Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP antispyware 2010


  • This topic is locked This topic is locked
23 replies to this topic

#1 spuds619

spuds619

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 09 March 2010 - 01:45 PM

Hello,recently was zapped by XP antispyware 2010. I believe i got it stopped in time before it did too much damage.Ran all the utility programs I have and then manually removed av.exe. computer seems to be responding normally. The only way i could get it back to normal completely was to do a system restore to the day before. I ran hijack this and althought it looks ok to me,I am not that knowledgable about whats ok and what isn't.All the items look legitimate to me. Could someone please review the Hijack This log and give me their expert opinion and advice.Thank You hope I do this right,if not sorry.Paul
Scan saved at 1:41:07 PM, on 3/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Paul\Desktop\spyware tools\HijackThis 2.02.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200027847671
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94482D46-C90A-4689-8C31-151F6AD3B3F6}: NameServer = 66.174.95.44 66.174.92.14
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7381 bytes


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:49 AM

Posted 09 March 2010 - 03:16 PM

Good evening. smile.gif

Please follw steps 6, 7 and 8 here and post accordingly into this thread.

So long, and thanks for all the fish.

 

 


#3 spuds619

spuds619
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 10 March 2010 - 03:54 PM

Here are the logs that you asked for thank you
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2007 12:55:26 AM
System Uptime: 3/10/2010 10:40:39 AM (1 hours ago)

Motherboard: ASUSTek Computer Inc. | | K8V
Processor: AMD Athlon™ 64 Processor 3200+ | Socket 754 | 2019/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 16.156 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com Gigabit LOM (3C940)
Device ID: PCI\VEN_10B7&DEV_1700&SUBSYS_80EB1043&REV_12\3&267A616A&0&50
Manufacturer: 3Com
Name: 3Com Gigabit LOM (3C940)
PNP Device ID: PCI\VEN_10B7&DEV_1700&SUBSYS_80EB1043&REV_12\3&267A616A&0&50
Service: EL2000

==== System Restore Points ===================

RP360: 1/22/2010 3:33:08 PM - Installed Windows XP KB951066.
RP361: 1/22/2010 3:33:58 PM - Installed Windows XP KB951376.
RP362: 1/22/2010 3:34:48 PM - Installed Windows XP KB951376-v2.
RP363: 1/22/2010 3:35:36 PM - Installed Windows XP KB951698.
RP364: 1/22/2010 3:36:24 PM - Installed Windows XP KB951748.
RP365: 1/22/2010 3:37:14 PM - Installed Windows XP KB952004.
RP366: 1/22/2010 6:11:39 PM - Software Distribution Service 3.0
RP367: 1/22/2010 6:18:19 PM - Installed Windows XP WgaNotify.
RP368: 1/22/2010 7:01:01 PM - Software Distribution Service 3.0
RP369: 1/22/2010 7:28:08 PM - Software Distribution Service 3.0
RP370: 1/22/2010 7:58:47 PM - complete before usb adapter and backup and cloning 80GB
RP371: 1/22/2010 8:38:17 PM - Installed ASUS WLAN Card Utilities/Driver
RP372: 1/23/2010 10:24:50 PM - System Checkpoint
RP373: 1/24/2010 12:24:22 AM - Installed REALTEK USB Wireless LAN Driver and Utility
RP374: 1/25/2010 1:20:59 AM - System Checkpoint
RP375: 1/26/2010 3:14:58 PM - System Checkpoint
RP376: 1/27/2010 3:42:43 PM - System Checkpoint
RP377: 1/28/2010 5:09:15 PM - System Checkpoint
RP378: 1/29/2010 5:36:05 PM - System Checkpoint
RP379: 1/30/2010 6:44:09 PM - System Checkpoint
RP380: 1/31/2010 6:48:25 PM - System Checkpoint
RP381: 2/1/2010 7:36:49 PM - System Checkpoint
RP382: 2/2/2010 7:52:04 PM - System Checkpoint
RP383: 2/3/2010 8:25:06 PM - System Checkpoint
RP384: 2/4/2010 9:19:03 PM - System Checkpoint
RP385: 2/5/2010 10:32:20 PM - System Checkpoint
RP386: 2/6/2010 11:20:13 PM - System Checkpoint
RP387: 2/8/2010 12:00:39 AM - System Checkpoint
RP388: 2/9/2010 12:48:46 AM - System Checkpoint
RP389: 2/10/2010 10:26:36 AM - System Checkpoint
RP390: 2/10/2010 4:17:40 PM - Software Distribution Service 3.0
RP391: 2/11/2010 4:34:47 PM - System Checkpoint
RP392: 2/12/2010 5:21:15 PM - System Checkpoint
RP393: 2/13/2010 5:27:01 PM - System Checkpoint
RP394: 2/14/2010 5:45:15 PM - System Checkpoint
RP395: 2/15/2010 7:25:12 PM - System Checkpoint
RP396: 2/16/2010 8:25:15 PM - System Checkpoint
RP397: 2/17/2010 8:45:39 PM - System Checkpoint
RP398: 2/18/2010 10:05:16 PM - System Checkpoint
RP399: 2/19/2010 10:53:15 PM - System Checkpoint
RP400: 2/20/2010 1:58:39 AM - Installed Digital Viewer
RP401: 2/21/2010 9:40:56 AM - System Checkpoint
RP402: 2/22/2010 1:31:49 PM - System Checkpoint
RP403: 2/23/2010 2:03:13 PM - System Checkpoint
RP404: 2/24/2010 2:13:16 PM - Software Distribution Service 3.0
RP405: 2/25/2010 3:01:23 PM - System Checkpoint
RP406: 2/26/2010 4:27:33 PM - System Checkpoint
RP407: 2/27/2010 5:15:24 PM - System Checkpoint
RP408: 2/28/2010 5:38:49 PM - System Checkpoint
RP409: 3/1/2010 5:54:26 PM - System Checkpoint
RP410: 3/2/2010 6:49:16 PM - System Checkpoint
RP411: 3/3/2010 7:43:23 PM - System Checkpoint
RP412: 3/4/2010 8:08:42 PM - System Checkpoint
RP413: 3/5/2010 9:04:29 PM - System Checkpoint
RP414: 3/6/2010 1:35:29 AM - Restore Operation
RP415: 3/7/2010 10:03:32 AM - System Checkpoint
RP416: 3/8/2010 5:31:11 PM - System Checkpoint
RP417: 3/9/2010 6:04:59 PM - System Checkpoint

==== Installed Programs ======================

Acronis True Image
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
AOL Instant Messenger
APC PowerChute Personal Edition
Apple Software Update
ArcSoft PhotoImpression 3.0
ASUS Probe V2.21.08
ASUS WLAN Card Utilities/Driver
avast! Antivirus
Belarc Advisor 7.0
CCleaner (remove only)
Cool & Quiet
CounterSpy
Digital Viewer
EPSON Print CD
EPSON Printer Software
Film Factory
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Ink Monitor
Intel® 537EP Modem
Magic ISO Maker v5.4 (build 0251)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Miuchiz TM Update
Mobile Broadband Generic Drivers
MSVC80_x86
Nero - Burning Rom
OLYMPUS CAMEDIA Master 1.2
PaperPort 8.0 SE
PC Connectivity Solution
PhoneTray Dialup
PhoneTray Voices
Photo Viewer 2.4
QuickTime
REALTEK USB Wireless LAN Driver and Utility
RegSupreme 1.3
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Snappy Fax Version 4
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VIA Integrated Setup Wizard
Viewpoint Media Player
Visioneer OneTouch
VZAccess Manager
WebFldrs XP
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinZip

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Paul at 11:41:28.37 on Wed 03/10/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1655 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100309-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Paul\Desktop\downloads\Spyware\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SBAMTray] c:\program files\sunbelt software\counterspy\SBAMTray.exe
mRun: [Control Center] c:\program files\asus\wlan card utilities\Center.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek usb wireless lan driver and utility\RtWLan.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200027847671
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2007-12-29 77056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-18 114768]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-1-20 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R2 Asusgio;Asusgio;c:\program files\asus\cool & quiet\Asusgio.sys [2007-12-29 52776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-19 138680]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-1-24 38144]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-1-20 69936]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
R3 PhoneTrayDriver;PhoneTrayDriver;c:\windows\system32\drivers\ptdrv.sys [2007-12-20 30032]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2010-1-4 1012080]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-19 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-19 352920]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2010-1-24 235648]

=============== Created Last 30 ================

2010-03-10 16:41:03 0 ----a-w- c:\documents and settings\paul\defogger_reenable
2010-03-10 16:39:19 0 d-----w- c:\docume~1\paul\applic~1\GetRightToGo
2010-03-06 06:36:12 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-20 08:12:07 921624 ------w- C:\snp2sxp-001.raw
2010-02-20 06:58:49 98304 ------w- c:\windows\Amcap.exe
2010-02-20 06:58:49 20480 ------w- c:\windows\FixCamera.exe
2010-02-20 06:58:48 349472 ------w- c:\windows\WindowsXP-KB822603-x86.exe
2010-02-20 06:58:46 348160 ------w- c:\windows\vsnp2std.exe
2010-02-20 06:58:46 262144 ------w- c:\windows\tsnp2std.exe
2010-02-20 06:58:46 15497 ------w- c:\windows\snp2std.ini
2010-02-20 06:58:46 13022 ------w- c:\windows\snp2std.src
2010-02-20 06:58:44 25472 ------w- c:\windows\system32\drivers\sncamd.sys
2010-02-20 06:58:42 12212864 ------w- c:\windows\system32\drivers\snp2sxp.sys
2010-02-20 06:58:40 73728 ------w- c:\windows\system32\vsnp2std.dll
2010-02-20 06:58:40 151552 ------w- c:\windows\system32\rsnp2std.dll
2010-02-20 06:58:39 77824 ------w- c:\windows\system32\csnp2std.dll
2010-02-20 06:58:39 0 d-----w- c:\program files\common files\snp2std
2010-02-14 20:48:26 0 d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX

==================== Find3M ====================

2010-01-24 18:13:07 1027072 ------w- c:\windows\system32\AutoPartNt.exe
2010-01-23 01:39:23 21419 ------w- c:\windows\system32\drivers\AegisP.sys
2010-01-04 22:02:22 27984 ------w- c:\windows\system32\sbbd.exe
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2003-07-31 09:53:28 147456 ------w- c:\windows\inf\EL2K_XP.sys
2003-07-31 09:50:16 448768 ------w- c:\windows\inf\EL2K_N64.sys
2003-07-31 09:43:00 147456 ------w- c:\windows\inf\EL2K_2K.sys
2003-02-13 11:16:04 36864 ------w- c:\windows\inf\i386\Vizmicro.dll
2003-02-13 11:15:34 172032 ------w- c:\windows\inf\i386\viceo.dll
2003-02-13 11:02:22 151552 ------w- c:\windows\inf\i386\rtscan.dll
2003-02-13 11:02:22 148469 ------w- c:\windows\inf\i386\M5623_24.dll
2003-02-13 11:02:20 35190 ------w- c:\windows\inf\i386\M5623_24.bin
2001-08-03 23:29:18 13824 ------w- c:\windows\inf\i386\Usbscan.sys

============= FINISH: 11:41:53.62 ===============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-10 13:04:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Paul\LOCALS~1\Temp\kglyaaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7C726B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB7C72574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB7C72A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB7C7214C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB7C7264E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB7C7208C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB7C720F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB7C7276E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB7C7272E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB7C728AE]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xBA3B3760]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:49 AM

Posted 11 March 2010 - 04:22 PM

Good evening. smile.gif

We'll start with a little online scan and see where that takes us:

Pay a visit to the ESET Online Scanner.
  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you uncheck the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#5 spuds619

spuds619
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 12 March 2010 - 04:15 PM

Hello,ESET scan found no threats.Thanks Paul

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:49 AM

Posted 13 March 2010 - 03:11 PM

Good evening. smile.gif

That's always good news. I think one more for luck is in order:

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log (run in Normal Mode) AND a description of how your PC is behaving.

It looks like you got the job done already, but it never hurts to be sure.

So long, and thanks for all the fish.

 

 


#7 spuds619

spuds619
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 14 March 2010 - 03:22 PM

Hello,Here are the rest of the logs you wanted me to do. Thanks again. The only things I am noticing at this time is about the same that I normally experience from time to time.IE freezes,application hangs,very slow shutdows at times. Sometimes it shuts ok,other times it takes a while. I think I have another program thats causing it to be slow,I will have to try and figure out which one it is again. Boots up ok,opens and closes programs ok,just the annoying long shutdown.Paul
DDS (Ver_09-12-01.01) - NTFSx86
Run by Paul at 16:05:02.95 on Sun 03/14/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1531 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100310-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Paul\Desktop\downloads\Spyware\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SBAMTray] c:\program files\sunbelt software\counterspy\SBAMTray.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek usb wireless lan driver and utility\RtWLan.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200027847671
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2007-12-29 77056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-18 114768]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-1-20 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R2 Asusgio;Asusgio;c:\program files\asus\cool & quiet\Asusgio.sys [2007-12-29 52776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-19 138680]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-1-24 38144]
R2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2010-1-4 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-1-20 69936]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-19 352920]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-10 38224]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
R3 PhoneTrayDriver;PhoneTrayDriver;c:\windows\system32\drivers\ptdrv.sys [2007-12-20 30032]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2010-1-24 235648]

=============== Created Last 30 ================

2010-03-10 22:55:19 18064 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 21:41:51 0 d-----w- c:\program files\Bonjour
2010-03-10 18:12:14 0 d-----w- c:\docume~1\paul\applic~1\Malwarebytes
2010-03-10 18:12:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 18:12:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 18:12:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 18:12:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-10 16:41:03 0 ----a-w- c:\documents and settings\paul\defogger_reenable
2010-03-10 16:39:19 0 d-----w- c:\docume~1\paul\applic~1\GetRightToGo
2010-03-10 15:54:24 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 06:36:12 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-20 08:12:07 921624 ------w- C:\snp2sxp-001.raw
2010-02-20 06:58:49 98304 ------w- c:\windows\Amcap.exe
2010-02-20 06:58:49 20480 ------w- c:\windows\FixCamera.exe
2010-02-20 06:58:48 349472 ------w- c:\windows\WindowsXP-KB822603-x86.exe
2010-02-20 06:58:46 348160 ------w- c:\windows\vsnp2std.exe
2010-02-20 06:58:46 262144 ------w- c:\windows\tsnp2std.exe
2010-02-20 06:58:46 15497 ------w- c:\windows\snp2std.ini
2010-02-20 06:58:46 13022 ------w- c:\windows\snp2std.src
2010-02-20 06:58:44 25472 ------w- c:\windows\system32\drivers\sncamd.sys
2010-02-20 06:58:42 12212864 ------w- c:\windows\system32\drivers\snp2sxp.sys
2010-02-20 06:58:40 73728 ------w- c:\windows\system32\vsnp2std.dll
2010-02-20 06:58:40 151552 ------w- c:\windows\system32\rsnp2std.dll
2010-02-20 06:58:39 77824 ------w- c:\windows\system32\csnp2std.dll
2010-02-20 06:58:39 0 d-----w- c:\program files\common files\snp2std
2010-02-14 20:48:26 0 d-----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX

==================== Find3M ====================

2010-01-24 18:13:07 1027072 ------w- c:\windows\system32\AutoPartNt.exe
2010-01-23 01:39:23 21419 ------w- c:\windows\system32\drivers\AegisP.sys
2010-01-04 22:02:22 27984 ------w- c:\windows\system32\sbbd.exe
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2003-07-31 09:53:28 147456 ------w- c:\windows\inf\EL2K_XP.sys
2003-07-31 09:50:16 448768 ------w- c:\windows\inf\EL2K_N64.sys
2003-07-31 09:43:00 147456 ------w- c:\windows\inf\EL2K_2K.sys
2003-02-13 11:16:04 36864 ------w- c:\windows\inf\i386\Vizmicro.dll
2003-02-13 11:15:34 172032 ------w- c:\windows\inf\i386\viceo.dll
2003-02-13 11:02:22 151552 ------w- c:\windows\inf\i386\rtscan.dll
2003-02-13 11:02:22 148469 ------w- c:\windows\inf\i386\M5623_24.dll
2003-02-13 11:02:20 35190 ------w- c:\windows\inf\i386\M5623_24.bin
2001-08-03 23:29:18 13824 ------w- c:\windows\inf\i386\Usbscan.sys

============= FINISH: 16:05:26.92 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2007 12:55:26 AM
System Uptime: 3/14/2010 10:00:54 AM (6 hours ago)

Motherboard: ASUSTek Computer Inc. | | K8V
Processor: AMD Athlon™ 64 Processor 3200+ | Socket 754 | 2020/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 16.326 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com Gigabit LOM (3C940)
Device ID: PCI\VEN_10B7&DEV_1700&SUBSYS_80EB1043&REV_12\3&267A616A&0&50
Manufacturer: 3Com
Name: 3Com Gigabit LOM (3C940)
PNP Device ID: PCI\VEN_10B7&DEV_1700&SUBSYS_80EB1043&REV_12\3&267A616A&0&50
Service: EL2000

==== System Restore Points ===================

RP366: 1/22/2010 6:11:39 PM - Software Distribution Service 3.0
RP367: 1/22/2010 6:18:19 PM - Installed Windows XP WgaNotify.
RP368: 1/22/2010 7:01:01 PM - Software Distribution Service 3.0
RP369: 1/22/2010 7:28:08 PM - Software Distribution Service 3.0
RP370: 1/22/2010 7:58:47 PM - complete before usb adapter and backup and cloning 80GB
RP371: 1/22/2010 8:38:17 PM - Installed ASUS WLAN Card Utilities/Driver
RP372: 1/23/2010 10:24:50 PM - System Checkpoint
RP373: 1/24/2010 12:24:22 AM - Installed REALTEK USB Wireless LAN Driver and Utility
RP374: 1/25/2010 1:20:59 AM - System Checkpoint
RP375: 1/26/2010 3:14:58 PM - System Checkpoint
RP376: 1/27/2010 3:42:43 PM - System Checkpoint
RP377: 1/28/2010 5:09:15 PM - System Checkpoint
RP378: 1/29/2010 5:36:05 PM - System Checkpoint
RP379: 1/30/2010 6:44:09 PM - System Checkpoint
RP380: 1/31/2010 6:48:25 PM - System Checkpoint
RP381: 2/1/2010 7:36:49 PM - System Checkpoint
RP382: 2/2/2010 7:52:04 PM - System Checkpoint
RP383: 2/3/2010 8:25:06 PM - System Checkpoint
RP384: 2/4/2010 9:19:03 PM - System Checkpoint
RP385: 2/5/2010 10:32:20 PM - System Checkpoint
RP386: 2/6/2010 11:20:13 PM - System Checkpoint
RP387: 2/8/2010 12:00:39 AM - System Checkpoint
RP388: 2/9/2010 12:48:46 AM - System Checkpoint
RP389: 2/10/2010 10:26:36 AM - System Checkpoint
RP390: 2/10/2010 4:17:40 PM - Software Distribution Service 3.0
RP391: 2/11/2010 4:34:47 PM - System Checkpoint
RP392: 2/12/2010 5:21:15 PM - System Checkpoint
RP393: 2/13/2010 5:27:01 PM - System Checkpoint
RP394: 2/14/2010 5:45:15 PM - System Checkpoint
RP395: 2/15/2010 7:25:12 PM - System Checkpoint
RP396: 2/16/2010 8:25:15 PM - System Checkpoint
RP397: 2/17/2010 8:45:39 PM - System Checkpoint
RP398: 2/18/2010 10:05:16 PM - System Checkpoint
RP399: 2/19/2010 10:53:15 PM - System Checkpoint
RP400: 2/20/2010 1:58:39 AM - Installed Digital Viewer
RP401: 2/21/2010 9:40:56 AM - System Checkpoint
RP402: 2/22/2010 1:31:49 PM - System Checkpoint
RP403: 2/23/2010 2:03:13 PM - System Checkpoint
RP404: 2/24/2010 2:13:16 PM - Software Distribution Service 3.0
RP405: 2/25/2010 3:01:23 PM - System Checkpoint
RP406: 2/26/2010 4:27:33 PM - System Checkpoint
RP407: 2/27/2010 5:15:24 PM - System Checkpoint
RP408: 2/28/2010 5:38:49 PM - System Checkpoint
RP409: 3/1/2010 5:54:26 PM - System Checkpoint
RP410: 3/2/2010 6:49:16 PM - System Checkpoint
RP411: 3/3/2010 7:43:23 PM - System Checkpoint
RP412: 3/4/2010 8:08:42 PM - System Checkpoint
RP413: 3/5/2010 9:04:29 PM - System Checkpoint
RP414: 3/6/2010 1:35:29 AM - Restore Operation
RP415: 3/7/2010 10:03:32 AM - System Checkpoint
RP416: 3/8/2010 5:31:11 PM - System Checkpoint
RP417: 3/9/2010 6:04:59 PM - System Checkpoint
RP418: 3/10/2010 1:08:23 PM - After all logs before malwarebytes
RP419: 3/10/2010 4:41:07 PM - After malwarebytes small cleaning before safari
RP420: 3/10/2010 4:41:58 PM - Installed Safari
RP421: 3/10/2010 5:11:08 PM - Software Distribution Service 3.0
RP422: 3/11/2010 5:40:40 PM - System Checkpoint
RP423: 3/12/2010 5:42:00 PM - System Checkpoint
RP424: 3/13/2010 6:41:01 PM - System Checkpoint

==== Installed Programs ======================

Acronis True Image
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
AOL Instant Messenger
APC PowerChute Personal Edition
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression 3.0
ASUS Probe V2.21.08
ASUS WLAN Card Utilities/Driver
avast! Antivirus
Belarc Advisor 7.0
Bonjour
CCleaner (remove only)
Cool & Quiet
CounterSpy
Digital Viewer
EPSON Print CD
EPSON Printer Software
Film Factory
Google Toolbar for Internet Explorer
Google Updater
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Ink Monitor
Intel® 537EP Modem
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Miuchiz TM Update
Mobile Broadband Generic Drivers
MSVC80_x86
Nero - Burning Rom
OLYMPUS CAMEDIA Master 1.2
PaperPort 8.0 SE
PC Connectivity Solution
PhoneTray Dialup
PhoneTray Voices
Photo Viewer 2.4
QuickTime
REALTEK USB Wireless LAN Driver and Utility
RegSupreme 1.3
Safari
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Snappy Fax Version 4
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VIA Integrated Setup Wizard
Viewpoint Media Player
Visioneer OneTouch
VZAccess Manager
WebFldrs XP
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinZip

==== Event Viewer Messages From Past Week ========

3/11/2010 4:14:25 PM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x8007001f.
3/10/2010 1:27:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx
3/10/2010 1:27:46 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================
Malwarebytes' Anti-Malware 1.44
Database version: 3849
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/14/2010 4:02:47 PM
mbam-log-2010-03-14 (16-02-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 166875
Time elapsed: 35 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:49 AM

Posted 14 March 2010 - 04:50 PM

Good evening. smile.gif

Does Windows prompt you with any pop-up regarding which application is slowing things down at shutdown?

So long, and thanks for all the fish.

 

 


#9 spuds619

spuds619
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 14 March 2010 - 07:24 PM

Hello,no prompt at all,nothing that gives any idea what it is. Once I click Turn Off it goes thru saving settings,logging off,widoows is shutting down,this is where it takes a while. It stays on the blue windows is shutting down screen for a while,maybe 2 to as much as 4 minutes sometimes. Thanks Paul

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:49 AM

Posted 15 March 2010 - 03:25 PM

Good evening. smile.gif

Go here and click the Download EXE button at the top and save the file to your Desktop - the file is randomly named to try to sidestep the actions of certain malicious files.
Double click the file to begin:
  • If you get a pop-up regarding rootkit activity and are asked if you want to scan, click No.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for
    • Sections
    • IAT/EAT
    • Show All
    • All drives except your main one, which is usually C:\.
  • Click the Scan button on the right and OK any pop-up that you may see regarding rootkit activity.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Save... button and again save the log with any name to a handy location.
Post the contents of the log(s) into your next reply. The Preview option on the forum may show the whole log(s) being posted, but they sometimes get cut down when the actual post is made, so please check the post once it is completed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Will you try disabling Avast and Counterspy and then shut down the PC and see if it is any happier as a result.

So long, and thanks for all the fish.

 

 


#11 spuds619

spuds619
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 15 March 2010 - 07:51 PM

Hello,recent Gmer log you wanted is included.I have already tried the Avast and counterspy thing,did not do any good. I have redone the startup and only have what I want loading at start.I have everything I don't want starting shut unless I need it and I do it manually. I think the problem is usb related. I have some things in the task bar that I don't always use and I think thats the problem. I have an electronic microscope and wireless adapter,that are loaded but not always in use and my verizon wifi adapter that is plugged into usb,I use it that way instead of wirelessly. I am going to try here in a little bit and shut them all down and then shut down the computer and see if closing out all those lets it do a better shutdown. I will let you know how it does. In the meantime here's the log and thank you again.PaulGMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-15 19:44:21
Windows 5.1.2600 Service Pack 3
Running: l9dwicdc.exe; Driver: C:\DOCUME~1\Paul\LOCALS~1\Temp\kglyaaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB7CE96B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB7CE9574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB7CE9A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB7CE914C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB7CE964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB7CE908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB7CE90F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB7CE976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB7CE972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB7CE98AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


#12 spuds619

spuds619
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 16 March 2010 - 03:27 PM

Hello,the shutdown problem has been resolved,it was two usb devices that were loading in the taskbar,but the devices were not hooked up and being used.Shuts down in less that 30 seconds now after removing them from the taskbar. I have tried it a few times and it seems to shut ok,sometimes a little faster than others but no 4-5 minutes. Windows must have been looking for the devices on shutdown i guess,thus a long time shutdown.Thanks Paul

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:49 AM

Posted 16 March 2010 - 03:48 PM

Good evening. smile.gif

Always nice to see things sorted happily. Everything looks OK, so i'd say that is that, apart from a little housekeeping.

Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)


CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I am unsure from your log whether or not you have a software firewall installed. If you have, and i've missed it, please ignore this.
If you haven't, or are using the firewall that comes with Service Pack 2, then you need to install one. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will.
There are a few free firewalls available, of which the following are just three:
Comodo Firewall Pro, available here. This download has both a firewall and anti-virus in the same package, so be sure that you uncheck the AV option if you choose to install this one.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

While you can download them all to see which one you prefer, only install one at a time - running two or more firewalls simultaneously can cause conflicts resulting in less, not more, protection.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here, (feel free to uncheck the McAfee download first), or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of SpywareBlaster is also out of date. You can get the latest version here.


So long, and thanks for all the fish.

 

 


#14 spuds619

spuds619
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 16 March 2010 - 05:47 PM

OK,thank you very much. I guess I'll have a busy night. I am using the SP2 firewall,thats all I have ever used.I will get one of the others and use it.Do I need to disable or do anything to the SP2 one or will it work OK with whatever other one I pick?Thanks for the help,will let you know when all is done. Thanks Paul

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:49 AM

Posted 16 March 2010 - 07:00 PM

Although the SP2 firewall will need to be disabled, it should be done by the installed software. I suggest that you check once your selection is up and running though:

Start > Control Panel > Security Center and under Manage security settings for: click Windows Firewall.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users