Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Dimension 8100 is sloooooow


  • This topic is locked This topic is locked
14 replies to this topic

#1 Mario51t

Mario51t

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 30 October 2011 - 03:32 AM

I've had this problem for several months: starting any program takes a very long time, 10-100 times slower than it should. Even "native" programs like Windows Explorer take 5-10 seconds and sometimes more. During this time the Processor, hard drive and network are virtually idle (I'm using SysInternals Process Explorer). At first I thought a hacker had taken over my pc and was running hidden from Process Explorer. Then I disconnected the network, but the behavior continued.

As suggested, I ruled out the following hardware problems:

- processor speed: it runs at nominal speed;
- hard drive errors: Seagate's Seatools says all's well;
- inadequate memory: commit charge is well below physical memory;
- conflicting devices: device manager is clean.

Norton does not find anything other than vanilla cookies, though a few months ago it detected and removed a rootkit attack.
I regularly run Ccleaner and defrag the hard drive, and keep it at least 20% free.

I have reinstalled the OS a couple years ago after a rootkit infection and for a while it was quite snappy for me. Since then the system is used more like a file server, I do my work on my laptop.

I know that a reinstall would fix the problem, but if it's malware I can save myself a headache and learn something to boot.
I appreciate your community service and hope to reciprocate in the future if I can find a training slot.

TIA,

Mario

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Run by Mario at 1:31:03 on 2011-10-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.144 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\utilities\Sysinternals\procexp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AutorunsDisabled - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
uRun: [StrokeIt] c:\program files\strokeit\strokeit.exe
uRun: [IDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\utilities\sysinternals\procexp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228916995957
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AFC4FEA7-01F2-4F07-B8B5-F4F70A9DDAC8} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mario\application data\mozilla\firefox\profiles\fsv64mu2.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\mario\application data\mozilla\firefox\profiles\fsv64mu2.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-18 47640]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-7 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20111026.030\IDSXpx86.sys [2011-10-27 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20111027.002\NAVENG.SYS [2011-10-27 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20111027.002\NAVEX15.SYS [2011-10-27 1576312]
S3 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2011-4-24 153032]
S3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2008-8-24 87616]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== File Associations ===============
.
.reg=
.
=============== Created Last 30 ================
.
2011-10-29 05:34:06 -------- d-----w- c:\program files\CPU Speed Pro
2011-10-13 05:53:32 -------- d-----w- c:\program files\Seagate
2011-10-01 02:12:57 15649752 ----a-w- c:\program files\mozilla firefox\xul.dll
.
==================== Find3M ====================
.
2011-10-08 02:44:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-08 02:44:12 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-08 02:44:11 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-08 02:44:10 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 1:32:06.40 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-30 04:06:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L060AVER07-0 rev.ER6OA41A
Running: gmer.exe; Driver: C:\DOCUME~1\Mario\LOCALS~1\Temp\pwtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 828070E0 ZwAlertResumeThread
SSDT 828073F8 ZwAlertThread
SSDT 8288EC98 ZwAllocateVirtualMemory
SSDT 828037D8 ZwAssignProcessToJobObject
SSDT 8270B098 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF69ED210]
SSDT 824575E8 ZwCreateMutant
SSDT 827E4E70 ZwCreateSymbolicLinkObject
SSDT 82B6B378 ZwCreateThread
SSDT 82803A10 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF69ED490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF69ED9F0]
SSDT 82A3EA08 ZwDuplicateObject
SSDT 8270C608 ZwFreeVirtualMemory
SSDT 82806630 ZwImpersonateAnonymousToken
SSDT 82806B38 ZwImpersonateThread
SSDT 826A31F0 ZwLoadDriver
SSDT 82890898 ZwMapViewOfSection
SSDT 828060D0 ZwOpenEvent
SSDT 828A2288 ZwOpenProcess
SSDT 8280A170 ZwOpenProcessToken
SSDT 82803008 ZwOpenSection
SSDT 8289B520 ZwOpenThread
SSDT 827EE488 ZwProtectVirtualMemory
SSDT 82807628 ZwResumeThread
SSDT 828090F8 ZwSetContextThread
SSDT 82958E40 ZwSetInformationProcess
SSDT 82803BA8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF69EDC40]
SSDT 82804510 ZwSuspendProcess
SSDT 82807D00 ZwSuspendThread
SSDT 8280A788 ZwTerminateProcess
SSDT 82808180 ZwTerminateThread
SSDT 828095B0 ZwUnmapViewOfSection
SSDT 8286E4F0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 81 804E26ED 3 Bytes [73, 80, 82]
.text ntoskrnl.exe!_abnormal_termination + F8 804E2764 1 Byte [E8]
.text ntoskrnl.exe!_abnormal_termination + F8 804E2764 4 Bytes CALL 99D06CDE
.text ntoskrnl.exe!_abnormal_termination + 15C 804E27C8 4 Bytes JMP E98382A3
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP111.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Mario\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011DFAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2964] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 0135F855 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 AM

Posted 04 November 2011 - 03:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425616 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 AM

Posted 04 November 2011 - 10:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:8074 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#4 Mario51t

Mario51t
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 05 November 2011 - 10:15 PM

Here are the logs: new DDS/attach and ark logs as requested by HelpBot, plus MalwareBytes and SecurityCheck logs as requested by nasdaq. I've also removed all proxy settings per last reply. The problem is still there, with something new: now I get 20%-90% cpu utilization by interrupts whenever the computer is doing anything. This could explain why it's so slow, but its slowness was present also before interrupts started spiking. Here we go:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Run by Mario at 22:30:52 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.130 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\utilities\Sysinternals\procexp.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AutorunsDisabled - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
uRun: [StrokeIt] c:\program files\strokeit\strokeit.exe
uRun: [IDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\utilities\sysinternals\procexp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228916995957
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AFC4FEA7-01F2-4F07-B8B5-F4F70A9DDAC8} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mario\application data\mozilla\firefox\profiles\fsv64mu2.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\mario\application data\mozilla\firefox\profiles\fsv64mu2.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - plugin: c:\documents and settings\mario\application data\mozilla\firefox\profiles\fsv64mu2.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-11-4 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-11-4 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20111027.001\BHDrvx86.sys [2011-11-4 818808]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-11-4 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-11-4 116784]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-18 47640]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-11-4 126400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-7 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20111103.030\IDSXpx86.sys [2011-11-4 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20111104.002\NAVENG.SYS [2011-11-4 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20111104.002\NAVEX15.SYS [2011-11-4 1576312]
S3 cpuz132;cpuz132;\??\c:\docume~1\mario\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\mario\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2011-4-24 153032]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2008-8-24 87616]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== File Associations ===============
.
.reg=
.
=============== Created Last 30 ================
.
2011-11-04 18:08:21 -------- d-----w- c:\documents and settings\mario\application data\Malwarebytes
2011-11-04 18:06:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-04 18:06:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 18:06:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 17:28:26 340088 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys
2011-11-04 17:28:25 362360 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\symtdi.sys
2011-11-04 17:28:25 173176 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\symefa.sys
2011-11-04 17:28:24 43696 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\srtspx.sys
2011-11-04 17:28:24 328752 ----a-r- c:\windows\system32\drivers\n360\0404000.00c\symds.sys
2011-11-04 17:28:23 325680 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\srtsp.sys
2011-11-04 17:28:23 116784 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys
2011-11-04 17:28:22 485512 ----a-w- c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys
2011-11-04 17:25:45 -------- d-----w- c:\windows\system32\drivers\n360\0404000.00C
2011-11-03 18:48:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 05:34:06 -------- d-----w- c:\program files\CPU Speed Pro
2011-10-13 05:53:32 -------- d-----w- c:\program files\Seagate
.
==================== Find3M ====================
.
2011-10-08 02:44:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-08 02:44:12 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-08 02:44:11 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-08 02:44:10 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 22:32:30.54 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2008 9:09:51 PM
System Uptime: 11/4/2011 8:18:11 PM (26 hours ago)
.
Motherboard: Dell Computer Corporation | | Dimension 8100
Processor: Intel® Pentium® 4 CPU 1700MHz | Microprocessor | 1694/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 16.599 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1056: 9/6/2011 2:16:33 AM - System Checkpoint
RP1057: 9/7/2011 3:00:25 AM - Software Distribution Service 3.0
RP1058: 9/8/2011 3:25:10 AM - System Checkpoint
RP1059: 9/9/2011 4:25:08 AM - System Checkpoint
RP1060: 9/10/2011 5:25:13 AM - System Checkpoint
RP1061: 9/11/2011 5:26:16 AM - System Checkpoint
RP1062: 9/12/2011 6:25:12 AM - System Checkpoint
RP1063: 9/13/2011 7:25:09 AM - System Checkpoint
RP1064: 9/14/2011 8:25:11 AM - System Checkpoint
RP1065: 9/15/2011 9:25:26 AM - System Checkpoint
RP1066: 9/16/2011 2:41:10 AM - Software Distribution Service 3.0
RP1067: 9/17/2011 2:42:47 AM - System Checkpoint
RP1068: 9/18/2011 3:42:47 AM - System Checkpoint
RP1069: 9/19/2011 4:45:03 AM - System Checkpoint
RP1070: 9/20/2011 5:42:48 AM - System Checkpoint
RP1071: 9/21/2011 6:42:48 AM - System Checkpoint
RP1072: 9/22/2011 6:43:04 AM - System Checkpoint
RP1073: 9/23/2011 7:42:58 AM - System Checkpoint
RP1074: 9/24/2011 8:44:39 AM - System Checkpoint
RP1075: 9/25/2011 9:44:11 AM - System Checkpoint
RP1076: 9/26/2011 10:43:09 AM - System Checkpoint
RP1077: 9/27/2011 11:19:38 AM - System Checkpoint
RP1078: 9/28/2011 11:43:12 AM - System Checkpoint
RP1079: 9/29/2011 3:00:32 AM - Software Distribution Service 3.0
RP1080: 9/30/2011 3:43:26 AM - System Checkpoint
RP1081: 10/1/2011 4:43:26 AM - System Checkpoint
RP1082: 10/2/2011 5:43:25 AM - System Checkpoint
RP1083: 10/3/2011 6:47:43 AM - System Checkpoint
RP1084: 10/4/2011 7:43:26 AM - System Checkpoint
RP1085: 10/5/2011 8:43:23 AM - System Checkpoint
RP1086: 10/6/2011 8:43:45 AM - System Checkpoint
RP1087: 10/7/2011 9:43:54 AM - System Checkpoint
RP1088: 10/8/2011 10:43:54 AM - System Checkpoint
RP1089: 10/9/2011 11:43:52 AM - System Checkpoint
RP1090: 10/10/2011 12:58:46 AM - Printer Driver LogMeIn Printer Driver Installed
RP1091: 10/11/2011 1:43:46 AM - System Checkpoint
RP1092: 10/12/2011 2:45:36 AM - System Checkpoint
RP1093: 10/12/2011 7:30:07 PM - Software Distribution Service 3.0
RP1094: 10/13/2011 1:51:22 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP1095: 10/13/2011 1:53:29 AM - Installed SeaTools for Windows
RP1096: 10/14/2011 2:15:34 AM - System Checkpoint
RP1097: 10/14/2011 3:00:23 AM - Software Distribution Service 3.0
RP1098: 10/15/2011 3:15:36 AM - System Checkpoint
RP1099: 10/16/2011 3:16:40 AM - System Checkpoint
RP1100: 10/17/2011 5:32:59 AM - System Checkpoint
RP1101: 10/18/2011 6:15:38 AM - System Checkpoint
RP1102: 10/19/2011 7:15:29 AM - System Checkpoint
RP1103: 10/20/2011 7:15:52 AM - System Checkpoint
RP1104: 10/21/2011 8:16:01 AM - System Checkpoint
RP1105: 10/22/2011 9:15:58 AM - System Checkpoint
RP1106: 10/23/2011 10:16:01 AM - System Checkpoint
RP1107: 10/24/2011 11:16:02 AM - System Checkpoint
RP1108: 10/25/2011 12:16:03 PM - System Checkpoint
RP1109: 10/26/2011 1:16:02 PM - System Checkpoint
RP1110: 10/27/2011 1:16:14 PM - System Checkpoint
RP1111: 10/28/2011 2:16:19 PM - System Checkpoint
RP1112: 10/29/2011 1:46:33 AM - Removed SeaTools for Windows
RP1113: 10/30/2011 2:18:19 AM - System Checkpoint
RP1114: 10/31/2011 6:11:14 AM - System Checkpoint
RP1115: 11/1/2011 7:14:35 AM - System Checkpoint
RP1116: 11/3/2011 2:36:18 AM - System Checkpoint
RP1117: 11/3/2011 2:55:29 PM - Installed Adobe Flash Player 10 ActiveX.
RP1118: 11/4/2011 4:47:45 PM - System Checkpoint
RP1119: 11/5/2011 5:24:58 PM - System Checkpoint
.
==== Installed Programs ======================
.
Add-ons
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Reader 9.1.3
Adobe SVG Viewer
Advanced Network Diagramming
Advanced Network Diagramming Help
Advanced Network Diagramming Samples
Apple Application Support
Apple Software Update
Audacity 1.2.6
Block Diagrams
Block Diagrams Help
Block Diagrams Samples
Borders and Backgrounds
Borders and Backgrounds Help
CAD Drawing Display
CAD Drawing Display Samples
Callouts and Connectors
Callouts and Connectors Help
CCleaner (remove only)
Clip Art and Symbols
Clip Art and Symbols Help
Custom Properties Editor
Database Design
Database Design Help
Database Design Samples
Database Wizard
Database Wizard Samples
Defraggler
Developing Visio Solutions Help
Diablo II
Directory Services
Directory Services Help
Directory Services Samples
EPSON TWAIN 5
Flowcharts
Flowcharts Help
Flowcharts Samples
Forms and Charts
Forms and Charts Help
Forms and Charts Samples
FreeFileSync v3.6
Graphics Filters
Help for Visio 2000 (HTML Help)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows XP (KB954550-v5)
hp officejet 4100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 4100 series
IDrive version 3.4.0 April 21, 2011
Internet Diagrams
Internet Diagrams Help
Internet Diagrams Samples
Java™ 6 Update 14
Jigsaw Mania
LAME v3.98.2 for Audacity
LogMeIn
Malwarebytes' Anti-Malware version 1.51.2.1300
Maps
Maps Help
Maps Samples
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio 2000
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Service Pack 3
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 6.0 Parser (KB933579)
Network Diagrams
Network Diagrams Help
Network Diagrams Samples
Norton Security Suite
Office Layout
Office Layout Help
Office Layout Samples
OGA Notifier 2.0.0048.0
Online Documentation
Organization Charts
Organization Charts Help
Organization Charts Samples
Page Layout Wizard
Picasa 3
Program Files
Program Files Help
Program Files Professional
Program Files Professional Help
Project Schedules
Project Schedules Help
Project Schedules Samples
Property Reporting Wizard
QuickTime
Release Notes
Release Notes Professional
Sample Drawings
Save as HTML
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows XP (KB923789)
Shape Explorer
Shape Explorer Help
Skype™ 5.3
SmartShape Wizard
Software Design
Software Design Help
Software Design Samples
Solutions
Speccy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
StarCraft
StrokeIt (remove only)
UML Specification
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
VBA
Visio
Visio Core Files
Visual C++ 2008 Runtime (x86)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/4/2011 8:21:44 PM, error: RemoteAccess [20151] - The Control Protocol IPCP in the Point to Point Protocol module (unknown) returned an error while initializing. A device attached to the system is not functioning.
11/4/2011 10:14:25 PM, error: System Error [1003] - Error code 100000d1, parameter1 0000000c, parameter2 0000000d, parameter3 00000001, parameter4 f8afb5f7.
10/30/2011 1:40:30 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
10/30/2011 1:40:07 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/29/2011 6:44:49 PM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
10/29/2011 6:44:49 PM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
10/29/2011 6:44:35 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-05 03:51:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L060AVER07-0 rev.ER6OA41A
Running: gmer.exe; Driver: C:\DOCUME~1\Mario\LOCALS~1\Temp\pwtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 82A2E2C0 ZwAlertResumeThread
SSDT 828FC210 ZwAlertThread
SSDT 828562E8 ZwAllocateVirtualMemory
SSDT 82AAB4D8 ZwAssignProcessToJobObject
SSDT 823326E8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF3235210]
SSDT 82A78610 ZwCreateMutant
SSDT 82901F80 ZwCreateSymbolicLinkObject
SSDT 82B1F1C8 ZwCreateThread
SSDT 828F8A08 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF3235490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF32359F0]
SSDT 828AD2A0 ZwDuplicateObject
SSDT 82A67408 ZwFreeVirtualMemory
SSDT 82AB11A8 ZwImpersonateAnonymousToken
SSDT 82B29C98 ZwImpersonateThread
SSDT 82A42A28 ZwLoadDriver
SSDT 828D6130 ZwMapViewOfSection
SSDT 828CAD68 ZwOpenEvent
SSDT 8283B9C0 ZwOpenProcess
SSDT 82B27940 ZwOpenProcessToken
SSDT 82931290 ZwOpenSection
SSDT 8297F720 ZwOpenThread
SSDT 82916220 ZwProtectVirtualMemory
SSDT 829AFCB0 ZwResumeThread
SSDT 828E1FA0 ZwSetContextThread
SSDT 82A50500 ZwSetInformationProcess
SSDT 82A094C0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3235C40]
SSDT 82826280 ZwSuspendProcess
SSDT 82B24550 ZwSuspendThread
SSDT 82992CA0 ZwTerminateProcess
SSDT 828905B0 ZwTerminateThread
SSDT 8286E1A0 ZwUnmapViewOfSection
SSDT 82A877B8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 90 804E26FC 4 Bytes CALL EFD0AC63
.text ntoskrnl.exe!_abnormal_termination + C8 804E2734 4 Bytes CALL 86D05A5F
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP111.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


-------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8084

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/4/2011 2:32:51 PM
mbam-log-2011-11-04 (14-32-51).txt

Scan type: Quick scan
Objects scanned: 176426
Time elapsed: 19 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 14
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
All Users Documents Computer Malware\SecurityCheck.exe
``````````End of Log````````````

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 AM

Posted 06 November 2011 - 09:23 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===


Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 14

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Please post the ComboFix log and let me know if the problem persists.

#6 Mario51t

Mario51t
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 06 November 2011 - 10:20 PM

Updated Java, but not Flash Player: tried several times and failed. Apparently my computer does not support version 11. Here's the combofix log:

ComboFix 11-11-06.02 - Mario 11/06/2011 19:08:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.78 [GMT -5:00]
Running from: c:\documents and settings\All Users\Documents\Computer\Malware\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to procexp.exe.lnk
c:\documents and settings\Mario\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Center.lnk
c:\documents and settings\Mario\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-04 18:08 . 2011-11-04 18:08 -------- d-----w- c:\documents and settings\Mario\Application Data\Malwarebytes
2011-11-04 18:06 . 2011-11-04 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-04 18:06 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 18:06 . 2011-11-04 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 17:25 . 2011-11-05 00:19 -------- d-----w- c:\windows\system32\drivers\N360\0404000.00C
2011-11-03 18:48 . 2011-11-03 18:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 05:34 . 2011-10-29 05:45 -------- d-----w- c:\program files\CPU Speed Pro
2011-10-13 05:53 . 2011-10-13 05:53 -------- d-----w- c:\program files\Seagate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-08 02:44 . 2008-11-18 06:51 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-08 02:44 . 2008-11-18 06:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-08 02:44 . 2008-11-18 06:51 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-08 02:44 . 2008-11-18 06:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 02:13 . 2011-10-01 02:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="c:\program files\Strokeit\strokeit.exe" [2005-02-17 21504]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2011-04-21 193992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
.
c:\documents and settings\Marco\Start Menu\Programs\Startup\
Strokeit.lnk - c:\program files\Strokeit\strokeit.exe [2005-2-17 21504]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-08 02:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp officejet 4100 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk
backup=c:\windows\pss\hp officejet 4100 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [2011-04-08 153032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2010-09-16 87616]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS [2011-08-22 173176]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111027.001\BHDrvx86.sys [2011-10-14 818808]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [2011-08-04 485512]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [2010-04-29 116784]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-11-18 12856]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-31 105592]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111104.030\IDSxpx86.sys [2011-08-10 356280]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP111
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Mario\Application Data\Mozilla\Firefox\Profiles\fsv64mu2.default\
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.reg=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 19:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\LMIinit.dll
.
Completion time: 2011-11-06 19:31:20
ComboFix-quarantined-files.txt 2011-11-07 00:31
.
Pre-Run: 17,269,915,648 bytes free
Post-Run: 17,396,068,352 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - ABE2672E33145A5AF5CA50471180E4E9

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 AM

Posted 07 November 2011 - 08:29 AM

Flash Player: tried several times and failed. Apparently my computer does not support version 11


Try again. Make sure you select the proper operating system before you start the download.

If it fails to install what error message to you see.
==

Your log is clean. Other than the Flash issue and other problems?

#8 Mario51t

Mario51t
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 09 November 2011 - 02:38 PM

Tried again and installed Flash Player 11 successfully.

I gather from your comment above that my pc is free from malware. Thank you.

However, the pc is still very slow and spending up to 90% on interrupts. Do you have any suggestions on where to go from here?

Mario

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 AM

Posted 10 November 2011 - 08:54 AM

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 AM

Posted 04 December 2011 - 09:37 AM

Topic re opened.

#11 Mario51t

Mario51t
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 05 December 2011 - 02:45 AM

Thank you. Here are the requested logs.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-03 12:37:29
-----------------------------
12:37:29.597 OS Version: Windows 5.1.2600 Service Pack 3
12:37:29.597 Number of processors: 1 586 0xA
12:37:29.597 ComputerName: MSERV3 UserName: Mario
12:37:37.408 Initialize success
12:38:18.477 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:38:18.507 Disk 0 Vendor: IC35L060AVER07-0 ER6OA41A Size: 57220MB BusType: 3
12:38:18.547 Disk 0 MBR read successfully
12:38:18.547 Disk 0 MBR scan
12:38:18.547 Disk 0 Windows XP default MBR code
12:38:18.557 Disk 0 scanning sectors +117162045
12:38:18.677 Disk 0 scanning C:\WINDOWS\system32\drivers
12:39:26.525 Service scanning
12:39:36.309 Modules scanning
12:40:59.689 Disk 0 trace - called modules:
12:40:59.909 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
12:40:59.909 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82bceab8]
12:40:59.939 3 CLASSPNP.SYS[f8bf0fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82bac030]
12:40:59.939 Scan finished successfully
12:49:54.458 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mario\Desktop\MBR.dat"
12:49:54.538 The log file has been saved successfully to "C:\Documents and Settings\Mario\Desktop\aswMBR.txt"

12:52:19.0136 2044 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:52:21.0149 2044 ============================================================
12:52:21.0149 2044 Current date / time: 2011/12/03 12:52:21.0149
12:52:21.0149 2044 SystemInfo:
12:52:21.0149 2044
12:52:21.0149 2044 OS Version: 5.1.2600 ServicePack: 3.0
12:52:21.0149 2044 Product type: Workstation
12:52:21.0149 2044 ComputerName: MSERV3
12:52:21.0149 2044 UserName: Mario
12:52:21.0149 2044 Windows directory: C:\WINDOWS
12:52:21.0149 2044 System windows directory: C:\WINDOWS
12:52:21.0149 2044 Processor architecture: Intel x86
12:52:21.0149 2044 Number of processors: 1
12:52:21.0149 2044 Page size: 0x1000
12:52:21.0149 2044 Boot type: Normal boot
12:52:21.0149 2044 ============================================================
12:52:28.0940 2044 Initialize success
12:52:50.0090 2428 ============================================================
12:52:50.0090 2428 Scan started
12:52:50.0090 2428 Mode: Manual;
12:52:50.0090 2428 ============================================================
12:52:51.0462 2428 Abiosdsk - ok
12:52:52.0103 2428 abp480n5 - ok
12:52:52.0914 2428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:52:53.0155 2428 ACPI - ok
12:52:53.0756 2428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:52:53.0886 2428 ACPIEC - ok
12:52:54.0737 2428 adpu160m - ok
12:52:55.0578 2428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:52:55.0648 2428 aec - ok
12:52:56.0530 2428 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:52:56.0710 2428 AFD - ok
12:52:57.0591 2428 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:52:57.0601 2428 agp440 - ok
12:52:58.0312 2428 Aha154x - ok
12:52:59.0043 2428 aic78u2 - ok
12:52:59.0554 2428 aic78xx - ok
12:53:00.0385 2428 AliIde - ok
12:53:00.0856 2428 amsint - ok
12:53:01.0407 2428 asc - ok
12:53:02.0188 2428 asc3350p - ok
12:53:02.0809 2428 asc3550 - ok
12:53:03.0780 2428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:53:03.0880 2428 AsyncMac - ok
12:53:04.0301 2428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:53:04.0301 2428 atapi - ok
12:53:04.0821 2428 Atdisk - ok
12:53:05.0542 2428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:53:05.0693 2428 Atmarpc - ok
12:53:06.0454 2428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:53:06.0454 2428 audstub - ok
12:53:07.0045 2428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:53:07.0115 2428 Beep - ok
12:53:08.0597 2428 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
12:53:09.0278 2428 BHDrvx86 - ok
12:53:09.0678 2428 catchme - ok
12:53:10.0490 2428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:53:10.0570 2428 cbidf2k - ok
12:53:11.0371 2428 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:53:11.0371 2428 CCDECODE - ok
12:53:12.0342 2428 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys
12:53:12.0613 2428 ccHP - ok
12:53:13.0384 2428 cd20xrnt - ok
12:53:14.0145 2428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:53:14.0235 2428 Cdaudio - ok
12:53:14.0976 2428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:53:15.0066 2428 Cdfs - ok
12:53:15.0637 2428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:53:15.0697 2428 Cdrom - ok
12:53:16.0268 2428 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
12:53:16.0538 2428 cercsr6 - ok
12:53:17.0049 2428 CmdIde - ok
12:53:17.0830 2428 Cpqarray - ok
12:53:18.0271 2428 cpuz132 - ok
12:53:19.0142 2428 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
12:53:19.0232 2428 ctljystk - ok
12:53:19.0623 2428 dac2w2k - ok
12:53:20.0394 2428 dac960nt - ok
12:53:21.0255 2428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:53:21.0335 2428 Disk - ok
12:53:22.0407 2428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:53:22.0958 2428 dmboot - ok
12:53:23.0689 2428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:53:23.0869 2428 dmio - ok
12:53:24.0680 2428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:53:24.0690 2428 dmload - ok
12:53:25.0351 2428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:53:25.0441 2428 DMusic - ok
12:53:26.0262 2428 dpti2o - ok
12:53:26.0653 2428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:53:26.0773 2428 drmkaud - ok
12:53:27.0374 2428 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:53:27.0624 2428 eeCtrl - ok
12:53:28.0556 2428 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
12:53:28.0636 2428 EL90XBC - ok
12:53:29.0587 2428 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
12:53:29.0807 2428 emu10k - ok
12:53:30.0719 2428 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
12:53:30.0789 2428 emu10k1 - ok
12:53:31.0279 2428 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:53:31.0380 2428 EraserUtilRebootDrv - ok
12:53:32.0181 2428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:53:32.0261 2428 Fastfat - ok
12:53:33.0172 2428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:53:33.0322 2428 Fdc - ok
12:53:34.0284 2428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:53:34.0344 2428 Fips - ok
12:53:34.0875 2428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:53:34.0945 2428 Flpydisk - ok
12:53:35.0866 2428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:53:36.0046 2428 FltMgr - ok
12:53:37.0018 2428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:53:37.0018 2428 Fs_Rec - ok
12:53:37.0859 2428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:53:38.0029 2428 Ftdisk - ok
12:53:39.0001 2428 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:53:39.0081 2428 gameenum - ok
12:53:40.0172 2428 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:53:40.0182 2428 GEARAspiWDM - ok
12:53:40.0943 2428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:53:41.0023 2428 Gpc - ok
12:53:42.0115 2428 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:53:42.0185 2428 HidUsb - ok
12:53:43.0086 2428 hpn - ok
12:53:43.0908 2428 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:53:44.0058 2428 HPZid412 - ok
12:53:44.0869 2428 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:53:44.0939 2428 HPZipr12 - ok
12:53:45.0790 2428 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:53:45.0890 2428 HPZius12 - ok
12:53:46.0561 2428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:53:46.0712 2428 HTTP - ok
12:53:47.0563 2428 i2omp - ok
12:53:48.0725 2428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:53:48.0785 2428 i8042prt - ok
12:53:49.0826 2428 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\WINDOWS\system32\Drivers\Icam4USB.sys
12:53:49.0976 2428 Icam4USB - ok
12:53:52.0039 2428 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111124.030\IDSxpx86.sys
12:53:52.0610 2428 IDSxpx86 - ok
12:53:54.0222 2428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:53:54.0483 2428 Imapi - ok
12:53:55.0324 2428 ini910u - ok
12:53:56.0556 2428 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:53:56.0626 2428 IntelIde - ok
12:53:57.0848 2428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:53:57.0898 2428 Ip6Fw - ok
12:53:59.0240 2428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:53:59.0450 2428 IpFilterDriver - ok
12:54:00.0642 2428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:54:00.0732 2428 IpInIp - ok
12:54:01.0944 2428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:54:02.0094 2428 IpNat - ok
12:54:03.0095 2428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:54:03.0195 2428 IPSec - ok
12:54:04.0657 2428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:54:04.0728 2428 IRENUM - ok
12:54:06.0009 2428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:54:06.0069 2428 isapnp - ok
12:54:07.0321 2428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:54:07.0381 2428 Kbdclass - ok
12:54:08.0803 2428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:54:09.0024 2428 kmixer - ok
12:54:10.0225 2428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:54:10.0406 2428 KSecDD - ok
12:54:11.0467 2428 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
12:54:11.0607 2428 LMIInfo - ok
12:54:13.0070 2428 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:54:13.0120 2428 lmimirr - ok
12:54:13.0881 2428 LMIRfsClientNP - ok
12:54:15.0283 2428 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:54:15.0353 2428 LMIRfsDriver - ok
12:54:16.0434 2428 MBAMSwissArmy - ok
12:54:17.0756 2428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:54:17.0806 2428 mnmdd - ok
12:54:19.0569 2428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:54:19.0699 2428 Modem - ok
12:54:21.0011 2428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:54:21.0121 2428 Mouclass - ok
12:54:22.0243 2428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:54:22.0263 2428 mouhid - ok
12:54:23.0735 2428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:54:23.0825 2428 MountMgr - ok
12:54:24.0656 2428 mraid35x - ok
12:54:25.0818 2428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:54:26.0289 2428 MRxDAV - ok
12:54:27.0691 2428 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:54:28.0111 2428 MRxSmb - ok
12:54:29.0273 2428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:54:29.0423 2428 Msfs - ok
12:54:30.0254 2428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:54:30.0455 2428 MSKSSRV - ok
12:54:31.0426 2428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:54:31.0596 2428 MSPCLOCK - ok
12:54:32.0347 2428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:54:32.0608 2428 MSPQM - ok
12:54:33.0329 2428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:54:33.0399 2428 mssmbios - ok
12:54:34.0500 2428 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:54:34.0601 2428 MSTEE - ok
12:54:35.0622 2428 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:54:35.0952 2428 Mup - ok
12:54:36.0734 2428 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:54:37.0034 2428 NABTSFEC - ok
12:54:38.0266 2428 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111202.032\NAVENG.SYS
12:54:38.0416 2428 NAVENG - ok
12:54:40.0169 2428 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111202.032\NAVEX15.SYS
12:54:40.0850 2428 NAVEX15 - ok
12:54:41.0711 2428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:54:41.0871 2428 NDIS - ok
12:54:42.0702 2428 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:54:42.0812 2428 NdisIP - ok
12:54:43.0523 2428 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:54:43.0543 2428 NdisTapi - ok
12:54:44.0054 2428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:54:44.0064 2428 Ndisuio - ok
12:54:44.0775 2428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:54:44.0825 2428 NdisWan - ok
12:54:45.0556 2428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:54:45.0596 2428 NDProxy - ok
12:54:46.0227 2428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:54:46.0357 2428 NetBIOS - ok
12:54:46.0948 2428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:54:47.0018 2428 NetBT - ok
12:54:47.0689 2428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:54:47.0719 2428 Npfs - ok
12:54:48.0631 2428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:54:48.0931 2428 Ntfs - ok
12:54:49.0682 2428 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:54:49.0712 2428 NuidFltr - ok
12:54:50.0183 2428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:54:50.0193 2428 Null - ok
12:54:51.0655 2428 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:54:52.0616 2428 nv - ok
12:54:53.0227 2428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:54:53.0277 2428 NwlnkFlt - ok
12:54:54.0119 2428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:54:54.0199 2428 NwlnkFwd - ok
12:54:54.0890 2428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:54:54.0940 2428 Parport - ok
12:54:55.0430 2428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:54:55.0461 2428 PartMgr - ok
12:54:56.0272 2428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:54:56.0312 2428 ParVdm - ok
12:54:56.0943 2428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:54:56.0973 2428 PCI - ok
12:54:57.0353 2428 PCIDump - ok
12:54:57.0964 2428 PCIIde - ok
12:54:58.0715 2428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:54:59.0006 2428 Pcmcia - ok
12:54:59.0576 2428 perc2 - ok
12:55:00.0328 2428 perc2hib - ok
12:55:01.0429 2428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:55:01.0479 2428 PptpMiniport - ok
12:55:02.0250 2428 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:55:02.0300 2428 Processor - ok
12:55:03.0021 2428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:55:03.0102 2428 PSched - ok
12:55:03.0742 2428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:55:03.0913 2428 Ptilink - ok
12:55:04.0453 2428 ql1080 - ok
12:55:05.0144 2428 Ql10wnt - ok
12:55:05.0845 2428 ql12160 - ok
12:55:06.0336 2428 ql1240 - ok
12:55:06.0927 2428 ql1280 - ok
12:55:07.0638 2428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:55:07.0638 2428 RasAcd - ok
12:55:08.0670 2428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:55:08.0710 2428 Rasl2tp - ok
12:55:09.0771 2428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:55:09.0891 2428 RasPppoe - ok
12:55:10.0803 2428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:55:10.0943 2428 Raspti - ok
12:55:11.0964 2428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:55:12.0094 2428 Rdbss - ok
12:55:12.0785 2428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:55:12.0916 2428 RDPCDD - ok
12:55:13.0917 2428 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:55:14.0007 2428 rdpdr - ok
12:55:14.0638 2428 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:55:14.0698 2428 RDPWD - ok
12:55:15.0690 2428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:55:15.0750 2428 redbook - ok
12:55:16.0881 2428 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
12:55:17.0122 2428 RsFx0102 - ok
12:55:18.0063 2428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:55:18.0203 2428 Secdrv - ok
12:55:19.0475 2428 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:55:19.0505 2428 serenum - ok
12:55:20.0637 2428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:55:20.0707 2428 Serial - ok
12:55:22.0189 2428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:55:22.0209 2428 Sfloppy - ok
12:55:23.0301 2428 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
12:55:23.0351 2428 sfman - ok
12:55:23.0911 2428 Simbad - ok
12:55:25.0153 2428 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:55:25.0233 2428 SLIP - ok
12:55:25.0974 2428 Sparrow - ok
12:55:27.0316 2428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:55:27.0447 2428 splitter - ok
12:55:28.0488 2428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:55:28.0658 2428 sr - ok
12:55:30.0591 2428 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS
12:55:31.0442 2428 SRTSP - ok
12:55:32.0704 2428 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS
12:55:32.0824 2428 SRTSPX - ok
12:55:34.0817 2428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:55:35.0128 2428 Srv - ok
12:55:36.0309 2428 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:55:36.0369 2428 streamip - ok
12:55:37.0801 2428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:55:37.0841 2428 swenum - ok
12:55:38.0743 2428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:55:38.0853 2428 swmidi - ok
12:55:39.0754 2428 symc810 - ok
12:55:40.0656 2428 symc8xx - ok
12:55:42.0458 2428 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMDS.SYS
12:55:42.0879 2428 SymDS - ok
12:55:44.0551 2428 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMEFA.SYS
12:55:45.0162 2428 SymEFA - ok
12:55:46.0203 2428 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:55:46.0284 2428 SymEvent - ok
12:55:47.0235 2428 SymIM (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:55:47.0275 2428 SymIM - ok
12:55:47.0365 2428 SymIMMP (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:55:47.0365 2428 SymIMMP - ok
12:55:48.0677 2428 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS
12:55:48.0757 2428 SymIRON - ok
12:55:49.0889 2428 SYMTDI (be6de8fbf2df9f13a90b8b6e943871b7) C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS
12:55:50.0109 2428 SYMTDI - ok
12:55:50.0670 2428 sym_hi - ok
12:55:51.0431 2428 sym_u3 - ok
12:55:52.0332 2428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:55:52.0392 2428 sysaudio - ok
12:55:53.0214 2428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:55:53.0454 2428 Tcpip - ok
12:55:54.0075 2428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:55:54.0255 2428 TDPIPE - ok
12:55:54.0846 2428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:55:54.0896 2428 TDTCP - ok
12:55:55.0667 2428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:55:55.0707 2428 TermDD - ok
12:55:56.0318 2428 TosIde - ok
12:55:56.0809 2428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:55:56.0849 2428 Udfs - ok
12:55:57.0159 2428 ultra - ok
12:55:58.0071 2428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:55:58.0191 2428 Update - ok
12:55:59.0142 2428 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:55:59.0192 2428 usbaudio - ok
12:56:00.0784 2428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:56:00.0885 2428 usbccgp - ok
12:56:02.0327 2428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:56:02.0407 2428 usbehci - ok
12:56:03.0729 2428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:56:03.0779 2428 usbhub - ok
12:56:05.0041 2428 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:56:05.0121 2428 usbprint - ok
12:56:06.0102 2428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:56:06.0142 2428 usbscan - ok
12:56:07.0114 2428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:56:07.0184 2428 USBSTOR - ok
12:56:08.0255 2428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:56:08.0335 2428 usbuhci - ok
12:56:09.0677 2428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:56:09.0757 2428 VgaSave - ok
12:56:10.0158 2428 ViaIde - ok
12:56:11.0009 2428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:56:11.0049 2428 VolSnap - ok
12:56:11.0840 2428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:56:11.0870 2428 Wanarp - ok
12:56:12.0772 2428 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:56:13.0022 2428 Wdf01000 - ok
12:56:13.0573 2428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:56:13.0813 2428 wdmaud - ok
12:56:14.0584 2428 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:56:14.0775 2428 WpdUsb - ok
12:56:15.0405 2428 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:56:15.0436 2428 WSTCODEC - ok
12:56:16.0227 2428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:56:16.0327 2428 WudfPf - ok
12:56:17.0218 2428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:56:17.0278 2428 WudfRd - ok
12:56:17.0388 2428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:56:21.0835 2428 \Device\Harddisk0\DR0 - ok
12:56:21.0935 2428 Boot (0x1200) (8419562398f233c8a82d9acc62954e1c) \Device\Harddisk0\DR0\Partition0
12:56:22.0005 2428 \Device\Harddisk0\DR0\Partition0 - ok
12:56:22.0015 2428 ============================================================
12:56:22.0015 2428 Scan finished
12:56:22.0015 2428 ============================================================
12:56:22.0105 1816 Detected object count: 0
12:56:22.0105 1816 Actual detected object count: 0

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 AM

Posted 05 December 2011 - 09:55 AM

Nothing suspicious was found

Check for missing or corrupted operating system files.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

How is it now?

#13 Mario51t

Mario51t
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 08 December 2011 - 06:23 PM

My DVD drive was broken. I had to take one from another computer. In the process I switched the hard drive to the secondary IDE channel and that made the 90% CPU on interrupts go away. The computer is still slow, though.
Then I started sfc /scannow. It ran for about an hour and used the DVD drive quite a lot, then exited without asking to do anything. I restarted the computer and now it seems much snappier. I think the problem(s) is solved.

Thank you very much for guiding me!

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 AM

Posted 09 December 2011 - 09:17 AM

Good work.

Wait a day or two and if all is well.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 AM

Posted 15 December 2011 - 11:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users