Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FW/AV issues maybe linked to Google Redirect/Trojan infection?


  • Please log in to reply
15 replies to this topic

#1 Tetsab

Tetsab

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 22 October 2011 - 12:59 PM

Hello,

For months now my Dell Laptop (XP home, v. 2002, SP3) periodically informs me that Windows Firewall and/or Norton Auto-protect is disabled. Whenever I double-check Windows Firewall it always claims to be enabled, ditto Auto-protect in Symantec AntiVirus 10.1.0.401.

Still, this seemed like pretty virusy behaviour to me so when it 1st started happening months ago I ran a selection of tools (i.e. Norton Power Eraser, Malwarebytes, & SUPERAntispyware) and found nothing but tracking cookies & mostly decided this was just my 'puter being Old, Crap, 'n' Quirky.

* * *

A couple of days ago I was running a bunch of google searches & discovered I'd picked up the 'redirect virus' from somewhere (was redirecting randomly, mostly to the Yellow Pages, & hitting back to the results page & reclicking would get me to the correct page). I have no idea where I might have gotten this or how long I might have had it as I don't generally don't run enough searches to notice.

After getting my most recent virus definitions Norton Auto-protect then announced I had some sort of Trojan (unspecified) in C:\Documents and Settings\MaRoo\Local Settings\Application Data\eapAuthenticationTray\eapobjPort.dll & I'd have to restart to eliminate it. So I did this then restarted Windows in Safe Mode & ran a full AV scan at which point a Trojan was also found in C:\System Volume Information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1344\A0291208.dll (FYI: I saw after 7 files were omitted from the scan in the Event Log... dunno how important this is).

I then restarted normally & reran all the anti-mal tools I mentioned above, with fresh definition files, & once again found nothing but tracking cookies. The one seriously screwy thing about this is that it took Superantispyware 11 hours, 26 minutes to complete its scan when a couple of months ago it took a couple of hours causing me worry.

So the shorter sum-up is: My AV/Firewall is acting weird & I don't know if it's 'cause of a long-term infection I haven't been able to find and now have this worry added to by this recent infection that I'm not sure is totally clean (I haven't been able to Google to redirect today after finishing the last anti-mal scan last night but there were times I couldn't get it to go redirect when I was trying to get more info on what I might be infected with).

Thanks for any help anyone can give on this.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:28 PM

Posted 22 October 2011 - 09:25 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Tetsab

Tetsab
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 23 October 2011 - 11:45 AM

Thanks Broni (both for the welcome and the help!).

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec AntiVirus
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader 9.1.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.23)
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Symantec AntiVirus DefWatch.exe
Symantec AntiVirus DoScan.exe
Symantec AntiVirus Rtvscan.exe
``````````End of Log````````````

MiniToolBox by Farbar
Ran by MaRoo (administrator) on 23-10-2011 at 02:13:34
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : L-M

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lan



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-12-F0-6E-EB-B5

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.66

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : October 23, 2011 2:09:12 AM

Lease Expires . . . . . . . . . . : October 24, 2011 2:09:12 AM

Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.226.84, 74.125.226.80, 74.125.226.81, 74.125.226.82
74.125.226.83



Pinging google.com [74.125.226.81] with 32 bytes of data:



Reply from 74.125.226.81: bytes=32 time=18ms TTL=58

Reply from 74.125.226.81: bytes=32 time=17ms TTL=58



Ping statistics for 74.125.226.81:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 18ms, Average = 17ms

Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70
67.195.160.76



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=41ms TTL=54

Reply from 67.195.160.76: bytes=32 time=47ms TTL=54



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 47ms, Average = 44ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20002 ...00 12 f0 6e eb b5 ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.66 192.168.1.66 25
192.168.1.66 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.66 192.168.1.66 25
224.0.0.0 240.0.0.0 192.168.1.66 192.168.1.66 25
255.255.255.255 255.255.255.255 192.168.1.66 192.168.1.66 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/22/2011 11:30:09 AM) (Source: Application Error) (User: )
Description: Faulting application doscan.exe, version 10.1.0.401, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [doscan.exe!ws!]

Error: (10/20/2011 10:43:11 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1344\A0291208.dll by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Risk: in File: Internet browser temporary file cache by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was deleted successfully.

Error: (10/20/2011 09:38:40 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1344\A0291208.dll by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (10/20/2011 09:38:22 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1344\A0291208.dll by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (10/20/2011 03:33:13 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: Unavailable by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Error: (10/20/2011 03:33:13 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\documents and settings\maroo\local settings\application data\eapauthenticationtray\eapobjport.dll by: Invalid : (15) scan. Action: Delete succeeded. Action Description: The file was deleted successfully.

Error: (10/20/2011 03:33:13 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: Unavailable by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.

Error: (10/20/2011 03:33:13 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: Unavailable by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Error: (10/20/2011 03:33:11 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\documents and settings\maroo\local settings\application data\eapauthenticationtray\eapobjport.dll by: Invalid : (15) scan. Action: Delete succeeded. Action Description: The file was deleted successfully.

Error: (10/20/2011 03:33:11 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: Unavailable by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.


System errors:
=============
Error: (10/22/2011 11:07:38 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2011 11:07:38 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2011 11:06:57 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2011 11:03:50 AM) (Source: Service Control Manager) (User: )
Description: The Print Port Scanner Driver service failed to start due to the following error:
%%1058

Error: (10/22/2011 11:00:56 AM) (Source: Print) (User: SYSTEM)
Description: Printer Dell Photo Printer 720,0 failed to initialize because a suitable Dell Photo Printer 720 driver could not be found.

Error: (10/21/2011 00:28:39 PM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_SMR210\0000 disappeared from the system without first being prepared for removal.

Error: (10/21/2011 09:39:57 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/21/2011 09:39:57 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/21/2011 09:39:55 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/21/2011 09:38:19 AM) (Source: Print) (User: SYSTEM)
Description: Printer Dell Photo Printer 720,0 failed to initialize because a suitable Dell Photo Printer 720 driver could not be found.


Microsoft Office Sessions:
=========================
Error: (10/22/2011 11:30:09 AM) (Source: Application Error)(User: )
Description: doscan.exe10.1.0.401ntdll.dll5.1.2600.605500019af2

Error: (10/20/2011 10:43:11 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1344\A0291208.dll by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Risk: in File: Internet browser temporary file cache by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was deleted successfully.

Error: (10/20/2011 09:38:40 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1344\A0291208.dll by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (10/20/2011 09:38:22 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1344\A0291208.dll by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (10/20/2011 03:33:13 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: Unavailable by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Error: (10/20/2011 03:33:13 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\documents and settings\maroo\local settings\application data\eapauthenticationtray\eapobjport.dll by: Invalid : (15) scan. Action: Delete succeeded. Action Description: The file was deleted successfully.

Error: (10/20/2011 03:33:13 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: Unavailable by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.

Error: (10/20/2011 03:33:13 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: Unavailable by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Error: (10/20/2011 03:33:11 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\documents and settings\maroo\local settings\application data\eapauthenticationtray\eapobjport.dll by: Invalid : (15) scan. Action: Delete succeeded. Action Description: The file was deleted successfully.

Error: (10/20/2011 03:33:11 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: Unavailable by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.


=========================== Installed Programs ============================

Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe PhotoDeluxe 2.0
Adobe Reader 9.1.3 (Version: 9.1.3)
AiO_Scan (Version: 47.0.1.000)
ALPS Touch Pad Driver
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5145)
ATI Display Driver (Version: 8.123-050405a-022874C-Dell)
BookDB2
Broadcom Management Programs 2 (Version: 7.82.01)
C-Pen
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant D480 MDC V.9x Modem
Core FTP LE 1.3c
Dell Driver Reset Tool (Version: 1.02.0000)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Line Detect (Version: 1.10)
Digital Voice Recorder (Version: 3.02.7000)
FlashWorks
Flickr Uploadr 2.5.0.15
HP Image Zone 4.7 (Version: 4.7)
HP PSC & OfficeJet 4.7
Intel PROSet Wireless (Version: 9.00.0000)
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000)
Internal Network Card Power Management (Version: 1.7.0)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Keyman Package - Ezra SIL Unicode 2.4
Keyman Package - GreekClassical
LiveUpdate 3.0 (Symantec Corporation) (Version: 3.0.0.160)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MemoryLifter (Version: 2.1.0)
Messageware AttachView Add-in for Saving Files
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Modem Helper (Version: 2.31)
Mozilla Firefox (3.6.23) (Version: 3.6.23 (en-GB))
Mozilla Thunderbird (2.0.0.24) (Version: 2.0.0.24 (en-US))
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWlsSafe (Version: 9.00.0000)
NetWaiting (Version: 2.5.15)
PDFCreator (Version: 0.9.8)
PowerDVD 5.5
PuTTY version 0.56
QFolder (Version: 1.00.0000)
QuickSet (Version: 3.9.4)
QuickTime
Recipe Manager (Version: 1.2.0)
Scan (Version: 4.5.0.0)
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Semagic (remove only)
Simple Concordance Program 4.07 (Version: 4.07)
SpywareBlaster 4.4 (Version: 4.4.0)
StudioTax 2010 (Version: 6.0.5.2)
SUPERAntiSpyware (Version: 4.54.1000)
Symantec AntiVirus (Version: 10.1.401.0)
Tavultesoft Keyman 6.0
TekniaGreek
WavePad Uninstall
WebFldrs XP (Version: 9.50.7523)
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WordBase3 (Version: 3.2.0)
WordPerfect Office 11 (Version: 11.0)

========================= Memory info: ===================================

Percentage of memory in use: 79%
Total physical RAM: 255.23 MB
Available physical RAM: 51.88 MB
Total Pagefile: 1001.01 MB
Available Pagefile: 574.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.35 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:34.04 GB) (Free:8.56 GB) NTFS

========================= Users: ========================================

User accounts for \\L-M

Administrator Guest HelpAssistant
MaRoo SUPPORT_388945a0


**** End of log ****

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8003

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

23/10/2011 2:35:53 AM
mbam-log-2011-10-23 (02-35-52).txt

Scan type: Quick scan
Objects scanned: 173889
Time elapsed: 13 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-23 04:14:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4026GAX rev.PA102D
Running: vmsckc9y.exe; Driver: C:\DOCUME~1\MaRoo\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT FFB4B5B0 ZwAlertResumeThread
SSDT FFB4B298 ZwAlertThread
SSDT 82683C38 ZwAllocateVirtualMemory
SSDT 826B9008 ZwConnectPort
SSDT 8262F1D8 ZwCreateMutant
SSDT FFAE4298 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF68E1CB0]
SSDT 827246E8 ZwFreeVirtualMemory
SSDT FFB4B8A0 ZwImpersonateAnonymousToken
SSDT FFB4B728 ZwImpersonateThread
SSDT 8262E320 ZwMapViewOfSection
SSDT 825F79D8 ZwOpenEvent
SSDT 8260B978 ZwOpenProcessToken
SSDT FFB4C630 ZwOpenThreadToken
SSDT FFB41DB0 ZwQueryValueKey
SSDT FFB4D698 ZwResumeThread
SSDT FFB4C4B0 ZwSetContextThread
SSDT FFB4C948 ZwSetInformationProcess
SSDT FFB4C340 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF68E1F10]
SSDT 825F7568 ZwSuspendProcess
SSDT FFB4C0D0 ZwSuspendThread
SSDT 8260AB50 ZwTerminateProcess
SSDT FFB4C268 ZwTerminateThread
SSDT FFB24C58 ZwUnmapViewOfSection
SSDT 825E78B0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 198 804E2804 4 Bytes [E8, 46, 72, 82]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat F1C49D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:28 PM

Posted 23 October 2011 - 04:47 PM

All looks clean to me.
I assume your Norton doesn't include firewall?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Tetsab

Tetsab
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 23 October 2011 - 09:41 PM

All looks clean to me.

Thanks again, Broni. It looks like I'm well on my way to the self-help y'all have kicking around here RE: Slow Computer.

Ran TFC with no issues and after reboot got the same, separate 'Firewall disabled' then 'Autosearch disabled' messages & re-ran Security Check just out of curiosity to see if it'd concur & it said (as I always find) they were enabled (then as an added bonus as soon as a clicked to open Firefox to open ESET I got one of the all too common 'virtual memory too low' messages).

I absolutely have some severe slow running issues (this laptop is nicknamed the 'Grindermachine' for how often it ends up chewing on its own hard drive for crazy long periods of time) but I'm now tipping back to it being due to Old 'n' Crap 'n' needing more TLC. This is all ESET came up with:

C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined

I assume your Norton doesn't include firewall?

Yes, that's correct.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:28 PM

Posted 23 October 2011 - 09:58 PM

Your main issue is a very low amount of RAM:

Total physical RAM: 255.23 MB
Available physical RAM: 51.88 MB
Total Pagefile: 1001.01 MB

Windows XP needs at least 512MB of RAM to run smoothly.
As you can see your available RAM sits at 52MB - very low.
Setting pagefile at 1GB doesn't make sense at all as hard drive is much, much slower than RAM.
Normally page file should be set at 1.5 of installed RAM - in your case 384MB not 1GB.
Your computer may be saying 'virtual memory too low', but in reality it cries for more RAM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Tetsab

Tetsab
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 23 October 2011 - 10:09 PM

Your main issue is a very low amount of RAM:
Setting pagefile at 1GB doesn't make sense at all as hard drive is much, much slower than RAM.
Normally page file should be set at 1.5 of installed RAM - in your case 384MB not 1GB.
Your computer may be saying 'virtual memory too low', but in reality it cries for more RAM.

Hrm. Is it the computer dialing up the page file setting (perhaps when it makes its 'virtual memory too low' claim?) and would you recommend (in addition to getting more RAM!) that I dial it down it manually? FYI: 'pagefile' is something I know nothing about... have just now starting googling it to try and start getting half-a-clue.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:28 PM

Posted 23 October 2011 - 10:19 PM

Your priority is to get more RAM.
Pagefile, or so called "virtual memory" is a part of hard drive, which can be set automatically by Windows, or it can be set (adjusted size) by a user, which serves as a semi-RAM.
When computer is getting low on RAM it'll use pagefile/virtual memory as a RAM substitute.
However because hard drive is much slower than RAM, pagefile can serve as RAM only temporarily. It's not good as a permanent solution.
RAM is very cheap these days. Get more RAM and your computer will fly.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Tetsab

Tetsab
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 23 October 2011 - 10:33 PM

Yeah, I'm gonna leave the page file thing alone (when I look following this all I see is a custom size with 384MB initial & 768MB max & know that I'm out of my depth & am content to just let it be) but have started looking into getting more RAM.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:28 PM

Posted 23 October 2011 - 10:55 PM

When you get more RAM you can change that setting and let Windows handle virtual memory.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Tetsab

Tetsab
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 October 2011 - 09:35 AM

Er. So I'm not at all sure what's going on here but after assuming I was clean I set about getting ready to start using my laptop like normal i.e. tidied up System Restore points, ran mildly ridiculous Windows Fix-it tool that did nothing but advise that I turn on their 'Phishing filter', and do one last AV scan in safe mode. When I did that last one it came up with more pieces of Trojan in a temp folder. Is there any chance this is the same lingering thing? Or am I really just picking up more Trojans in-between cleaning out these Temp folders?!

MiniToolBox by Farbar
Ran by MaRoo (administrator) on 24-10-2011 at 10:22:17
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : L-M

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lan



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-12-F0-6E-EB-B5

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.66

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : October 24, 2011 10:06:28 AM

Lease Expires . . . . . . . . . . : October 25, 2011 10:06:28 AM

Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.226.81, 74.125.226.82, 74.125.226.83, 74.125.226.84
74.125.226.80



Pinging google.com [74.125.226.80] with 32 bytes of data:



Reply from 74.125.226.80: bytes=32 time=17ms TTL=58

Reply from 74.125.226.80: bytes=32 time=16ms TTL=58



Ping statistics for 74.125.226.80:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 17ms, Average = 16ms

Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 67.195.160.76
72.30.2.43



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=89ms TTL=51

Reply from 72.30.2.43: bytes=32 time=87ms TTL=51



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 89ms, Average = 88ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 f0 6e eb b5 ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.66 192.168.1.66 25
192.168.1.66 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.66 192.168.1.66 25
224.0.0.0 240.0.0.0 192.168.1.66 192.168.1.66 25
255.255.255.255 255.255.255.255 192.168.1.66 192.168.1.66 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/24/2011 10:01:22 AM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\documents and settings\MaRoo\local settings\Temp\VBR58C8.dll by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged.

Risk: in File: Internet browser temporary file cache by: Manual Quarantine Scan scan. Action: Clean failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (10/24/2011 10:01:22 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\MaRoo\Local Settings\Temp\VBR58C8.dll by: Manual Quarantine Scan scan. Action: Clean was partially successful.. Action Description: Clean was partially successful.

Error: (10/24/2011 10:01:14 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\MaRoo\Local Settings\Temp\VBR58C8.dll by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged.

Error: (10/24/2011 10:00:32 AM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\documents and settings\MaRoo\local settings\Temp\VBRBC6C.dll by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged.

Risk: in File: Internet browser temporary file cache by: Manual Quarantine Scan scan. Action: Clean failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (10/24/2011 10:00:32 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\MaRoo\Local Settings\Temp\VBRBC6C.dll by: Manual Quarantine Scan scan. Action: Clean was partially successful.. Action Description: Clean was partially successful.

Error: (10/24/2011 10:00:23 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\MaRoo\Local Settings\Temp\VBRBC6C.dll by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged.

Error: (10/23/2011 07:31:02 PM) (Source: WLANKEEPER) (User: )
Description: Failed to start serviceERROR=1063

Error: (10/23/2011 07:24:18 PM) (Source: Symantec AntiVirus) (User: MaRoo)MaRoo
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\MaRoo\Desktop\TFC.exe (PID 3792)
Time: October 23, 2011 7:24:18 PM

Error: (10/23/2011 07:24:18 PM) (Source: Symantec AntiVirus) (User: MaRoo)MaRoo
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\MaRoo\Desktop\TFC.exe (PID 3792)
Time: October 23, 2011 7:24:18 PM

Error: (10/23/2011 07:24:18 PM) (Source: Symantec AntiVirus) (User: MaRoo)MaRoo
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\MaRoo\Desktop\TFC.exe (PID 3792)
Time: October 23, 2011 7:24:18 PM


System errors:
=============
Error: (10/24/2011 10:13:52 AM) (Source: DCOM) (User: MaRoo)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/24/2011 10:12:53 AM) (Source: DCOM) (User: MaRoo)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (10/24/2011 10:12:26 AM) (Source: DCOM) (User: MaRoo)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (10/24/2011 10:02:23 AM) (Source: DCOM) (User: MaRoo)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (10/24/2011 10:01:28 AM) (Source: DCOM) (User: MaRoo)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (10/24/2011 01:06:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
APPDRV
eeCtrl
Fips
intelppm
SASDIFSV
SASKUTIL
SAVRT
SAVRTPEL
SPBBCDrv
SYMTDI

Error: (10/24/2011 01:05:46 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/24/2011 01:05:32 AM) (Source: 0) (User: )
Description: Broadcom 440x 10/100 Integrated Controller

Error: (10/23/2011 11:54:23 PM) (Source: 0) (User: )
Description: Broadcom 440x 10/100 Integrated Controller

Error: (10/23/2011 07:35:02 PM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.


Microsoft Office Sessions:
=========================
Error: (10/24/2011 10:01:22 AM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\documents and settings\MaRoo\local settings\Temp\VBR58C8.dll by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged.

Risk: in File: Internet browser temporary file cache by: Manual Quarantine Scan scan. Action: Clean failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (10/24/2011 10:01:22 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\MaRoo\Local Settings\Temp\VBR58C8.dll by: Manual Quarantine Scan scan. Action: Clean was partially successful.. Action Description: Clean was partially successful.

Error: (10/24/2011 10:01:14 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\MaRoo\Local Settings\Temp\VBR58C8.dll by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged.

Error: (10/24/2011 10:00:32 AM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan Horse in File: c:\documents and settings\MaRoo\local settings\Temp\VBRBC6C.dll by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged.

Risk: in File: Internet browser temporary file cache by: Manual Quarantine Scan scan. Action: Clean failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (10/24/2011 10:00:32 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\MaRoo\Local Settings\Temp\VBRBC6C.dll by: Manual Quarantine Scan scan. Action: Clean was partially successful.. Action Description: Clean was partially successful.

Error: (10/24/2011 10:00:23 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan Horse in File: C:\Documents and Settings\MaRoo\Local Settings\Temp\VBRBC6C.dll by: Manual Quarantine Scan scan. Action: Clean failed. Action Description: The file was left unchanged.

Error: (10/23/2011 07:31:02 PM) (Source: WLANKEEPER)(User: )
Description: Failed to start serviceERROR=1063

Error: (10/23/2011 07:24:18 PM) (Source: Symantec AntiVirus)(User: MaRoo)MaRoo
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\MaRoo\Desktop\TFC.exe (PID 3792)
Time: October 23, 2011 7:24:18 PM

Error: (10/23/2011 07:24:18 PM) (Source: Symantec AntiVirus)(User: MaRoo)MaRoo
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\MaRoo\Desktop\TFC.exe (PID 3792)
Time: October 23, 2011 7:24:18 PM

Error: (10/23/2011 07:24:18 PM) (Source: Symantec AntiVirus)(User: MaRoo)MaRoo
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\MaRoo\Desktop\TFC.exe (PID 3792)
Time: October 23, 2011 7:24:18 PM


=========================== Installed Programs ============================

Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe PhotoDeluxe 2.0
Adobe Reader 9.1.3 (Version: 9.1.3)
AiO_Scan (Version: 47.0.1.000)
ALPS Touch Pad Driver
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5145)
ATI Display Driver (Version: 8.123-050405a-022874C-Dell)
BookDB2
Broadcom Management Programs 2 (Version: 7.82.01)
C-Pen
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant D480 MDC V.9x Modem
Core FTP LE 1.3c
Dell Driver Reset Tool (Version: 1.02.0000)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Line Detect (Version: 1.10)
Digital Voice Recorder (Version: 3.02.7000)
ESET Online Scanner v3
FlashWorks
Flickr Uploadr 2.5.0.15
HP Image Zone 4.7 (Version: 4.7)
HP PSC & OfficeJet 4.7
Intel PROSet Wireless (Version: 9.00.0000)
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000)
Internal Network Card Power Management (Version: 1.7.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Keyman Package - Ezra SIL Unicode 2.4
Keyman Package - GreekClassical
LiveUpdate 3.0 (Symantec Corporation) (Version: 3.0.0.160)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MemoryLifter (Version: 2.1.0)
Messageware AttachView Add-in for Saving Files
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Modem Helper (Version: 2.31)
Mozilla Firefox (3.6.23) (Version: 3.6.23 (en-GB))
Mozilla Thunderbird (2.0.0.24) (Version: 2.0.0.24 (en-US))
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWlsSafe (Version: 9.00.0000)
NetWaiting (Version: 2.5.15)
PDFCreator (Version: 0.9.8)
PowerDVD 5.5
PuTTY version 0.56
QFolder (Version: 1.00.0000)
QuickSet (Version: 3.9.4)
QuickTime
Recipe Manager (Version: 1.2.0)
Scan (Version: 4.5.0.0)
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Semagic (remove only)
Simple Concordance Program 4.07 (Version: 4.07)
SpywareBlaster 4.4 (Version: 4.4.0)
StudioTax 2010 (Version: 6.0.5.2)
SUPERAntiSpyware (Version: 4.54.1000)
Symantec AntiVirus (Version: 10.1.401.0)
Tavultesoft Keyman 6.0
TekniaGreek
WavePad Uninstall
WebFldrs XP (Version: 9.50.7523)
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WordBase3 (Version: 3.2.0)
WordPerfect Office 11 (Version: 11.0)

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 255.23 MB
Available physical RAM: 163.61 MB
Total Pagefile: 618.07 MB
Available Pagefile: 536.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.66 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:34.04 GB) (Free:11.27 GB) NTFS

========================= Users: ========================================

User accounts for \\L-M

Administrator Guest HelpAssistant
MaRoo SUPPORT_388945a0


**** End of log ****



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:28 PM

Posted 24 October 2011 - 10:42 AM

When I did that last one it came up with more pieces of Trojan in a temp folder. Is there any chance this is the same lingering thing?

It's hard to say without seeing what was found.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Tetsab

Tetsab
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 October 2011 - 09:26 PM

Alright. Is there anything else you'd recommend as a sort of wrap-up or In Conclusion to all of this? Thanks.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:28 PM

Posted 24 October 2011 - 09:28 PM

Not really unless you have some particular question.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Tetsab

Tetsab
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 25 October 2011 - 08:44 AM

Not really unless you have some particular question.


Alright. Should I just give-up, reformat & re-install since I have no idea what Trojan I was infected with and therefore no idea what sort of threat it might pose and whether it might still be around? And should I consider getting a new AV program that would name the threat or are there so many of them these days that it's standard not to bother IDing them?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users