, SetDlgItemTextW, SystemParametersInfoW, GetSystemMetrics, GetDlgItem, SetFocus, EndDialog, SetWindowTextW<BR>> GDI32.dll: DeleteObject, SelectObject, GetDeviceCaps, GetObjectW, CreateFontIndirectW<BR>> SHELL32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderPathW, SHGetFileInfoW<BR>> ole32.dll: CoCreateInstance, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> MSVCRT.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, __1type_info@@UAE@XZ, _onexit, __dllonexit, _except_handler3, _beginthreadex, _CxxThrowException, _purecall, memset, _wcsnicmp, malloc, free, _wtol, memcpy, memmove, memcmp, __CxxFrameHandler, __3@YAXPAX@Z, __2@YAPAXI@Z, _controlfp<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4</a> File teija.exe received on 2010.07.26 04:31:59 (UTC)Antivirus Version Last Update Result AhnLab-V3 2010.07.24.01 2010.07.23 - AntiVir 8.2.4.26 2010.07.25 - Antiy-AVL 2.0.3.7 2010.07.23 - Authentium 5.2.0.5 2010.07.25 - Avast 4.8.1351.0 2010.07.25 - Avast5 5.0.332.0 2010.07.25 - AVG 9.0.0.851 2010.07.25 - BitDefender 7.2 2010.07.26 - CAT-QuickHeal 11.00 2010.07.24 - ClamAV 0.96.0.3-git 2010.07.26 - Comodo 5539 2010.07.25 - DrWeb 5.0.2.03300 2010.07.26 Win32.HLLW.Autoruner.25154 Emsisoft 5.0.0.34 2010.07.26 - eSafe 7.0.17.0 2010.07.25 - eTrust-Vet 36.1.7737 2010.07.26 - F-Prot 4.6.1.107 2010.07.25 - F-Secure 9.0.15370.0 2010.07.26 - Fortinet 4.1.143.0 2010.07.24 - GData 21 2010.07.24 - Ikarus T3.1.1.84.0 2010.07.26 - Jiangmin 13.0.900 2010.07.25 - Kaspersky 7.0.0.125 2010.07.25 - McAfee 5.400.0.1158 2010.07.26 - McAfee-GW-Edition 2010.1 2010.07.25 - Microsoft 1.6004 2010.07.25 - NOD32 5312 2010.07.26 - Norman 6.05.11 2010.07.25 - nProtect 2010-07-26.01 2010.07.26 - Panda 10.0.2.7 2010.07.26 W32/Vobfus.ES.worm PCTools 7.0.3.5 2010.07.26 - Prevx 3.0 2010.07.26 High Risk Cloaked Malware Rising 22.57.03.08 2010.07.23 - Sophos 4.55.0 2010.07.25 - Sunbelt 6639 2010.07.26 - SUPERAntiSpyware 4.40.0.1006 2010.07.25 - Symantec 20101.1.1.7 2010.07.26 - TheHacker 6.5.2.1.325 2010.07.26 Trojan/AutoRun.VB.rd TrendMicro 9.120.0.1004 2010.07.26 - TrendMicro-HouseCall 9.120.0.1004 2010.07.26 - VBA32 3.12.12.6 2010.07.23 - ViRobot 2010.7.23.3956 2010.07.26 - VirusBuster 5.0.27.0 2010.07.25 - Additional information File size: 372462 bytes MD5...: e85f27fc614e8547a6eeeafb258ec549 SHA1..: f7c675d58a847dd1389ebc8106594377ab812281 SHA256: df76ce3894fe79cb9226a61fc2c6255f525437f382caf48b9a48853242d2d9a6 ssdeep: 6144:lf796MRAjXvujSLdvvJUdWJ37aU7LMwflfMM0y8RsbxI+pcWT7bP9xbe5I0<BR>OJVST:Z79WjXvVjJ31fJlfMMHFFI+p3XbutMAT<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x14da6<BR>timedatestamp.....: 0x46a2c1e1 (Sun Jul 22 02:33:05 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x152c8 0x15400 6.53 614622e4762848a87131a09b6d207ef1<BR>.rdata 0x17000 0x3af4 0x3c00 4.51 cf0e5bba2b06e14bb69adda7e9b5d6ad<BR>.data 0x1b000 0x18cc 0x1400 4.49 e33b980b8ce14a20d7179454045ee20d<BR>.rsrc 0x1d000 0x803 0xa00 3.86 2496439a02275b5332cd34b708c932b0<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: Sleep, MultiByteToWideChar, WideCharToMultiByte, CompareFileTime, FindClose, FindFirstFileW, GetFileAttributesW, GetLastError, CreateDirectoryW, ExpandEnvironmentStringsW, lstrlenA, WriteFile, GetStdHandle, lstrcmpW, GetSystemTimeAsFileTime, lstrlenW, RemoveDirectoryW, FindNextFileW, DeleteFileW, VirtualAlloc, VirtualFree, GetACP, GetOEMCP, GetUserDefaultUILanguage, GetUserDefaultLCID, GetTempPathW, SetEnvironmentVariableW, SetCurrentDirectoryW, CloseHandle, lstrcmpiW, GetModuleFileNameW, CreateThread, GetVersionExW, CreateFileW, GetDriveTypeW, GetModuleHandleW, GetProcAddress, LoadLibraryA, MulDiv, GetSystemDirectoryW, TerminateThread, ResumeThread, SuspendThread, LocalFree, lstrcpyW, FormatMessageW, DeleteCriticalSection, GetFileSize, SetFilePointer, ReadFile, SetFileTime, SetEndOfFile, LeaveCriticalSection, EnterCriticalSection, WaitForMultipleObjects, CreateEventW, SetEvent, ResetEvent, InitializeCriticalSection, GetModuleHandleA, WaitForSingleObject, GetExitCodeThread, GetLocalTime, SystemTimeToFileTime, GetCommandLineW, SetFileAttributesW, GetStartupInfoA<BR>> USER32.dll: CharUpperW, GetWindowLongW, wsprintfW, wsprintfA, MessageBoxA, GetKeyState, SendMessageW, wvsprintfW, KillTimer, GetSystemMenu, EnableMenuItem, SetTimer, GetWindowTextW, DefWindowProcW, CallWindowProcW, GetWindowDC, DrawIconEx, MessageBeep, DialogBoxIndirectParamW, GetWindow, GetParent, GetClientRect, ClientToScreen, GetWindowTextLengthW, SetWindowPos, GetDC, DrawTextW, ReleaseDC, ShowWindow, GetWindowRect, ScreenToClient, LoadIconW, LoadImageW, SetWindowLongW, SetDlgItemTextW, SystemParametersInfoW, GetSystemMetrics, GetDlgItem, SetFocus, EndDialog, SetWindowTextW<BR>> GDI32.dll: DeleteObject, SelectObject, GetDeviceCaps, GetObjectW, CreateFontIndirectW<BR>> SHELL32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderPathW, SHGetFileInfoW<BR>> ole32.dll: CoCreateInstance, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> MSVCRT.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, __1type_info@@UAE@XZ, _onexit, __dllonexit, _except_handler3, _beginthreadex, _CxxThrowException, _purecall, memset, _wcsnicmp, malloc, free, _wtol, memcpy, memmove, memcmp, __CxxFrameHandler, __3@YAXPAX@Z, __2@YAPAXI@Z, _controlfp<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4</a> File keiluf.exe received on 2010.07.26 04:26:18 (UTC)Antivirus Version Last Update Result AhnLab-V3 2010.07.24.01 2010.07.23 - AntiVir 8.2.4.26 2010.07.25 - Antiy-AVL 2.0.3.7 2010.07.23 - Authentium 5.2.0.5 2010.07.25 - Avast 4.8.1351.0 2010.07.25 - Avast5 5.0.332.0 2010.07.25 - AVG 9.0.0.851 2010.07.25 - BitDefender 7.2 2010.07.26 - CAT-QuickHeal 11.00 2010.07.24 - ClamAV 0.96.0.3-git 2010.07.26 - Comodo 5539 2010.07.25 - DrWeb 5.0.2.03300 2010.07.26 Win32.HLLW.Autoruner.25154 Emsisoft 5.0.0.34 2010.07.26 - eSafe 7.0.17.0 2010.07.25 - eTrust-Vet 36.1.7737 2010.07.26 - F-Prot 4.6.1.107 2010.07.25 - F-Secure 9.0.15370.0 2010.07.26 - Fortinet 4.1.143.0 2010.07.24 - GData 21 2010.07.24 - Ikarus T3.1.1.84.0 2010.07.26 - Jiangmin 13.0.900 2010.07.25 - Kaspersky 7.0.0.125 2010.07.25 - McAfee 5.400.0.1158 2010.07.26 - McAfee-GW-Edition 2010.1 2010.07.25 - Microsoft 1.6004 2010.07.25 - NOD32 5312 2010.07.26 - Norman 6.05.11 2010.07.25 - nProtect 2010-07-26.01 2010.07.26 - Panda 10.0.2.7 2010.07.26 W32/Vobfus.ES.worm PCTools 7.0.3.5 2010.07.26 - Prevx 3.0 2010.07.26 High Risk Cloaked Malware Rising 22.57.03.08 2010.07.23 - Sophos 4.55.0 2010.07.25 - Sunbelt 6639 2010.07.26 - SUPERAntiSpyware 4.40.0.1006 2010.07.25 - Symantec 20101.1.1.7 2010.07.26 - TheHacker 6.5.2.1.325 2010.07.26 Trojan/AutoRun.VB.rd TrendMicro 9.120.0.1004 2010.07.26 - TrendMicro-HouseCall 9.120.0.1004 2010.07.26 - VBA32 3.12.12.6 2010.07.23 - ViRobot 2010.7.23.3956 2010.07.26 - VirusBuster 5.0.27.0 2010.07.25 - Additional information File size: 372462 bytes MD5...: e85f27fc614e8547a6eeeafb258ec549 SHA1..: f7c675d58a847dd1389ebc8106594377ab812281 SHA256: df76ce3894fe79cb9226a61fc2c6255f525437f382caf48b9a48853242d2d9a6 ssdeep: 6144:lf796MRAjXvujSLdvvJUdWJ37aU7LMwflfMM0y8RsbxI+pcWT7bP9xbe5I0<BR>OJVST:Z79WjXvVjJ31fJlfMMHFFI+p3XbutMAT<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x14da6<BR>timedatestamp.....: 0x46a2c1e1 (Sun Jul 22 02:33:05 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x152c8 0x15400 6.53 614622e4762848a87131a09b6d207ef1<BR>.rdata 0x17000 0x3af4 0x3c00 4.51 cf0e5bba2b06e14bb69adda7e9b5d6ad<BR>.data 0x1b000 0x18cc 0x1400 4.49 e33b980b8ce14a20d7179454045ee20d<BR>.rsrc 0x1d000 0x803 0xa00 3.86 2496439a02275b5332cd34b708c932b0<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: Sleep, MultiByteToWideChar, WideCharToMultiByte, CompareFileTime, FindClose, FindFirstFileW, GetFileAttributesW, GetLastError, CreateDirectoryW, ExpandEnvironmentStringsW, lstrlenA, WriteFile, GetStdHandle, lstrcmpW, GetSystemTimeAsFileTime, lstrlenW, RemoveDirectoryW, FindNextFileW, DeleteFileW, VirtualAlloc, VirtualFree, GetACP, GetOEMCP, GetUserDefaultUILanguage, GetUserDefaultLCID, GetTempPathW, SetEnvironmentVariableW, SetCurrentDirectoryW, CloseHandle, lstrcmpiW, GetModuleFileNameW, CreateThread, GetVersionExW, CreateFileW, GetDriveTypeW, GetModuleHandleW, GetProcAddress, LoadLibraryA, MulDiv, GetSystemDirectoryW, TerminateThread, ResumeThread, SuspendThread, LocalFree, lstrcpyW, FormatMessageW, DeleteCriticalSection, GetFileSize, SetFilePointer, ReadFile, SetFileTime, SetEndOfFile, LeaveCriticalSection, EnterCriticalSection, WaitForMultipleObjects, CreateEventW, SetEvent, ResetEvent, InitializeCriticalSection, GetModuleHandleA, WaitForSingleObject, GetExitCodeThread, GetLocalTime, SystemTimeToFileTime, GetCommandLineW, SetFileAttributesW, GetStartupInfoA<BR>> USER32.dll: CharUpperW, GetWindowLongW, wsprintfW, wsprintfA, MessageBoxA, GetKeyState, SendMessageW, wvsprintfW, KillTimer, GetSystemMenu, EnableMenuItem, SetTimer, GetWindowTextW, DefWindowProcW, CallWindowProcW, GetWindowDC, DrawIconEx, MessageBeep, DialogBoxIndirectParamW, GetWindow, GetParent, GetClientRect, ClientToScreen, GetWindowTextLengthW, SetWindowPos, GetDC, DrawTextW, ReleaseDC, ShowWindow, GetWindowRect, ScreenToClient, LoadIconW, LoadImageW, SetWindowLongW, SetDlgItemTextW, SystemParametersInfoW, GetSystemMetrics, GetDlgItem, SetFocus, EndDialog, SetWindowTextW<BR>> GDI32.dll: DeleteObject, SelectObject, GetDeviceCaps, GetObjectW, CreateFontIndirectW<BR>> SHELL32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderPathW, SHGetFileInfoW<BR>> ole32.dll: CoCreateInstance, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> MSVCRT.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, __1type_info@@UAE@XZ, _onexit, __dllonexit, _except_handler3, _beginthreadex, _CxxThrowException, _purecall, memset, _wcsnicmp, malloc, free, _wtol, memcpy, memmove, memcmp, __CxxFrameHandler, __3@YAXPAX@Z, __2@YAPAXI@Z, _controlfp<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4</a> sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> File ceixen.exe received on 2010.07.26 04:21:12 (UTC)Antivirus Version Last Update Result AhnLab-V3 2010.07.24.01 2010.07.23 - AntiVir 8.2.4.26 2010.07.25 - Antiy-AVL 2.0.3.7 2010.07.23 - Authentium 5.2.0.5 2010.07.25 - Avast 4.8.1351.0 2010.07.25 - Avast5 5.0.332.0 2010.07.25 - AVG 9.0.0.851 2010.07.25 - BitDefender 7.2 2010.07.26 - CAT-QuickHeal 11.00 2010.07.24 - ClamAV 0.96.0.3-git 2010.07.26 - Comodo 5539 2010.07.25 - DrWeb 5.0.2.03300 2010.07.26 Win32.HLLW.Autoruner.25154 Emsisoft 5.0.0.34 2010.07.26 - eSafe 7.0.17.0 2010.07.25 - eTrust-Vet 36.1.7737 2010.07.26 - F-Prot 4.6.1.107 2010.07.25 - F-Secure 9.0.15370.0 2010.07.26 - Fortinet 4.1.143.0 2010.07.24 - GData 21 2010.07.24 - Ikarus T3.1.1.84.0 2010.07.26 - Jiangmin 13.0.900 2010.07.25 - Kaspersky 7.0.0.125 2010.07.25 - McAfee 5.400.0.1158 2010.07.26 - McAfee-GW-Edition 2010.1 2010.07.25 - Microsoft 1.6004 2010.07.25 - NOD32 5312 2010.07.26 - Norman 6.05.11 2010.07.25 - nProtect 2010-07-26.01 2010.07.26 - Panda 10.0.2.7 2010.07.26 W32/Vobfus.ES.worm PCTools 7.0.3.5 2010.07.26 - Prevx 3.0 2010.07.26 High Risk Cloaked Malware Rising 22.57.03.08 2010.07.23 - Sophos 4.55.0 2010.07.25 - Sunbelt 6639 2010.07.26 - SUPERAntiSpyware 4.40.0.1006 2010.07.25 - Symantec 20101.1.1.7 2010.07.26 - TheHacker 6.5.2.1.325 2010.07.26 Trojan/AutoRun.VB.rd TrendMicro 9.120.0.1004 2010.07.26 - TrendMicro-HouseCall 9.120.0.1004 2010.07.26 - VBA32 3.12.12.6 2010.07.23 - ViRobot 2010.7.23.3956 2010.07.26 - VirusBuster 5.0.27.0 2010.07.25 - Additional information File size: 372462 bytes MD5...: e85f27fc614e8547a6eeeafb258ec549 SHA1..: f7c675d58a847dd1389ebc8106594377ab812281 SHA256: df76ce3894fe79cb9226a61fc2c6255f525437f382caf48b9a48853242d2d9a6 ssdeep: 6144:lf796MRAjXvujSLdvvJUdWJ37aU7LMwflfMM0y8RsbxI+pcWT7bP9xbe5I0<BR>OJVST:Z79WjXvVjJ31fJlfMMHFFI+p3XbutMAT<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x14da6<BR>timedatestamp.....: 0x46a2c1e1 (Sun Jul 22 02:33:05 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x152c8 0x15400 6.53 614622e4762848a87131a09b6d207ef1<BR>.rdata 0x17000 0x3af4 0x3c00 4.51 cf0e5bba2b06e14bb69adda7e9b5d6ad<BR>.data 0x1b000 0x18cc 0x1400 4.49 e33b980b8ce14a20d7179454045ee20d<BR>.rsrc 0x1d000 0x803 0xa00 3.86 2496439a02275b5332cd34b708c932b0<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: Sleep, MultiByteToWideChar, WideCharToMultiByte, CompareFileTime, FindClose, FindFirstFileW, GetFileAttributesW, GetLastError, CreateDirectoryW, ExpandEnvironmentStringsW, lstrlenA, WriteFile, GetStdHandle, lstrcmpW, GetSystemTimeAsFileTime, lstrlenW, RemoveDirectoryW, FindNextFileW, DeleteFileW, VirtualAlloc, VirtualFree, GetACP, GetOEMCP, GetUserDefaultUILanguage, GetUserDefaultLCID, GetTempPathW, SetEnvironmentVariableW, SetCurrentDirectoryW, CloseHandle, lstrcmpiW, GetModuleFileNameW, CreateThread, GetVersionExW, CreateFileW, GetDriveTypeW, GetModuleHandleW, GetProcAddress, LoadLibraryA, MulDiv, GetSystemDirectoryW, TerminateThread, ResumeThread, SuspendThread, LocalFree, lstrcpyW, FormatMessageW, DeleteCriticalSection, GetFileSize, SetFilePointer, ReadFile, SetFileTime, SetEndOfFile, LeaveCriticalSection, EnterCriticalSection, WaitForMultipleObjects, CreateEventW, SetEvent, ResetEvent, InitializeCriticalSection, GetModuleHandleA, WaitForSingleObject, GetExitCodeThread, GetLocalTime, SystemTimeToFileTime, GetCommandLineW, SetFileAttributesW, GetStartupInfoA<BR>> USER32.dll: CharUpperW, GetWindowLongW, wsprintfW, wsprintfA, MessageBoxA, GetKeyState, SendMessageW, wvsprintfW, KillTimer, GetSystemMenu, EnableMenuItem, SetTimer, GetWindowTextW, DefWindowProcW, CallWindowProcW, GetWindowDC, DrawIconEx, MessageBeep, DialogBoxIndirectParamW, GetWindow, GetParent, GetClientRect, ClientToScreen, GetWindowTextLengthW, SetWindowPos, GetDC, DrawTextW, ReleaseDC, ShowWindow, GetWindowRect, ScreenToClient, LoadIconW, LoadImageW, SetWindowLongW, SetDlgItemTextW, SystemParametersInfoW, GetSystemMetrics, GetDlgItem, SetFocus, EndDialog, SetWindowTextW<BR>> GDI32.dll: DeleteObject, SelectObject, GetDeviceCaps, GetObjectW, CreateFontIndirectW<BR>> SHELL32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderPathW, SHGetFileInfoW<BR>> ole32.dll: CoCreateInstance, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> MSVCRT.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, __1type_info@@UAE@XZ, _onexit, __dllonexit, _except_handler3, _beginthreadex, _CxxThrowException, _purecall, memset, _wcsnicmp, malloc, free, _wtol, memcpy, memmove, memcmp, __CxxFrameHandler, __3@YAXPAX@Z, __2@YAPAXI@Z, _controlfp<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4</a> File fiirad.exe received on 2010.07.26 04:23:24 (UTC)Antivirus Version Last Update Result AhnLab-V3 2010.07.24.01 2010.07.23 - AntiVir 8.2.4.26 2010.07.25 - Antiy-AVL 2.0.3.7 2010.07.23 - Authentium 5.2.0.5 2010.07.25 - Avast 4.8.1351.0 2010.07.25 - Avast5 5.0.332.0 2010.07.25 - AVG 9.0.0.851 2010.07.25 - BitDefender 7.2 2010.07.26 - CAT-QuickHeal 11.00 2010.07.24 - ClamAV 0.96.0.3-git 2010.07.26 - Comodo 5539 2010.07.25 - DrWeb 5.0.2.03300 2010.07.26 Win32.HLLW.Autoruner.25154 Emsisoft 5.0.0.34 2010.07.26 - eSafe 7.0.17.0 2010.07.25 - eTrust-Vet 36.1.7737 2010.07.26 - F-Prot 4.6.1.107 2010.07.25 - F-Secure 9.0.15370.0 2010.07.26 - Fortinet 4.1.143.0 2010.07.24 - GData 21 2010.07.24 - Ikarus T3.1.1.84.0 2010.07.26 - Jiangmin 13.0.900 2010.07.25 - Kaspersky 7.0.0.125 2010.07.25 - McAfee 5.400.0.1158 2010.07.26 - McAfee-GW-Edition 2010.1 2010.07.25 - Microsoft 1.6004 2010.07.25 - NOD32 5312 2010.07.26 - Norman 6.05.11 2010.07.25 - nProtect 2010-07-26.01 2010.07.26 - Panda 10.0.2.7 2010.07.26 W32/Vobfus.ES.worm PCTools 7.0.3.5 2010.07.26 - Prevx 3.0 2010.07.26 High Risk Cloaked Malware Rising 22.57.03.08 2010.07.23 - Sophos 4.55.0 2010.07.25 - Sunbelt 6639 2010.07.26 - SUPERAntiSpyware 4.40.0.1006 2010.07.25 - Symantec 20101.1.1.7 2010.07.26 - TheHacker 6.5.2.1.325 2010.07.26 Trojan/AutoRun.VB.rd TrendMicro 9.120.0.1004 2010.07.26 - TrendMicro-HouseCall 9.120.0.1004 2010.07.26 - VBA32 3.12.12.6 2010.07.23 - ViRobot 2010.7.23.3956 2010.07.26 - VirusBuster 5.0.27.0 2010.07.25 - Additional information File size: 372462 bytes MD5...: e85f27fc614e8547a6eeeafb258ec549 SHA1..: f7c675d58a847dd1389ebc8106594377ab812281 SHA256: df76ce3894fe79cb9226a61fc2c6255f525437f382caf48b9a48853242d2d9a6 ssdeep: 6144:lf796MRAjXvujSLdvvJUdWJ37aU7LMwflfMM0y8RsbxI+pcWT7bP9xbe5I0<BR>OJVST:Z79WjXvVjJ31fJlfMMHFFI+p3XbutMAT<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x14da6<BR>timedatestamp.....: 0x46a2c1e1 (Sun Jul 22 02:33:05 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x152c8 0x15400 6.53 614622e4762848a87131a09b6d207ef1<BR>.rdata 0x17000 0x3af4 0x3c00 4.51 cf0e5bba2b06e14bb69adda7e9b5d6ad<BR>.data 0x1b000 0x18cc 0x1400 4.49 e33b980b8ce14a20d7179454045ee20d<BR>.rsrc 0x1d000 0x803 0xa00 3.86 2496439a02275b5332cd34b708c932b0<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: Sleep, MultiByteToWideChar, WideCharToMultiByte, CompareFileTime, FindClose, FindFirstFileW, GetFileAttributesW, GetLastError, CreateDirectoryW, ExpandEnvironmentStringsW, lstrlenA, WriteFile, GetStdHandle, lstrcmpW, GetSystemTimeAsFileTime, lstrlenW, RemoveDirectoryW, FindNextFileW, DeleteFileW, VirtualAlloc, VirtualFree, GetACP, GetOEMCP, GetUserDefaultUILanguage, GetUserDefaultLCID, GetTempPathW, SetEnvironmentVariableW, SetCurrentDirectoryW, CloseHandle, lstrcmpiW, GetModuleFileNameW, CreateThread, GetVersionExW, CreateFileW, GetDriveTypeW, GetModuleHandleW, GetProcAddress, LoadLibraryA, MulDiv, GetSystemDirectoryW, TerminateThread, ResumeThread, SuspendThread, LocalFree, lstrcpyW, FormatMessageW, DeleteCriticalSection, GetFileSize, SetFilePointer, ReadFile, SetFileTime, SetEndOfFile, LeaveCriticalSection, EnterCriticalSection, WaitForMultipleObjects, CreateEventW, SetEvent, ResetEvent, InitializeCriticalSection, GetModuleHandleA, WaitForSingleObject, GetExitCodeThread, GetLocalTime, SystemTimeToFileTime, GetCommandLineW, SetFileAttributesW, GetStartupInfoA<BR>> USER32.dll: CharUpperW, GetWindowLongW, wsprintfW, wsprintfA, MessageBoxA, GetKeyState, SendMessageW, wvsprintfW, KillTimer, GetSystemMenu, EnableMenuItem, SetTimer, GetWindowTextW, DefWindowProcW, CallWindowProcW, GetWindowDC, DrawIconEx, MessageBeep, DialogBoxIndirectParamW, GetWindow, GetParent, GetClientRect, ClientToScreen, GetWindowTextLengthW, SetWindowPos, GetDC, DrawTextW, ReleaseDC, ShowWindow, GetWindowRect, ScreenToClient, LoadIconW, LoadImageW, SetWindowLongW, SetDlgItemTextW, SystemParametersInfoW, GetSystemMetrics, GetDlgItem, SetFocus, EndDialog, SetWindowTextW<BR>> GDI32.dll: DeleteObject, SelectObject, GetDeviceCaps, GetObjectW, CreateFontIndirectW<BR>> SHELL32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderPathW, SHGetFileInfoW<BR>> ole32.dll: CoCreateInstance, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> MSVCRT.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, __1type_info@@UAE@XZ, _onexit, __dllonexit, _except_handler3, _beginthreadex, _CxxThrowException, _purecall, memset, _wcsnicmp, malloc, free, _wtol, memcpy, memmove, memcmp, __CxxFrameHandler, __3@YAXPAX@Z, __2@YAPAXI@Z, _controlfp<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4</a> File ptix.exe received on 2010.07.26 04:29:55 (UTC)Antivirus Version Last Update Result AhnLab-V3 2010.07.24.01 2010.07.23 - AntiVir 8.2.4.26 2010.07.25 - Antiy-AVL 2.0.3.7 2010.07.23 - Authentium 5.2.0.5 2010.07.25 - Avast 4.8.1351.0 2010.07.25 - Avast5 5.0.332.0 2010.07.25 - AVG 9.0.0.851 2010.07.25 - BitDefender 7.2 2010.07.26 - CAT-QuickHeal 11.00 2010.07.24 - ClamAV 0.96.0.3-git 2010.07.26 - Comodo 5539 2010.07.25 - DrWeb 5.0.2.03300 2010.07.26 Win32.HLLW.Autoruner.25154 Emsisoft 5.0.0.34 2010.07.26 - eSafe 7.0.17.0 2010.07.25 - eTrust-Vet 36.1.7737 2010.07.26 - F-Prot 4.6.1.107 2010.07.25 - F-Secure 9.0.15370.0 2010.07.26 - Fortinet 4.1.143.0 2010.07.24 - GData 21 2010.07.24 - Ikarus T3.1.1.84.0 2010.07.26 - Jiangmin 13.0.900 2010.07.25 - Kaspersky 7.0.0.125 2010.07.25 - McAfee 5.400.0.1158 2010.07.26 - McAfee-GW-Edition 2010.1 2010.07.25 - Microsoft 1.6004 2010.07.25 - NOD32 5312 2010.07.26 - Norman 6.05.11 2010.07.25 - nProtect 2010-07-26.01 2010.07.26 - Panda 10.0.2.7 2010.07.26 W32/Vobfus.ES.worm PCTools 7.0.3.5 2010.07.26 - Prevx 3.0 2010.07.26 High Risk Cloaked Malware Rising 22.57.03.08 2010.07.23 - Sophos 4.55.0 2010.07.25 - Sunbelt 6639 2010.07.26 - SUPERAntiSpyware 4.40.0.1006 2010.07.25 - Symantec 20101.1.1.7 2010.07.26 - TheHacker 6.5.2.1.325 2010.07.26 Trojan/AutoRun.VB.rd TrendMicro 9.120.0.1004 2010.07.26 - TrendMicro-HouseCall 9.120.0.1004 2010.07.26 - VBA32 3.12.12.6 2010.07.23 - ViRobot 2010.7.23.3956 2010.07.26 - VirusBuster 5.0.27.0 2010.07.25 - Additional information File size: 372462 bytes MD5...: e85f27fc614e8547a6eeeafb258ec549 SHA1..: f7c675d58a847dd1389ebc8106594377ab812281 SHA256: df76ce3894fe79cb9226a61fc2c6255f525437f382caf48b9a48853242d2d9a6 ssdeep: 6144:lf796MRAjXvujSLdvvJUdWJ37aU7LMwflfMM0y8RsbxI+pcWT7bP9xbe5I0<BR>OJVST:Z79WjXvVjJ31fJlfMMHFFI+p3XbutMAT<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x14da6<BR>timedatestamp.....: 0x46a2c1e1 (Sun Jul 22 02:33:05 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x152c8 0x15400 6.53 614622e4762848a87131a09b6d207ef1<BR>.rdata 0x17000 0x3af4 0x3c00 4.51 cf0e5bba2b06e14bb69adda7e9b5d6ad<BR>.data 0x1b000 0x18cc 0x1400 4.49 e33b980b8ce14a20d7179454045ee20d<BR>.rsrc 0x1d000 0x803 0xa00 3.86 2496439a02275b5332cd34b708c932b0<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: Sleep, MultiByteToWideChar, WideCharToMultiByte, CompareFileTime, FindClose, FindFirstFileW, GetFileAttributesW, GetLastError, CreateDirectoryW, ExpandEnvironmentStringsW, lstrlenA, WriteFile, GetStdHandle, lstrcmpW, GetSystemTimeAsFileTime, lstrlenW, RemoveDirectoryW, FindNextFileW, DeleteFileW, VirtualAlloc, VirtualFree, GetACP, GetOEMCP, GetUserDefaultUILanguage, GetUserDefaultLCID, GetTempPathW, SetEnvironmentVariableW, SetCurrentDirectoryW, CloseHandle, lstrcmpiW, GetModuleFileNameW, CreateThread, GetVersionExW, CreateFileW, GetDriveTypeW, GetModuleHandleW, GetProcAddress, LoadLibraryA, MulDiv, GetSystemDirectoryW, TerminateThread, ResumeThread, SuspendThread, LocalFree, lstrcpyW, FormatMessageW, DeleteCriticalSection, GetFileSize, SetFilePointer, ReadFile, SetFileTime, SetEndOfFile, LeaveCriticalSection, EnterCriticalSection, WaitForMultipleObjects, CreateEventW, SetEvent, ResetEvent, InitializeCriticalSection, GetModuleHandleA, WaitForSingleObject, GetExitCodeThread, GetLocalTime, SystemTimeToFileTime, GetCommandLineW, SetFileAttributesW, GetStartupInfoA<BR>> USER32.dll: CharUpperW, GetWindowLongW, wsprintfW, wsprintfA, MessageBoxA, GetKeyState, SendMessageW, wvsprintfW, KillTimer, GetSystemMenu, EnableMenuItem, SetTimer, GetWindowTextW, DefWindowProcW, CallWindowProcW, GetWindowDC, DrawIconEx, MessageBeep, DialogBoxIndirectParamW, GetWindow, GetParent, GetClientRect, ClientToScreen, GetWindowTextLengthW, SetWindowPos, GetDC, DrawTextW, ReleaseDC, ShowWindow, GetWindowRect, ScreenToClient, LoadIconW, LoadImageW, SetWindowLongW, SetDlgItemTextW, SystemParametersInfoW, GetSystemMetrics, GetDlgItem, SetFocus, EndDialog, SetWindowTextW<BR>> GDI32.dll: DeleteObject, SelectObject, GetDeviceCaps, GetObjectW, CreateFontIndirectW<BR>> SHELL32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, ShellExecuteExW, SHGetSpecialFolderPathW, SHGetFileInfoW<BR>> ole32.dll: CoCreateInstance, CoInitialize<BR>> OLEAUT32.dll: -, -<BR>> MSVCRT.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, __1type_info@@UAE@XZ, _onexit, __dllonexit, _except_handler3, _beginthreadex, _CxxThrowException, _purecall, memset, _wcsnicmp, malloc, free, _wtol, memcpy, memmove, memcmp, __CxxFrameHandler, __3@YAXPAX@Z, __2@YAPAXI@Z, _controlfp<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=73C76FBAEE3AD76EAE0405FC3BF9010092817EE4</a> File 0ccb1a8b.exe received on 2010.07.26 04:06:10 (UTC)Antivirus Version Last Update Result AhnLab-V3 2010.07.24.01 2010.07.23 - AntiVir 8.2.4.26 2010.07.25 - Antiy-AVL 2.0.3.7 2010.07.23 - Authentium 5.2.0.5 2010.07.25 - Avast 4.8.1351.0 2010.07.25 - Avast5 5.0.332.0 2010.07.25 - AVG 9.0.0.851 2010.07.25 - BitDefender 7.2 2010.07.26 - CAT-QuickHeal 11.00 2010.07.24 - ClamAV 0.96.0.3-git 2010.07.26 - Comodo 5539 2010.07.25 Heur.Packed.Unknown DrWeb 5.0.2.03300 2010.07.26 Trojan.PWS.IpDiscover.19 Emsisoft 5.0.0.34 2010.07.26 - eSafe 7.0.17.0 2010.07.25 - eTrust-Vet 36.1.7737 2010.07.26 - F-Prot 4.6.1.107 2010.07.25 - F-Secure 9.0.15370.0 2010.07.26 - Fortinet 4.1.143.0 2010.07.24 - GData 21 2010.07.24 - Ikarus T3.1.1.84.0 2010.07.26 - Jiangmin 13.0.900 2010.07.25 - Kaspersky 7.0.0.125 2010.07.25 - McAfee 5.400.0.1158 2010.07.26 - McAfee-GW-Edition 2010.1 2010.07.25 - Microsoft 1.6004 2010.07.25 - NOD32 5312 2010.07.26 - Norman 6.05.11 2010.07.25 - nProtect 2010-07-26.01 2010.07.26 - Panda 10.0.2.7 2010.07.26 - PCTools 7.0.3.5 2010.07.26 - Prevx 3.0 2010.07.26 Medium Risk Malware Rising 22.57.03.08 2010.07.23 - Sophos 4.55.0 2010.07.25 Sus/UnkPack-C Sunbelt 6639 2010.07.26 Win32.Malware!Drop SUPERAntiSpyware 4.40.0.1006 2010.07.25 Trojan.Agent/Gen-FakeAV Symantec 20101.1.1.7 2010.07.26 - TheHacker 6.5.2.1.325 2010.07.26 - TrendMicro 9.120.0.1004 2010.07.26 - TrendMicro-HouseCall 9.120.0.1004 2010.07.26 - VBA32 3.12.12.6 2010.07.23 - ViRobot 2010.7.23.3956 2010.07.25 - VirusBuster 5.0.27.0 2010.07.25 - Additional information File size: 46592 bytes MD5...: 06c7af4d2842913a9a4dab9000aaacbb SHA1..: 782c7d9d80b527ac5f416c2f60140e232091b9cb SHA256: 74ab185a0d86044fa0703b0287cc4f4601db627312f209904801ceff1db97ac2 ssdeep: 768:vDwISmSNUpThWyJzSNlsD0hP1PD7eyPQ+0STPv/FgtKyAT7a+WGrM:EISmSQ<BR>TSNl80hP5CaQDkv/KEeX<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1000<BR>timedatestamp.....: 0x422eef1b (Wed Mar 09 12:42:03 2005)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1000 0x800 6.58 48512423bc9224ef071b9b48361e4091<BR>.rdata 0x2000 0x10000 0xa800 6.95 104f89e6373a61f0772381f4be397ed1<BR>.rsrc 0x12000 0x1000 0x400 2.49 844d44775d17f2ee057b7814342eb0bc<BR><BR>( 1 imports ) <BR>> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- sigcheck:<BR>publisher....: n/a<BR>copyright....: Copyright © 2010<BR>product......: Application<BR>description..: Application<BR>original name: Application.exe<BR>internal name: Application<BR>file version.: 1, 0, 0, 1<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 pdfid.: - <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=3F2E3C8900BFE994B64E00904FBFCA0034A69449' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=3F2E3C8900BFE994B64E00904FBFCA0034A69449</a>
  14. Autorun Virus

    Opps sorry! I can't get it to paste in there same as you have it. I copied it line by line hope it worked right. If not sorry for the delay. All processes killed ========== FILES ========== C:\Users\Dave\AppData\Local\Temp\Gxd.exe moved successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"XA5RJ9EADJ"|-:Commands /E :invalid edit format. Invalid data type. OTM by OldTimer - Version 3.1.15.0 log created on 07252010_200033 DDS (Ver_10-03-17.01) - NTFSx86 Run by Dave at 20:16:47.21 on Sun 07/25/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.895.414 [GMT -5:00] SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Users\Dave\AppData\Local\Temp\Gxc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Dave\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [XA5RJ9EADJ] c:\users\dave\appdata\local\temp\Gxd.exe StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\pyt900rz.default\ FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-15 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-15 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-15 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-15 56816] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 VSTHWATI;VSTHWATI;c:\windows\system32\drivers\VSTATI3.SYS [2009-7-13 236032] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408] S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2010-2-2 43520] S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2010-2-16 63488] S3 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-25 1343400] =============== Created Last 30 ================ 2010-07-25 20:11:22 0 d-----w- C:\_OTM 2010-07-25 17:05:01 0 d-----w- C:\HJT 2010-07-25 15:10:25 73728 ----a-w- c:\users\dave\1x.exe 2010-07-25 15:10:24 372462 ----a-w- c:\users\dave\ceixen.exe 2010-07-25 15:00:26 372462 ----a-w- c:\users\dave\osiy.exe 2010-07-25 14:12:44 0 d-----w- c:\programdata\Panda Security 2010-07-25 14:12:36 0 d-----w- c:\program files\Panda USB Vaccine 2010-07-25 04:52:47 0 d-----w- c:\program files\ESET 2010-07-25 04:31:09 372462 ----a-w- c:\users\dave\keiluf.exe 2010-07-24 23:24:51 372462 ----a-w- c:\users\dave\ptix.exe 2010-07-24 23:16:02 372462 ----a-w- c:\users\dave\teija.exe 2010-07-24 22:35:31 46592 ----a-w- c:\users\dave\appdata\roaming\0ccb1a8b.exe 2010-07-24 22:35:19 372462 ----a-w- c:\users\dave\fiirad.exe 2010-07-17 08:02:51 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-07-17 08:02:51 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-07-17 08:02:51 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-07-17 08:02:51 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-07-17 08:02:51 1130824 ----a-w- c:\windows\system32\dfshim.dll ==================== Find3M ==================== 2010-05-28 23:39:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_silabser_01009.Wdf 2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll 2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-02-15 10:10:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-02-15 10:14:04 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 20:17:35.19 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/15/2010 3:51:24 AM System Uptime: 7/25/2010 8:01:10 PM (0 hours ago) Motherboard: Quanta | | 3093 Processor: AMD Turion 64 Mobile Technology ML-34 | U23 | 1800/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 112 GiB total, 55.128 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: Description: Mass Storage Controller Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3091103C&REV_00\4&13826118&0&4BA4 Manufacturer: Name: Mass Storage Controller PNP Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3091103C&REV_00\4&13826118&0&4BA4 Service: ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 Lite AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Apple Application Support Apple Mobile Device Support Apple Software Update Auslogics Disk Defrag Avanquest update Avira AntiVir Personal - Free Antivirus BufferChm Check Designer Compatibility Pack for the 2007 Office system Conexant AC-Link Audio Copy Destinations DeviceDiscovery DocProc DriveImage XML (Private Edition) ESET Online Scanner v3 F300 F300_Help F300Trb Fax Google SketchUp 7 GPBaseService2 HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply ImgBurn iTunes Java Auto Updater Java 6 Update 18 Malwarebytes' Anti-Malware MarketResearch Microsoft Office XP Professional with FrontPage Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XML Parser Mozilla Firefox (3.6) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyCheckBook neroxml Network Newsflash ObjectDock OCR Software by I.R.I.S. 13.0 Panda USB Vaccine 1.0.1.4 QuickTime Scan Shop for HP Supplies SkyCaddie Desktop SmartWebPrinting SolutionCenter Status SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver TeamViewer 5 Toolbox TrayApp UnloadSupport VCRedistSetup WebReg WinPatrol 2009 WinRAR archiver Yahoo! Install Manager Yahoo! Toolbar Yahoo! Widgets ==== Event Viewer Messages From Past Week ======== 7/25/2010 8:48:12 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 7/24/2010 7:18:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/24/2010 7:04:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/24/2010 7:04:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/24/2010 7:04:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/24/2010 7:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/24/2010 7:04:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/24/2010 7:04:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb cdrom discache SASDIFSV SASKUTIL spldr ssmdrv Wanarpv6 7/24/2010 6:00:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 6:00:03 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 5:52:08 PM, Error: Disk [11] - The driver detected a controller error on \...\DR2. 7/24/2010 11:28:46 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 10:43:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 7/24/2010 10:33:03 PM, Error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s). 7/24/2010 10:32:38 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==== End Of File ===========================
  15. Autorun Virus

    Thanks for the help! Here are the requests All processes killed Error: Unable to interpret <:FilesC:\Users\Dave\AppData\Local\Temp\Gxd.exe:reg[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"XA5RJ9EADJ"=-:Commands[purity][resethosts][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context! OTM by OldTimer - Version 3.1.15.0 log created on 07252010_151122 DDS (Ver_10-03-17.01) - NTFSx86 Run by Dave at 15:16:04.01 on Sun 07/25/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.895.372 [GMT -5:00] SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Dave\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files \yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo! \companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files \java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo! \companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion \installs\cpn\yt.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup \stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo! ~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files \superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\pyt900rz.default\ FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpNeoLogger.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpSaturn.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpSeymour.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpSmartWebPrinting.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpSWPOperation.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpXPLogging.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpXPMTC.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpXPMTL.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components \hpXREStub.dll FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins \nphpclipbook.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox \extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref ("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref ("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref ("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref ("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474 -a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474 -a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref ("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref ("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref ("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref ("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref ("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-15 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-15 56816] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 VSTHWATI;VSTHWATI;c:\windows\system32\drivers\VSTATI3.SYS [2009-7-13 236032] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers \b57nd60x.sys [2009-7-13 229888] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408] S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows \system32\drivers\silabenm.sys [2010-2-2 43520] S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers \silabser.sys [2010-2-16 63488] S3 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2- 11 172328] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-25 1343400] S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop \sched.exe [2010-2-15 108289] S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2 -15 185089] =============== Created Last 30 ================ 2010-07-25 20:11:22 0 d-----w- C:\_OTM 2010-07-25 17:05:01 0 d-----w- C:\HJT 2010-07-25 15:10:25 73728 ----a-w- c:\users\dave\1x.exe 2010-07-25 15:10:24 372462 ----a-w- c:\users\dave\ceixen.exe 2010-07-25 15:00:26 372462 ----a-w- c:\users\dave\osiy.exe 2010-07-25 14:12:44 0 d-----w- c:\programdata\Panda Security 2010-07-25 14:12:36 0 d-----w- c:\program files\Panda USB Vaccine 2010-07-25 04:52:47 0 d-----w- c:\program files\ESET 2010-07-25 04:31:09 372462 ----a-w- c:\users\dave\keiluf.exe 2010-07-24 23:24:51 372462 ----a-w- c:\users\dave\ptix.exe 2010-07-24 23:16:02 372462 ----a-w- c:\users\dave\teija.exe 2010-07-24 22:35:31 46592 ----a-w- c:\users\dave\appdata\roaming\0ccb1a8b.exe 2010-07-24 22:35:19 372462 ----a-w- c:\users\dave\fiirad.exe 2010-07-17 08:02:51 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-07-17 08:02:51 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-07-17 08:02:51 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-07-17 08:02:51 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-07-17 08:02:51 1130824 ----a-w- c:\windows\system32\dfshim.dll ==================== Find3M ==================== 2010-05-28 23:39:40 0 ---ha-w- c:\windows\system32\drivers \Msft_Kernel_silabser_01009.Wdf 2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll 2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-02-15 10:10:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice \appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-02-15 10:14:04 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata \roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail- app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 15:16:44.55 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/15/2010 3:51:24 AM System Uptime: 7/25/2010 3:12:13 PM (0 hours ago) Motherboard: Quanta | | 3093 Processor: AMD Turion 64 Mobile Technology ML-34 | U23 | 1800/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 112 GiB total, 55.2 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: Description: Mass Storage Controller Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3091103C&REV_00\4&13826118&0&4BA4 Manufacturer: Name: Mass Storage Controller PNP Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3091103C&REV_00\4&13826118&0&4BA4 Service: ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 Lite AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Apple Application Support Apple Mobile Device Support Apple Software Update Auslogics Disk Defrag Avanquest update Avira AntiVir Personal - Free Antivirus BufferChm Check Designer Compatibility Pack for the 2007 Office system Conexant AC-Link Audio Copy Destinations DeviceDiscovery DocProc DriveImage XML (Private Edition) ESET Online Scanner v3 F300 F300_Help F300Trb Fax Google SketchUp 7 GPBaseService2 HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply ImgBurn iTunes Java Auto Updater Java 6 Update 18 Malwarebytes' Anti-Malware MarketResearch Microsoft Office XP Professional with FrontPage Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XML Parser Mozilla Firefox (3.6) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyCheckBook neroxml Network Newsflash ObjectDock OCR Software by I.R.I.S. 13.0 Panda USB Vaccine 1.0.1.4 QuickTime Scan Shop for HP Supplies SkyCaddie Desktop SmartWebPrinting SolutionCenter Status SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver TeamViewer 5 Toolbox TrayApp UnloadSupport VCRedistSetup WebReg WinPatrol 2009 WinRAR archiver Yahoo! Install Manager Yahoo! Toolbar Yahoo! Widgets ==== Event Viewer Messages From Past Week ======== 7/25/2010 8:48:12 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 7/24/2010 7:18:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/24/2010 7:04:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/24/2010 7:04:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D- F52A-11D8-B9A5-505054503030} 7/24/2010 7:04:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F- AC08-4F1F-BEB7-5C22C517CE39} 7/24/2010 7:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/24/2010 7:04:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/24/2010 7:04:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb cdrom discache SASDIFSV SASKUTIL spldr ssmdrv Wanarpv6 7/24/2010 6:00:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 6:00:03 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 5:52:08 PM, Error: Disk [11] - The driver detected a controller error on \...\DR2. 7/24/2010 11:28:46 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/24/2010 10:43:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 7/24/2010 10:33:03 PM, Error: Service Control Manager [7034] - The TeamViewer 5 service terminated unexpectedly. It has done this 1 time(s). 7/24/2010 10:32:38 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==== End Of File ===========================
×