Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Slow, other strange symptoms


  • This topic is locked This topic is locked
26 replies to this topic

#1 dazedandconfused

dazedandconfused

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 20 June 2010 - 03:53 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/325282/machine-is-being-really-slow-with-other-symptoms/ ~ OB

I have Windows Vista, Service Pack 1 on an HP a6142n with AMD Athlon 64 x 2 Dual Core Procesor 4400+ 2.3 GHz. RAM = 2GB. 32-bit OS. I have hard drive space used of 220 GB and free of 143 GB. It is a desktop.

My machine has been getting what seems like progressively slower and slower until it is almost unworkable. I've also seen strange symptoms, like the sound on the solitare games no longer being heard, the screensaver slide show no longer working and little things like that…PLUS, I’m no longer able to generate a Restore Point. (Restore Point Creation Disabled by Group Policy). I DON’T mess with permissions and things like that. Not a tinkerer at all.

Trying to open up Internet Explorer (8.0.6001.18928) sometimes takes several minutes. Opening a link from the search pages is either really slow or doesn't even work and goes into Not Responding mode. Sometimes it seems to go to another page (something like “whatis..” it goes too quickly for me to read it) before the IE homepage opens up.

I normally use Spybot Search & Destroy, and Norton Internet Security. I update weekly, and did full scans of both with no problems found. I also did a Trend Micro scan from online, and then loaded SuperAnti-Spyware, which found a lot of tracking cookies, which I deleted.

I did some research here, and I did a disk defragmentation, as well as clearing out files that were in temp files or had .tmp extensions. I don’t know what it is, but I used DeFogger to disable CD Emulation. I set Visual Effects to Adjust for Best Performance. I haven't loaded any new programs in eons, although my hubby sometimes downloads documents from the web. I've tried to cleanup everything I could, but nothing seems to help. I looked at all the processes that were running (via Task Manager) to see if there were things starting that didn't need to be, but it seemed OK. Also, as far as Service Pack 2 goes, one Advisor told me to upgrade and the other told me not to until you folks tell me I'm clean...so I'm waiting on your advice first.


I gave up and did a post in the Vista O/S forum. I ran AutoRun at the request of one of the responders. He said it looked fine. I did a Speccy Snapshot at the request of a different responder. It said:

Generated by Piriform Speccy v1.02.156
19 Jun 2010 @ 12:40Summary
Operating System
MS Windows Vista Home Premium 32-bit SP1CPU
AMD Athlon 64 X2 4400+: 37 CBrisbane 65nm TechnologyRAM
2.0GB Dual-Channel DDR2 @ 330MHz (5-5-5-15)Motherboard
ECS Nettle2 (Socket M2 )Graphics
HP w2007 @ 1680x1050128MB GeForce 6150SE nForce 430 (HP)Hard Drives
391GB Hitachi Hitachi HDT725040VLA SCSI Disk Device (SCSI)Optical Drives
TSSTcorp CD/DVDW TS-H652M ATA DeviceAudio
Realtek High Definition AudioOperating System
MS Windows Vista Home Premium 32-bit SP1Installation Date: 14 February 2008, 14:40CPU
AMD Athlon 64 X2 4400+
Cores: 2Threads: 2Name: AMD Athlon 64 X2 4400+Code Name: BrisbanePackage: Socket AM2 (940)Technology: 65nmSpecification: AMD Athlon™ 64 X2 Dual Core Processor 4400+Family: FExtended Family: FModel: BExtended Model: 6BStepping: 1Revision: BH-G1Instructions: MMX (+), 3DNow! (+), SSE, SSE2, SSE3, x86-64Bus Speed: 200.9 MHzRated Bus Speed: 1004.7 MHzStock Core Speed: 2300 MHzStock Bus Speed: 200 MHzAverage Temperature: 37 CCaches
L1 Data Cache Size: 2 x 64 KBytesL1 Instructions Cache Size: 2 x 64 KBytesL2 Unified Cache Size: 2 x 512 KBytesCore 0
Core Speed: 2310.7 MHzMultiplier: x 11.5Bus Speed: 200.9 MHzRated Bus Speed: 1004.7 MHzTemperature: 39 CThread 1
APIC ID: 0Core 1
Core Speed: 2310.7 MHzMultiplier: x 11.5Bus Speed: 200.9 MHzRated Bus Speed: 1004.7 MHzTemperature: 35 CThread 1
APIC ID: 1RAM
Memory slots
Total memory slots: 4Used memory slots: 2Free memory slots: 2Memory
Type: DDR2Size: 2048 MBytesChannels #: DualDRAM Frequency: 200.9 MHzCAS# Latency (CL): 5 clocksRAS# to CAS# Delay (tRCD): 5 clocksRAS# Precharge (tRP): 5 clocksCycle Time (tRAS): 15 clocksBank Cycle Time (tRС): 21 clocksCommand Rate (CR): 1TSPD
Number Of SPD Modules: 2Slot #1
Type: DDR2Size: 1024 MBytesManufacturer: SamsungMax Bandwidth: PC2-5300 (333 MHz)Part Number: M3 78T2953EZ3-CE6 Serial Number: 120FE98EWeek/year: 27 / 07SPD Ext.: EPPJEDEC #3
Frequency: 333.3 MHzCAS# Latency: 5.0RAS# To CAS#: 6RAS# Precharge: 6tRAS: 16tRC: 21Voltage: 1.800 VJEDEC #2
Frequency: 266.7 MHzCAS# Latency: 4.0RAS# To CAS#: 4RAS# Precharge: 4tRAS: 12tRC: 16Voltage: 1.800 VJEDEC #1
Frequency: 200.0 MHzCAS# Latency: 3.0RAS# To CAS#: 3RAS# Precharge: 3tRAS: 9tRC: 12Voltage: 1.800 VSlot #2
Type: DDR2Size: 1024 MBytesManufacturer: SamsungMax Bandwidth: PC2-5300 (333 MHz)Part Number: M3 78T2953EZ3-CE6 Serial Number: 7415D7DCWeek/year: 27 / 07SPD Ext.: EPPJEDEC #3
Frequency: 333.3 MHzCAS# Latency: 5.0RAS# To CAS#: 6RAS# Precharge: 6tRAS: 16tRC: 21Voltage: 1.800 VJEDEC #2
Frequency: 266.7 MHzCAS# Latency: 4.0RAS# To CAS#: 4RAS# Precharge: 4tRAS: 12tRC: 16Voltage: 1.800 VJEDEC #1
Frequency: 200.0 MHzCAS# Latency: 3.0RAS# To CAS#: 3RAS# Precharge: 3tRAS: 9tRC: 12Voltage: 1.800 VMotherboard
Manufacturer: ECSModel: Nettle2Chipset Vendor: NVIDIAChipset Model: MCP61Chipset Revision: A3Southbridge Vendor: NVIDIASouthbridge Model: MCP61Southbridge Revision: A2BIOS
Brand: Phoenix Technologies, LTDVersion: 5.12Date: 06/11/2007Graphics
Monitor
Name: HP w2007 on NVIDIA GeForce 6150SE nForce 430Current Resolution: 1680x1050 pixelsWork Resolution: 1680x1018 pixelsState: enabled, primary, output devices supportMonitor Width: 1680Monitor Height: 1050Monitor BPP: 32 bits per pixelMonitor Frequency: 60 HzDevice: \\.\DISPLAY1\Monitor0GeForce 6150SE nForce 430
GPU: MCP61PDevice ID: 10DE-03D0Revision: A3Subvendor: HP (103C)Technology: 90 nmDirectX Support: 9.0cDirectX Shader Model: 3.0OpenGL Support: 2.0Bus Interface: FPCISLI: DisabledDriver: nvlddmkm.sys (7.15.11.7521)ForceWare version: 175.21BIOS Version: 5.61.32.20.01ROPs: 2Shaders: Vertex 2/Pixel 2Memory Type: SystemPhysical Memory: 128 MBVirtual Memory: 832 MBHard Drives
Hitachi HDT725040VLA SCSI Disk Device
Manufacturer: HitachiProduct Family: DeskstarSeries Prefix: Differentiator between two models with the same nameSpeed, Expressed in Revolutions Per Minute (rpm): 7200Model capacity for this specific drive: 500GBInterface: SCSICapacity: 391GBReal size: 400,088,457,216 bytesS.M.A.R.T
S.M.A.R.T not supportedPartition 0
Partition ID: Disk #0, Partition #0Disk Letter: C:File System: NTFSVolume Serial Number: 721B69D7Size: 364GBUsed Space: 218GB (61%)Free Space: 145GB (39%)Partition 1
Partition ID: Disk #0, Partition #1Disk Letter: D:File System: NTFSVolume Serial Number: 8874071CSize: 8.85GBUsed Space: 8.47GB (96%)Free Space: 389MB (4%)Optical Drives
TSSTcorp CD/DVDW TS-H652M ATA Device
Media Type: DVD WriterName: TSSTcorp CD/DVDW TS-H652M ATA DeviceAvailability: Running/Full PowerCapabilities: Random Access, Supports Writing, Supports Removable MediaConfig Manager Error Code: Device is working properlyConfig Manager User Config: FALSEDrive: E:Media Loaded: FALSESCSI Bus: 0SCSI Logical Unit: 0SCSI Port: 0SCSI Target Id: 0Status: OKAudio
Sound Card
Realtek High Definition AudioPlayback Devices
Speakers (Realtek High Definition Audio): (default)Realtek Digital Output (Realtek High Definition Audio)Peripherals
Microsoft USB Natural Ergonomic Keyboard 4000 (IntelliType Pro)
Device Kind: KeyboardDevice Name: Microsoft USB Natural Ergonomic Keyboard 4000 (IntelliType Pro)Vendor: MicrosoftLocation: USB Human Interface DeviceDriver
Date: 5-26-2008Version: 6.30.183.0File: C:\Windows\system32\DRIVERS\kbdhid.sysFile: C:\Windows\system32\DRIVERS\kbdclass.sysPS/2 Compatible Mouse
Device Kind: MouseDevice Name: PS/2 Compatible MouseLocation: plugged into PS/2 mouse portDriver
Date: 6-21-2006Version: 6.0.6001.18000File: C:\Windows\system32\DRIVERS\i8042prt.sysFile: C:\Windows\system32\DRIVERS\mouclass.sysHP Deskjet D1400 series
Device Kind: PrinterDevice Name: HP Deskjet D1400 seriesLocation: USB Printing SupportDriver
Date: 12-26-2006Version: 61.63.247.0File: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hph14003.gpdFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hph1400a.iniFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzst4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpz3c4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzur4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hph14003.xmlFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzsc4v2.dtdFile: C:\Windows\system32\spool\PRTPROCS\W32X86\1\hpzpp4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzui4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpz3r4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzpr4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpcdmc32.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpbcfgre.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hph14003.expFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzle4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzsm4v2.gpdFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpz3m4v2.gpdFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzev4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzhl4v2.cabFile: C:\Windows\system32\hpzll4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzla4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpzss4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpfie4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpfig4v2.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\hpfrs4v2.dllFile: C:\Windows\system32\hpzids01.dllFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\UNIDRV.DLLFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\UNIRES.DLLFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\UNIDRVUI.DLLFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\STDNAMES.GPDFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\STDDTYPE.GDLFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\STDSCHEM.GDLFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\STDSCHMX.GDLFile: C:\Windows\system32\spool\DRIVERS\W32X86\{4F020847-6911-471D-BBD5-2B91BA8D1364}\UNIDRV.HLPDisk drive
Device Kind: USB storageDevice Name: Disk driveVendor: GENERICComment: Generic USB CF Reader USB DeviceLocation: USB Mass Storage DeviceDriver
Date: 6-21-2006Version: 6.0.6001.18000File: C:\Windows\system32\DRIVERS\disk.sysDisk drive
Device Kind: USB storageDevice Name: Disk driveVendor: GENERICComment: Generic USB MS Reader USB DeviceLocation: USB Mass Storage DeviceDriver
Date: 6-21-2006Version: 6.0.6001.18000File: C:\Windows\system32\DRIVERS\disk.sysDisk drive
Device Kind: USB storageDevice Name: Disk driveVendor: GENERICComment: Generic USB SD Reader USB DeviceLocation: USB Mass Storage DeviceDriver
Date: 6-21-2006Version: 6.0.6001.18000File: C:\Windows\system32\DRIVERS\disk.sysDisk drive
Device Kind: USB storageDevice Name: Disk driveVendor: GENERICComment: Generic USB SM Reader USB DeviceLocation: USB Mass Storage DeviceDriver
Date: 6-21-2006Version: 6.0.6001.18000File: C:\Windows\system32\DRIVERS\disk.sysDisk drive
Device Kind: USB storageDevice Name: Disk driveVendor: ST330062Comment: ST330062 2A USB DeviceLocation: USB Mass Storage DeviceDriver
Date: 6-21-2006Version: 6.0.6001.18000File: C:\Windows\system32\DRIVERS\disk.sysNetwork
You are connected to the internetConnected through: NVIDIA nForce Networking ControllerAdapter Type: EthernetWinInet Info
LAN ConnectionLocal system uses a local area network to connect to the InternetLocal system has RAS to connect to the Internet

I’ve run a DDS log which says:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Buddy at 15:00:04.78 on Sat 06/19/2010
Internet Explorer: 8.0.6001.18928
Microsoft Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.791 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Buddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: []
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {EA4FA2A3-F289-43F3-8BAA-1C604E3FA7D4} = 24.205.1.14,66.215.64.14
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-6-18 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-6-18 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20100522.001\BHDrvx86.sys [2010-5-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-6-18 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20100617.005\IDSvix86.sys [2010-6-18 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-6-18 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2010-6-18 339504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-6-18 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-18 102448]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-20 1153368]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 15:02:18.33 ===============

My first helper in the other forum said to make a thread here, and I was trying to follow the prep instructions. I’ve attempted several times to run the GMER log, but have encountered a lot of problems. I’ve hung at “c:\\Windows\System32\drivers\NETIO.SYS.” I tried to open Task Manager to see if I could end the task and start over, and got “Logon Process has Failed to Create the Security Options Dialog – Failure = Security Options.” I started over and got a Blue Screen that said:

Event Name - BS
OS Version – 6.0.6001.2.1.0.768.3
Locale Id = 1033
BCCode = 50
BCP1 = CAC6000B
BCP2 = 00000000
BCP3 = A3188C65
BCP4 = 00000000
OS Version = 6_0_6001
Service Pack – 1_0
Product 768_1

It also did a minidump file and two files under Appdata\Local\Temp directory. I can supply those if needed.

Then I tried again and got part of the way and got a BS and rebooted – the most I could read on it looked like “Page File in Non-Page Area” or something similar to that. Then I tried a couple of times this morning, and on two different occasions it got part way through and then just rebooted itself. I couldn’t see which files it was on…although one was shortly after I saw a “Settings\ZoneMap\EscDomains\penile-enlargement\biz” file, which obviously shouldn’t be there.

There were a few other “preparation” instructions, but I didn’t know how to do them in Vista...most of the instructions are for XP. I tried to do a “chkdsk” but it had a screen fly by that I wasn’t able to read. I'll try to provide any other information that might help troubleshoot this, as long as you give really basic directions. I’m past my maximum knowledge level, but take direction well.
Thanks in advance for your patience and assistance on my mess.

Edited by Orange Blossom, 20 June 2010 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 PM

Posted 26 June 2010 - 03:28 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Gmer is the best but can be hard to get a log lets try this and see what we get.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dazedandconfused

dazedandconfused
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 26 June 2010 - 04:55 PM

Here are the results of the RKUnhooker report. The report doesn't show the 'Stealth = nothing found' that was on the screen when I ran it.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C800000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7467008 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 )
0x82238000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82238000 PnpManager 3903488 bytes
0x82238000 RAW 3903488 bytes
0x82238000 WMIxWDM 3903488 bytes
0x99AC0000 Win32k 2105344 bytes
0x99AC0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8D402000 C:\Windows\system32\drivers\RTKVHDA.sys 2011136 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xA285B000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100626.002\NAVEX15.SYS 1343488 bytes (Symantec Corporation, AV Engine)
0x87E04000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x87A0B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8C607000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1060864 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8C40E000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x87C00000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x80466000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9FAD6000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8C510000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9F209000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8E52A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x8CF1F000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E4AB000 C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x80546000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x878AB000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9F2DB000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8E40F000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x879A2000 C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x8DD6A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100625.001\IDSvix86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xA2804000 C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0x8780F000 C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)
0x9FA84000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x99D10000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x87D9D000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x806A8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DC0F000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8060C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80425000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8075A000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x87D50000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8DD24000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x87B41000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9FA0C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87F13000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C7C4000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82205000 ACPI_HAL 208896 bytes
0x82205000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8079B000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8DC57000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CFCB000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x87BCE000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87875000 C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x87B16000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x87B7B000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8DDC2000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x87F63000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80663000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9FA5D000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8791C000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x807CD000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8C737000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x87F9B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x87941000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9F393000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8DCC0000 C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0x9F3B3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8071F000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x87FC5000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x8E477000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x8073D000 C:\Windows\system32\drivers\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA nForce™ Sata Performance Driver)
0x9F348000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x87CE9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x87FE2000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9F365000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x87BA5000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9FA45000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E494000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C715000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8DCDF000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA29B7000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DC89000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8798C000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9F37E000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C77D000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9FBCA000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xA29A3000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100626.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x8C769000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x805CF000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x87D28000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9F2C8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DCAD000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x87DE9000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E5D6000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9FBDF000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x87F8A000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x87BBD000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8040C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x87D18000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x87865000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8DD01000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9F2B8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80707000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C5D2000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8C792000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8DDEA000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87F54000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8068A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8C75A000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x87D8E000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80699000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8C5E2000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x99D00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DC9F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x87975000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806F9000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8E5E8000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C5C5000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8C7B7000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8CFBE000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x805C2000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9FBBE000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C400000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C7A2000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x87D3B000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8796A000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8C72C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C70A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x87D04000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E5F5000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8E400000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8C5F0000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0x8C7AD000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8DD60000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9FBB4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8DD1A000 C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x87D46000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8E46D000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x87FBC000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D5ED000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8DCF8000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8DD11000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA29CD000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x878A2000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x87983000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x99CE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87D0F000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80652000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80717000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8041D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80404000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8065B000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x87A00000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87962000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87F4C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9FBF1000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8C7F8000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8C600000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8D5F6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806F2000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9FAD2000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8CFF9000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8DCF6000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 PM

Posted 26 June 2010 - 05:02 PM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dazedandconfused

dazedandconfused
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 26 June 2010 - 08:02 PM

Gringo - I ran into problems. I had changed all the Norton settings from ON to OFF, but it still lauched a scan while on about Stage 29. Don't know if that hurt anything, as it continued to run, and identified a few files it was going to delete. It rebooted the system, and said it was going to start the log ---- BUT, I got a User Account Control screen that said:

PEV.cfxxe
Unidentified Publisher
"C:\ComboFix\PEV.cffe" TIME UTC

To continue, type Admin password....

User Account Control helps stop unauthorized changes to your computer.

WELL, I typed in my Admin password, and it asked again, and I typed it again, and it asked again, and I typed it again..... you get the picture?

Now I'm not sure what to do, as no log was produced from combofix that I can find. There are LOTS of files under C:\ComboFix, but I'm not sure which ones you might want. Should I log directly on to the Admin account and start from the beginning, OR? I'm also having trouble killing the Norton Scans. The instructions are for version 8, and I'm on 10 and it doesn't have the same options as shown in the notes. It did tell me I had no protection, so I thought it was DEAD.


As for how the machine is running, sometimes it is so slow it seems like it is hung. The other problem, that concerns me a lot, is that permissions seem to be changing. I tried again to set a Restore Point, and it said I didn't have permission. I tried to update my Java, and it said I didn't have the Installation files, and the advice on-line that I found said to delete it and re-install and all would be well. EXCEPT, when I got to the point of deleting the C:\JAVA files as instructed, it said I didn't have permission. This is both from typing in the Admin password and logging directly on to the Admin account. I'm really troubled by this, and don't know what's causing it.

Thanks for your help.

#6 dazedandconfused

dazedandconfused
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 26 June 2010 - 08:10 PM

Oh Oh - - I think I found at least part of a log file. It's ComboFix.txt :

ComboFix 10-06-26.02 - Mannings 06/26/2010 17:26:46.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.1918.1045 [GMT -7:00]
Running from: C:\Users\Buddy\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Public\Spider.exe
C:\Windows\system32\%appdata%
C:\Windows\xpsp1hfm.log

.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 PM

Posted 26 June 2010 - 09:14 PM

ok

lets try this - log into your admin account shut down Norton as much as you can - download combofix to the desktop and run it from there

let me know how it goes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 dazedandconfused

dazedandconfused
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 26 June 2010 - 11:34 PM

It went smoothly this time. I did have a stupid Norton scan try to start itself again. I can't find where to make that stop. My machine didn't reboot this time, but ComboFix does have a better log file at least.

ComboFix 10-06-26.02 - Mannings 06/26/2010 21:07:01.2.2 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.1918.1020 [GMT -7:00]
Running from: c:\users\Mannings\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Mannings\ComboFix.exe
.
---- Previous Run -------
.
c:\users\Public\Spider.exe
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))
.

2010-06-27 04:17 . 2010-06-27 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-27 04:17 . 2010-06-27 04:17 -------- d-----w- c:\users\Buddy\AppData\Local\temp
2010-06-27 00:37 . 2010-06-27 04:17 -------- d-----w- c:\users\Mannings\AppData\Local\temp
2010-06-25 18:00 . 2010-06-25 18:00 -------- d-----w- c:\program files\Common Files\Java
2010-06-24 15:09 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 15:09 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 15:09 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 15:09 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 15:09 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 14:06 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 14:06 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-20 19:01 . 2010-06-20 19:01 79368 ----a-w- c:\users\Mannings\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-06-20 19:01 . 2010-06-20 19:01 64000 ----a-w- c:\users\Mannings\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-06-20 19:01 . 2010-06-20 19:01 52288 ----a-w- c:\users\Mannings\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-06-20 19:01 . 2010-06-20 19:01 50688 ----a-w- c:\users\Mannings\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-06-20 19:01 . 2010-06-20 19:01 49152 ----a-w- c:\users\Mannings\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-06-20 19:01 . 2010-06-20 19:01 118784 ----a-w- c:\users\Mannings\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-06-19 23:35 . 2010-06-19 23:35 439816 ----a-w- c:\users\Mannings\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-19 19:32 . 2010-06-19 19:32 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1
2010-06-18 22:33 . 2010-06-18 22:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-18 22:32 . 2010-06-18 22:33 -------- d-----w- c:\program files\Symantec
2010-06-18 22:31 . 2010-06-19 13:23 -------- d-----w- c:\windows\system32\drivers\NIS
2010-06-18 22:31 . 2010-06-18 22:31 -------- d-----w- c:\program files\Norton Internet Security
2010-06-18 22:31 . 2010-06-18 22:31 -------- d-----w- c:\program files\NortonInstaller
2010-06-18 21:18 . 2010-06-18 21:18 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-06-18 20:58 . 2010-06-18 20:58 -------- d-----w- c:\users\Buddy\Office Genuine Advantage
2010-06-17 04:24 . 2010-06-17 04:24 63488 ----a-w- c:\users\Buddy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-17 04:24 . 2010-06-17 04:24 52224 ----a-w- c:\users\Buddy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 04:24 . 2010-06-17 04:24 117760 ----a-w- c:\users\Buddy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 04:24 . 2010-06-17 04:24 -------- d-----w- c:\users\Buddy\AppData\Roaming\SUPERAntiSpyware.com
2010-06-16 23:49 . 2010-06-16 23:49 63488 ----a-w- c:\users\Mannings\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-16 23:49 . 2010-06-16 23:49 52224 ----a-w- c:\users\Mannings\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-16 23:49 . 2010-06-16 23:49 117760 ----a-w- c:\users\Mannings\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-16 23:42 . 2010-06-16 23:42 -------- d-----w- c:\users\Mannings\AppData\Roaming\SUPERAntiSpyware.com
2010-06-14 03:55 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-14 03:54 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-14 03:54 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-14 03:49 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-09 18:07 . 2010-05-01 13:53 2036224 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 14:51 . 2008-02-16 04:03 -------- d-----w- c:\program files\Microsoft.NET
2010-06-18 23:20 . 2007-06-25 20:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-18 22:56 . 2009-03-17 21:45 -------- d-----w- c:\programdata\Norton
2010-06-18 22:32 . 2010-06-18 22:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-18 22:32 . 2010-06-18 22:33 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-18 20:57 . 2009-03-17 21:45 -------- d-----w- c:\programdata\NortonInstaller
2010-06-18 18:11 . 2009-10-01 01:57 -------- d-----w- c:\users\Buddy\AppData\Roaming\GMATPrep
2010-06-17 04:30 . 2010-02-26 02:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 15:01 . 2007-06-25 20:07 -------- d-----w- c:\programdata\Microsoft Help
2010-06-10 13:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-06 13:33 . 2008-03-17 22:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-04 05:59 . 2010-06-14 04:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-14 04:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-14 04:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-14 04:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-23 19:20 . 2010-04-23 19:20 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 13:55 . 2010-05-26 14:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:05 . 2010-06-23 14:06 459776 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-23 14:06 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-23 14:06 2153984 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-16 16:05 . 2010-06-23 14:06 541696 ----a-w- c:\windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-13 1773568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-9 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-12-10 7808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [2010-05-22 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100625.001\IDSvix86.sys [2010-05-28 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-18 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mannings.job
- c:\program files\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-06-19 05:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/index.php
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {EA4FA2A3-F289-43F3-8BAA-1C604E3FA7D4} = 24.205.1.14,66.215.64.14
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AROReminder - c:\program files\Advanced Registry Optimizer\aro.exe
HKLM-Run-KBD - c:\hp\KBD\KbdStub.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 21:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-06-26 21:23:04
ComboFix-quarantined-files.txt 2010-06-27 04:22

Pre-Run: 156,650,242,048 bytes free
Post-Run: 156,582,588,416 bytes free

- - End Of File - - 59901DA34F1A1FF761A0F540B37C2E7F


Thanks so much for your patience and your help.
Bernice

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 PM

Posted 26 June 2010 - 11:50 PM

Greetings Bernice

That log looks very good. How is the computer doing Now?

I would like to get an extra report from combofix.

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\Qoobox\Add-Remove Programs.txt
  • click ok
  • copy and paste the report into this topic for me to review

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


"information and logs"
    In your next post I need the following
    1. extra report from combofix
    2. report From MBAM
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dazedandconfused

dazedandconfused
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 27 June 2010 - 12:35 AM

Hi Gringo

Here's the 'extra' log info from ComboFix
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop Elements 2.0
Adobe Reader 8.2.2
Amazon MP3 Downloader 1.0.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belarc Advisor 7.2
Bonjour
BufferChm
D1400
D1400_Help
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Enhanced Multimedia Keyboard Solution
ESET Online Scanner
GX Simulator
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HouseCall 6.6
HP Customer Experience Enhancements
HP Customer Feedback
HP Deskjet 8.0 Software
HP Driver Diagnostics
HP Easy Setup - Frontend
HP Imaging Device Functions 8.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
iTunes
Java Auto Updater
LightScribe 1.4.142.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliType Pro 6.3
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PSSWCORE
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Secunia PSI
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Soft Data Fax Modem with SmartCP
Speccy
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Status
Switch Sound File Converter
Symantec Technical Support Advanced Chat Controls
Symantec Technical Support Web Controls
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
WebReg
Windows NT Backup - Restore Utility


Here's the Log from Malwarebytes - it said it was clean
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4245

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

6/26/2010 10:31:20 PM
mbam-log-2010-06-26 (22-31-20).txt

Scan type: Quick scan
Objects scanned: 140138
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Had no problems running these.

System seems to be responding well...but I've been only having one or two screens open at a time. Is it possible that there was nothing wrong other than Norton and it's continuous scans? Was anything else found that would account for the slowness? How about the permission changes?

Thanks for all your help. Signing off for today...
Bernice

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 PM

Posted 27 June 2010 - 10:16 PM

Greetings

Sorry, I seen your reply and thought I had answered

Hello

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 8.2.2

    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dazedandconfused

dazedandconfused
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 28 June 2010 - 07:44 PM

Well....nothing seems to work as advertised. I ran the MBAM program, and when it ends a Log File is displayed in another window which says that "Scan Completed Successfully, No malicious items detected. The application gives me the options of Register - Purchase - Exit - Main Menu. I couldn't find anywhere to do "Show Results" or check or uncheck anything. Am I doing something wrong? Here is the log that it produced, which I found under AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs: I couldn't get into "Documents and Settings" to get to the path you specified.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4245

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

6/26/2010 10:31:20 PM
mbam-log-2010-06-26 (22-31-20).txt

Scan type: Quick scan
Objects scanned: 140138
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Then came the adventure of Eset. When I clicked on allowing the activex control to install it went ahead and launched. There was no screen to tick or untick anything. I'm not sure why I'm not getting those options. I had Norton virus protection disabled at the time. Anyway, here's the log it produced:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3561 (20081027)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=dc44f75b55b8f04c9c787ba75bea65be
# end=stopped
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-10-28 06:05:49
# local_time=2008-10-27 11:05:49 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.0.6000 NT
# scanned=1028235
# found=1
# scan_time=11354
K:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP1782\A0180021.exe Win32/Adware.SurfSideKick application (unable to clean - deleted) 00000000000000000000000000000000

As for how it's running, it still has r-e-a-l-l-y slow spells. Trying to download email (Outlook) was especially slow today, even for simple text emails. Eset took about 7 minutes just to get to the point of asking to install the activex controls. That was before it was even doing any scanning. There still seems to be something amiss.

Thanks so much for your help, Gringo.
Bernice


#13 dazedandconfused

dazedandconfused
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 28 June 2010 - 07:49 PM

Oops - I forgot to tell you, on the TFC program I got a message that "TFC has stopped working" with some data below that. It said APPCRASH, faultmodule = ole32.dll. I ran it a second time and it ended with "Total Files Cleaned 0.00mb"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 PM

Posted 28 June 2010 - 10:31 PM

Show Results" or check or uncheck anything
The show results opened for you and there was nothing to check the results were clean

As for how it's running, it still has r-e-a-l-l-y slow spells
How often does this happen , could it be your antivirus doing a scheduled scan at this time? keep me posted about this over the next few days

Let me see If I can't speed it up some

Download HijackThis
  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

let me have this report

gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dazedandconfused

dazedandconfused
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:L.A., CA outskirts
  • Local time:10:34 PM

Posted 28 June 2010 - 11:23 PM

Gringo..... aaaaarrrrrrrggghhhhhhhh! I'm losing it!

I attempted to run the HiJack this. Got it installed fine. When it started to run, the first thing it said was:
For some reason your system denied write access to the Hosts file. If any Hijacked domains are in this file, Hijack This may not be able to fix this. Then, it said for Vista users to exit and right click and pick Run as Admin. The option doesn't exist. So I logged directly on to my Admin account and tried again. Got the same message again, and let it keep running. It got to the end and showed a lot of stuff on it's screen, but a blank Notepad file. The message said Can not find logfile. Do you want to create a new one? I answered Yes to the Yes/No option. Then it displays the empty file again.

The results screen says Below are the results of the scan....Beware, etc. so it looks like it's done. Yet when I went to re-run it, in hopes that it would behave, it tells me that it is already running. I've tried several times. In the middle of the last one (or maybe more) it flashed (Not Responding) in the midst of it, but kept on going. The Uninstall directory it created is empty, or I'd start over with a clean install. As it is, I'm not sure what to do. I can't get the data out of the results window for you.
Unless you know some trick to this....hope hope

Bernice






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users