Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start button doesn't respond a couple of seconds after login


  • This topic is locked This topic is locked
15 replies to this topic

#1 sam90

sam90

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 29 November 2011 - 05:09 PM

Sorry for the delay in posting this - back at work so not many hours at home.

This section is from my original posting in the "Am I Infected" forum (link http://www.bleepingcomputer.com/forums/topic428939.html):

System is a Dell desktop about 4yr old running Windows XP SP3 - last patches applied Sat 19 Nov. Maybe this is not related but I upgraded my zonealarm free to v10.1.065.000 on Sunday. (I am using my laptop to post this and the ZA free was also updated on this and seems to be fine.)

Problem: system boots up ok, login screen appears ok when press ctrl-alt-del, login seems to work ok (get usual selection of icons on the screen and little icons in the tasktray (right-hand side) and quick access trays (is this the correct name? - it's the one on the left-hand side next to the start button) on the taskbar.

I can start a program by moving the mouse pointer and clicking on the quick access tray, e.g. firefox and the program opens OK. However, when I move the mouse pointer back to open another program, e.g. text editor, the icon in the quick access tray doesn't "highlight" and nothing happens. Keyboard seems to continue to respond ok to most things (i.e. can type ctrl-shift-esc to open the task manager from which I can file-run and open teh cmd window from which I have been able to cd around the disks on the computer and also shutdown. In firefox, I can type ok in e.g. google and get search results. The computer doesn't respond if I press the Windows button on the keyboard or if i move the mouse pointer over the start button and click.

When I try to shutdown (using shutdown -s in cmd window), I get a message that the explorer.exe process won't finish (if I then click 'end now', the pc does eventually shut down but it is much slower than usual to shut down).

I have tried to run spybot (it is already installed on my computer and the database last updated on Sat 19 Nov) by using the cmd window but it doesn't start up. I also have MBAM installed (again database last updated on Sat 19 Nov) but I can't make that start either from the cmd window. Otherwise I have not tried to fix this problem myself. I have not tried booting into safe mode as I feel that I could make things worse if I fiddle without some expert help.

As I was able to get some google results, I have done some searches but I haven't found the right answers so I'm probably not searching for the right thing.

(the above is from the original posting)

Under cryptodan's guidance, I have run MBAM in safe mode (there was one issue identified which has been addressed). I have also run superantispyware but that didn't seem to find anything. The thread where he helped me in "Am I Infected" is
http://www.bleepingcomputer.com/forums/topic428939.html


Please find below the DDS.txt log and I have attached the attach.txt and the ark.txt logs (the ark.txt log from GMER was over 6000 lines and almost 900KB so I have had to zip it to get it to fit within the upload quota).

I was able to boot into regular windows to run the DDS and GMER programs (I did turn on the windows firewall and run defogger first). I notice that now not all of the program icons that would normally appear next to the clock actually appear (including the zonealarm icon). However, the Symantec anti-virus 'shield' icon does appear. I also get the Windows Security Center warning red shield. Other icons that don't appear include the icon for the Logitech quickcam and Brother control center (plus others). Also, the computer doesn't show all of the desktop icons straight away - it does have all of the icons in the right place but the icons don't have the right pictures - it's a temporary image like it hasn't yet retrieved the right image from the program - the computer does eventually show all the right icons (a minute or so) - it's sort of getting them a few at a time. When it's finished, the desktop all looks pretty normal with the right icons in the right place.

Even thought the zonealarm icon isn't there in the tasktray, if I go to the Windows Security Center, it tells me that the ZA firewall is running (but of course this might not be true). If I go to the Windows Firewall settings in Control Panel, it tells me that the Windows Firewall is off. The Security Center also tells me that I have no anti-virus but the Symantec shield is in the tasktray.

Also, since I reported the original problem, I now do seem to be able to click on program icons on the desktop and in the quick access tray. I haven't done anything else to fix the system apart from described above. Also, when I try to shut down, I no longer get messages saying that Windows can't end a process (though shutdown is quite slow).

Thanks in advance for any help

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Sam at 20:40:04 on 2011-11-28
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\CardScan\CardScan\CardScanAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Sam\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///F:/Internet/StartPage/index.htm
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
BHO: Snapform Viewer PlugIn for IE: {00af1458-d967-4c0e-b736-d6d010521ef5} - c:\program files\snapformviewer\viewer\bin\lib\SFVPlugInIE_x86.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [CardScanAgent] "c:\program files\cardscan\cardscan\CardScanAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all by NetXfer - c:\program files\xi\netxfer\NXAddList.html
IE: Download by NetXfer - c:\program files\xi\netxfer\NXAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.update
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://access.easyjetairline.com/vdesk/cachecleaner.cab#version=6030,2009,0514,2202
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://access.easyjetairline.com/vdesk/terminal/InstallerControl.cab#version=6030,2009,0514,2216
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260657238092
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258812347137
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 192.168.0.220
TCP: Interfaces\{BD95DAD0-EB7F-4DF5-8725-CBA7BB53C4B7} : DhcpNameServer = 192.168.0.220
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sam\application data\mozilla\firefox\profiles\xfv2qcqw.defaultff3\
FF - prefs.js: browser.startup.homepage - file:///F:/Internet/StartPage/index.htm
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPNXCatcher(Audio).dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPNXCatcher(Video).dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPNXCatcher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
.
============= SERVICES / DRIVERS ===============
.
R? gupdate;Google Update Service (gupdate)
R? NPF;NetGroup Packet Filter Driver
R? SavRoam;SavRoam
R? WDM_Capture_220A;DVB-T TV Receiver
R? WDM_Loader_220A;DVB-T TV Loader
S? !SASCORE;SAS Core Service
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? ISWKL;ZoneAlarm Toolbar ISWKL
S? IswSvc;ZoneAlarm Toolbar IswSvc
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? pbfilter;pbfilter
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Symantec AntiVirus;Symantec AntiVirus
S? Vsdatant;Vsdatant
S? vsmon;TrueVector Internet Monitor
.
=============== Created Last 30 ================
.
2011-11-27 16:51:29 -------- d-----w- c:\documents and settings\sam\application data\SUPERAntiSpyware.com
2011-11-27 16:50:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-27 16:50:37 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-20 17:41:54 -------- d-----w- c:\windows\Internet Logs
2011-11-20 17:38:07 -------- d-----w- c:\documents and settings\sam\application data\CheckPoint
2011-11-20 17:36:34 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-20 17:27:45 -------- d-----w- c:\program files\CheckPoint
2011-11-20 16:48:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-20 16:46:58 0 ----a-w- c:\windows\system32\RENC6.tmp
2011-11-20 16:46:58 0 ----a-w- c:\windows\system32\RENC5.tmp
2011-11-20 16:46:58 0 ----a-w- c:\windows\system32\RENC4.tmp
.
==================== Find3M ====================
.
2011-11-20 16:55:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 16:47:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-09-14 09:58:37 20480 ----a-w- c:\program files\common files\UninstallDrv.exe
2005-06-26 14:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 21:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2006-05-03 11:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2007-02-21 12:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 14:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2005-02-28 12:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.
============= FINISH: 20:41:41.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 PM

Posted 04 December 2011 - 05:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429933 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sam90

sam90
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 05 December 2011 - 04:03 PM

Hi
This is in response to the HelpBot.

I described the issue in my previous post. I haven't been using my main PC since I have had this problem except to run the tools/scans requested and post them here (i.e. from initial post on 22 Nov). The last time I used it to run the scans above, it seems that the start button does now respond when I click on it with the mouse or use the Windows key on the keyboard and I can also click on the icons in the quicklaunch tray and also on the desktop and the relevant program starts.

I am still concerned that I have some virus or rootkit or something else wrong with my PC as I did have those symptoms and also a number of icons in the tasktray didn't appear - in particular the ZA icon didn't appear.

DeFogger has already been run.
My system runs Windows XP SP3 32-bit.
I don't have the original Windows disks available.

Here are the new DDS and GMER logs requested. I ran them when I had taken out the cable that connects my PC to my router so it was not connected to the internet or the rest of my home network.

When I booted into the PC this time, I got the red windows security center warning icon and the message was that "your computer might be at risk - antivirus software might not be installed". Also the Symnatec AntiVirus 'yellow shield' icon in the tasktray had the "I am not active" symbol - red circle with a line through it over the top of the shield icon - and when I right-clicked on it, the "enable auto-protect" did not have a tick next to it. I clicked to enable it and it seemed to be OK after that (the tick appeared and the red circle with line disappeared). This time that I logged in, I got more icons appearing in the task tray _including_ the ZA icon. I was quite surprised to see these icons back. I'm not sure but I think that it was all of the usual icons that I'd expect to see.

I was able to run DDS ok.

When I ran GMER, after a few minutes, I got "gmer.exe has encountered a problem and needs to close" so I clicked OK and gmer closed and then I rebooted the computer. It took longer than usual for the computer to shut down but it did eventually shut down (it seemed to do nothing for a while before starting to shut down and then it seemed to hang quite a while on the closing network connections and also on the saving your settings messages).

After I had logged in again, this time the Symantec yellow shield was OK straight away (although I still got the red windows security center warning icon and the message that "your computer might be at risk - antivirus software might not be installed"). I didn't get all of the icons from before and, in particular, the ZA icon was missing. I then ran GMER again and it completed OK. The file is over 6000 lines so I have zipped it to attach it to this message.

Thanks in advance for any help
Sam

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by sam at 20:41:12 on 2011-12-04
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\CardScan\CardScan\CardScanAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\sam\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///F:/Internet/StartPage/index.htm
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
BHO: Snapform Viewer PlugIn for IE: {00af1458-d967-4c0e-b736-d6d010521ef5} - c:\program files\snapformviewer\viewer\bin\lib\SFVPlugInIE_x86.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [CardScanAgent] "c:\program files\cardscan\cardscan\CardScanAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all by NetXfer - c:\program files\xi\netxfer\NXAddList.html
IE: Download by NetXfer - c:\program files\xi\netxfer\NXAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.update
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://access.easyjetairline.com/vdesk/cachecleaner.cab#version=6030,2009,0514,2202
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://access.easyjetairline.com/vdesk/terminal/InstallerControl.cab#version=6030,2009,0514,2216
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260657238092
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258812347137
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sam\application data\mozilla\firefox\profiles\xfv2qcqw.defaultff3\
FF - prefs.js: browser.startup.homepage - file:///F:/Internet/StartPage/index.htm
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPNXCatcher(Audio).dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPNXCatcher(Video).dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPNXCatcher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
.
============= SERVICES / DRIVERS ===============
.
R? gupdate;Google Update Service (gupdate)
R? NPF;NetGroup Packet Filter Driver
R? SavRoam;SavRoam
R? WDM_Capture_220A;DVB-T TV Receiver
R? WDM_Loader_220A;DVB-T TV Loader
S? !SASCORE;SAS Core Service
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? ISWKL;ZoneAlarm Toolbar ISWKL
S? IswSvc;ZoneAlarm Toolbar IswSvc
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? pbfilter;pbfilter
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Symantec AntiVirus;Symantec AntiVirus
S? Vsdatant;Vsdatant
S? vsmon;TrueVector Internet Monitor
.
=============== Created Last 30 ================
.
2011-11-27 16:51:29 -------- d-----w- c:\documents and settings\sam\application data\SUPERAntiSpyware.com
2011-11-27 16:50:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-27 16:50:37 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-20 17:41:54 -------- d-----w- c:\windows\Internet Logs
2011-11-20 17:38:07 -------- d-----w- c:\documents and settings\sam\application data\CheckPoint
2011-11-20 17:36:34 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2011-11-20 17:27:45 -------- d-----w- c:\program files\CheckPoint
2011-11-20 16:48:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-20 16:46:58 0 ----a-w- c:\windows\system32\RENC6.tmp
2011-11-20 16:46:58 0 ----a-w- c:\windows\system32\RENC5.tmp
2011-11-20 16:46:58 0 ----a-w- c:\windows\system32\RENC4.tmp
.
==================== Find3M ====================
.
2011-11-20 16:55:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 16:47:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2005-09-14 09:58:37 20480 ----a-w- c:\program files\common files\UninstallDrv.exe
2005-06-26 14:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 21:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2006-05-03 11:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2007-02-21 12:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 14:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2005-02-28 12:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.
============= FINISH: 20:42:55.09 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:57 PM

Posted 07 December 2011 - 09:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#5 sam90

sam90
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 11 December 2011 - 11:36 AM

Thanks for helping me with my computer and I am sorry for the delay in replying - I have been working away from home.

Computer booted up OK. Got red Windows security centre warning telling me antivirus not installed (but the Symantec yellow shield is OK). Didn't get all of the icons that I'd expect to get in the tasktray.

I only connected computer to router to download the two softwares (and again after the scan had finished to make this reply).

When I clicked on aswMBR.exe - it asked me if I wanted to download the Avast Free Antivirus and download the latest Avast antivirus definitions. I said 'no' because this wasn't in your instructions. Do I need to do this and run the scanner again?

I didn’t have to reboot when TDSSkiller had finished.

Here are the results of the scans and I have attached the MBR.dat zipped up into MBR.zip as you said.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-11 16:12:04
-----------------------------
16:12:04.421 OS Version: Windows 5.1.2600 Service Pack 3
16:12:04.421 Number of processors: 2 586 0x403
16:12:04.421 ComputerName: HUFFLEPUFF UserName: sam
16:12:04.921 Initialize success
16:13:16.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
16:13:16.359 Disk 0 Vendor: Maxtor_7L250S0 BACE1G10 Size: 238418MB BusType: 3
16:13:18.453 Disk 0 MBR read successfully
16:13:18.453 Disk 0 MBR scan
16:13:18.453 Disk 0 unknown MBR code
16:13:18.546 Disk 0 scanning sectors +488263545
16:13:18.625 Disk 0 scanning C:\WINDOWS\system32\drivers
16:13:33.343 Service scanning
16:13:34.531 Modules scanning
16:13:39.640 Disk 0 trace - called modules:
16:13:39.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:13:39.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afb1ab8]
16:13:39.656 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8afa2d98]
16:13:39.656 Scan finished successfully
16:13:58.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sam\Desktop\MBR.dat"
16:13:58.609 The log file has been saved successfully to "C:\Documents and Settings\sam\Desktop\aswMBR.txt"


16:16:17.0359 5736 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
16:16:19.0359 5736 ============================================================
16:16:19.0359 5736 Current date / time: 2011/12/11 16:16:19.0359
16:16:19.0359 5736 SystemInfo:
16:16:19.0359 5736
16:16:19.0359 5736 OS Version: 5.1.2600 ServicePack: 3.0
16:16:19.0359 5736 Product type: Workstation
16:16:19.0359 5736 ComputerName: HUFFLEPUFF
16:16:19.0359 5736 UserName: sam
16:16:19.0359 5736 Windows directory: C:\WINDOWS
16:16:19.0359 5736 System windows directory: C:\WINDOWS
16:16:19.0359 5736 Processor architecture: Intel x86
16:16:19.0359 5736 Number of processors: 2
16:16:19.0359 5736 Page size: 0x1000
16:16:19.0359 5736 Boot type: Normal boot
16:16:19.0359 5736 ============================================================
16:16:22.0125 5736 Initialize success
16:16:35.0453 5792 ============================================================
16:16:35.0453 5792 Scan started
16:16:35.0453 5792 Mode: Manual;
16:16:35.0453 5792 ============================================================
16:16:39.0250 5792 Abiosdsk - ok
16:16:39.0312 5792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:16:39.0312 5792 abp480n5 - ok
16:16:39.0453 5792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:16:39.0453 5792 ACPI - ok
16:16:39.0515 5792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:16:39.0515 5792 ACPIEC - ok
16:16:39.0718 5792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:16:39.0718 5792 adpu160m - ok
16:16:40.0078 5792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:16:40.0078 5792 aec - ok
16:16:40.0281 5792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:16:40.0296 5792 AFD - ok
16:16:40.0390 5792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:16:40.0390 5792 agp440 - ok
16:16:40.0468 5792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:16:40.0468 5792 agpCPQ - ok
16:16:40.0562 5792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:16:40.0562 5792 Aha154x - ok
16:16:40.0703 5792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:16:40.0703 5792 aic78u2 - ok
16:16:40.0750 5792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:16:40.0750 5792 aic78xx - ok
16:16:40.0812 5792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:16:40.0812 5792 AliIde - ok
16:16:40.0859 5792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:16:40.0859 5792 alim1541 - ok
16:16:40.0890 5792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:16:40.0890 5792 amdagp - ok
16:16:40.0937 5792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:16:40.0937 5792 amsint - ok
16:16:41.0281 5792 AnyDVD (f1564482542040d80cf584f9192ef2d5) C:\WINDOWS\system32\Drivers\AnyDVD.sys
16:16:41.0281 5792 AnyDVD - ok
16:16:41.0687 5792 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:16:41.0687 5792 Arp1394 - ok
16:16:42.0015 5792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:16:42.0015 5792 asc - ok
16:16:42.0234 5792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:16:42.0234 5792 asc3350p - ok
16:16:42.0687 5792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:16:42.0687 5792 asc3550 - ok
16:16:43.0062 5792 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
16:16:43.0062 5792 Aspi32 - ok
16:16:43.0718 5792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:16:43.0718 5792 AsyncMac - ok
16:16:44.0171 5792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:16:44.0187 5792 atapi - ok
16:16:44.0218 5792 Atdisk - ok
16:16:44.0328 5792 ati2mtag (956c7ec3a9de96f785b829beb41e3c3e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:16:44.0343 5792 ati2mtag - ok
16:16:45.0062 5792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:16:45.0062 5792 Atmarpc - ok
16:16:45.0937 5792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:16:45.0937 5792 audstub - ok
16:16:46.0750 5792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:16:46.0750 5792 Beep - ok
16:16:47.0250 5792 bvrp_pci - ok
16:16:47.0937 5792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:16:47.0937 5792 cbidf - ok
16:16:48.0656 5792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:16:48.0656 5792 cbidf2k - ok
16:16:49.0093 5792 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:16:49.0093 5792 CCDECODE - ok
16:16:49.0500 5792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:16:49.0500 5792 cd20xrnt - ok
16:16:49.0703 5792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:16:49.0718 5792 Cdaudio - ok
16:16:49.0765 5792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:16:49.0765 5792 Cdfs - ok
16:16:49.0812 5792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:16:49.0812 5792 Cdrom - ok
16:16:50.0046 5792 Changer - ok
16:16:50.0390 5792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:16:50.0390 5792 CmdIde - ok
16:16:51.0156 5792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:16:51.0156 5792 Cpqarray - ok
16:16:51.0843 5792 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
16:16:52.0031 5792 ctac32k - ok
16:16:52.0296 5792 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
16:16:52.0390 5792 ctaud2k - ok
16:16:52.0484 5792 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
16:16:52.0500 5792 ctdvda2k - ok
16:16:52.0531 5792 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
16:16:52.0531 5792 ctprxy2k - ok
16:16:52.0640 5792 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
16:16:52.0640 5792 ctsfm2k - ok
16:16:52.0703 5792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:16:52.0718 5792 dac2w2k - ok
16:16:52.0750 5792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:16:52.0750 5792 dac960nt - ok
16:16:52.0828 5792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:16:52.0828 5792 Disk - ok
16:16:52.0890 5792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:16:52.0906 5792 dmboot - ok
16:16:52.0937 5792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
16:16:52.0937 5792 dmio - ok
16:16:52.0968 5792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:16:52.0968 5792 dmload - ok
16:16:53.0046 5792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:16:53.0046 5792 DMusic - ok
16:16:53.0093 5792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:16:53.0093 5792 dpti2o - ok
16:16:53.0140 5792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:16:53.0140 5792 drmkaud - ok
16:16:53.0203 5792 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:16:53.0203 5792 E100B - ok
16:16:53.0281 5792 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:16:53.0281 5792 eeCtrl - ok
16:16:53.0687 5792 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
16:16:53.0687 5792 ElbyCDFL - ok
16:16:53.0875 5792 ElbyCDIO (37c3a9fef349d13685ec9c2acaaeafce) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:16:53.0875 5792 ElbyCDIO - ok
16:16:53.0906 5792 ElbyDelay (8d35affbeed58fd66e9fad223de33718) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
16:16:53.0906 5792 ElbyDelay - ok
16:16:53.0968 5792 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
16:16:53.0968 5792 emupia - ok
16:16:54.0000 5792 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:16:54.0000 5792 EraserUtilRebootDrv - ok
16:16:54.0046 5792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:16:54.0046 5792 Fastfat - ok
16:16:54.0093 5792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:16:54.0093 5792 Fdc - ok
16:16:54.0125 5792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:16:54.0125 5792 Fips - ok
16:16:54.0171 5792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:16:54.0171 5792 Flpydisk - ok
16:16:54.0234 5792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:16:54.0234 5792 FltMgr - ok
16:16:54.0265 5792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:16:54.0265 5792 Fs_Rec - ok
16:16:54.0296 5792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:16:54.0296 5792 Ftdisk - ok
16:16:54.0656 5792 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:16:54.0671 5792 gameenum - ok
16:16:54.0703 5792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:16:54.0703 5792 Gpc - ok
16:16:54.0765 5792 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
16:16:54.0781 5792 ha10kx2k - ok
16:16:54.0828 5792 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
16:16:54.0828 5792 hap16v2k - ok
16:16:54.0875 5792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:16:54.0875 5792 HidUsb - ok
16:16:54.0953 5792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:16:54.0953 5792 hpn - ok
16:16:55.0031 5792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:16:55.0046 5792 HTTP - ok
16:16:55.0078 5792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:16:55.0078 5792 i2omgmt - ok
16:16:55.0125 5792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:16:55.0125 5792 i2omp - ok
16:16:55.0171 5792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:16:55.0171 5792 i8042prt - ok
16:16:55.0250 5792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:16:55.0250 5792 Imapi - ok
16:16:55.0296 5792 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\WINDOWS\system32\drivers\InCDfs.sys
16:16:55.0296 5792 InCDfs - ok
16:16:55.0421 5792 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
16:16:55.0421 5792 InCDPass - ok
16:16:55.0453 5792 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\WINDOWS\system32\drivers\InCDrec.sys
16:16:55.0453 5792 InCDrec - ok
16:16:55.0500 5792 incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys
16:16:55.0500 5792 incdrm - ok
16:16:55.0562 5792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:16:55.0562 5792 ini910u - ok
16:16:55.0703 5792 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
16:16:55.0718 5792 IntelC51 - ok
16:16:55.0796 5792 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
16:16:55.0796 5792 IntelC52 - ok
16:16:55.0875 5792 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
16:16:55.0875 5792 IntelC53 - ok
16:16:55.0921 5792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:16:55.0921 5792 IntelIde - ok
16:16:55.0984 5792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:16:55.0984 5792 intelppm - ok
16:16:56.0046 5792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:16:56.0046 5792 Ip6Fw - ok
16:16:56.0093 5792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:16:56.0093 5792 IpFilterDriver - ok
16:16:56.0156 5792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:16:56.0156 5792 IpInIp - ok
16:16:56.0203 5792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:16:56.0203 5792 IpNat - ok
16:16:56.0234 5792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:16:56.0234 5792 IPSec - ok
16:16:56.0281 5792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:16:56.0281 5792 IRENUM - ok
16:16:56.0312 5792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:16:56.0312 5792 isapnp - ok
16:16:56.0437 5792 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:16:56.0437 5792 ISWKL - ok
16:16:56.0500 5792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:16:56.0500 5792 Kbdclass - ok
16:16:56.0562 5792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:16:56.0562 5792 kbdhid - ok
16:16:56.0703 5792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:16:56.0703 5792 kmixer - ok
16:16:56.0765 5792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:16:56.0765 5792 KSecDD - ok
16:16:56.0796 5792 lbrtfdc - ok
16:16:56.0859 5792 LHidFlt2 (03976c309ede05d39017c05b817cd94f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
16:16:56.0859 5792 LHidFlt2 - ok
16:16:56.0906 5792 LHidUsb (25688115843c4028686a96d88bc28007) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
16:16:56.0906 5792 LHidUsb - ok
16:16:56.0953 5792 LMouFlt2 (26407519fca64ec4091fe1f815b4afc4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
16:16:56.0953 5792 LMouFlt2 - ok
16:16:57.0015 5792 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
16:16:57.0015 5792 LVPr2Mon - ok
16:16:57.0093 5792 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:16:57.0109 5792 LVRS - ok
16:16:57.0156 5792 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
16:16:57.0156 5792 LVUSBSta - ok
16:16:57.0218 5792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:16:57.0218 5792 mnmdd - ok
16:16:57.0265 5792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:16:57.0265 5792 Modem - ok
16:16:57.0296 5792 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:16:57.0296 5792 MODEMCSA - ok
16:16:57.0375 5792 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
16:16:57.0375 5792 mohfilt - ok
16:16:57.0421 5792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:16:57.0421 5792 Mouclass - ok
16:16:57.0468 5792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:16:57.0468 5792 mouhid - ok
16:16:57.0500 5792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:16:57.0500 5792 MountMgr - ok
16:16:57.0640 5792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:16:57.0640 5792 mraid35x - ok
16:16:57.0687 5792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:16:57.0687 5792 MRxDAV - ok
16:16:57.0750 5792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:16:57.0765 5792 MRxSmb - ok
16:16:57.0812 5792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:16:57.0812 5792 Msfs - ok
16:16:57.0875 5792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:16:57.0875 5792 MSKSSRV - ok
16:16:57.0937 5792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:16:57.0937 5792 MSPCLOCK - ok
16:16:57.0984 5792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:16:57.0984 5792 MSPQM - ok
16:16:58.0031 5792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:16:58.0031 5792 mssmbios - ok
16:16:58.0078 5792 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:16:58.0078 5792 MSTEE - ok
16:16:58.0125 5792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:16:58.0125 5792 Mup - ok
16:16:58.0187 5792 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:16:58.0187 5792 NABTSFEC - ok
16:16:58.0250 5792 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111119.016\NAVENG.SYS
16:16:58.0250 5792 NAVENG - ok
16:16:58.0296 5792 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111119.016\NAVEX15.SYS
16:16:58.0312 5792 NAVEX15 - ok
16:16:58.0390 5792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:16:58.0390 5792 NDIS - ok
16:16:58.0437 5792 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:16:58.0437 5792 NdisIP - ok
16:16:58.0515 5792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:16:58.0515 5792 NdisTapi - ok
16:16:58.0562 5792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:16:58.0562 5792 Ndisuio - ok
16:16:58.0671 5792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:16:58.0671 5792 NdisWan - ok
16:16:58.0859 5792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:16:58.0859 5792 NDProxy - ok
16:16:58.0890 5792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:16:58.0890 5792 NetBIOS - ok
16:16:58.0953 5792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:16:58.0953 5792 NetBT - ok
16:16:59.0031 5792 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:16:59.0046 5792 NIC1394 - ok
16:16:59.0093 5792 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
16:16:59.0093 5792 nm - ok
16:16:59.0140 5792 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\WINDOWS\system32\drivers\npf.sys
16:16:59.0140 5792 NPF - ok
16:16:59.0187 5792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:16:59.0187 5792 Npfs - ok
16:16:59.0265 5792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:16:59.0281 5792 Ntfs - ok
16:16:59.0390 5792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:16:59.0390 5792 Null - ok
16:16:59.0468 5792 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:16:59.0515 5792 nv - ok
16:16:59.0640 5792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:16:59.0640 5792 NwlnkFlt - ok
16:16:59.0687 5792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:16:59.0687 5792 NwlnkFwd - ok
16:16:59.0734 5792 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:16:59.0734 5792 ohci1394 - ok
16:16:59.0796 5792 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
16:16:59.0812 5792 ossrv - ok
16:16:59.0859 5792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:16:59.0859 5792 Parport - ok
16:16:59.0890 5792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:16:59.0890 5792 PartMgr - ok
16:16:59.0953 5792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:16:59.0953 5792 ParVdm - ok
16:17:00.0078 5792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:17:00.0078 5792 PCI - ok
16:17:00.0109 5792 PCIDump - ok
16:17:00.0140 5792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:17:00.0140 5792 PCIIde - ok
16:17:00.0187 5792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:17:00.0187 5792 Pcmcia - ok
16:17:00.0218 5792 PDCOMP - ok
16:17:00.0265 5792 PDFRAME - ok
16:17:00.0296 5792 PDRELI - ok
16:17:00.0328 5792 PDRFRAME - ok
16:17:00.0406 5792 pepifilter (4349c7dc0c982cffc11946fff20f8524) C:\WINDOWS\system32\DRIVERS\lv302af.sys
16:17:00.0406 5792 pepifilter - ok
16:17:00.0453 5792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:17:00.0453 5792 perc2 - ok
16:17:00.0500 5792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:17:00.0500 5792 perc2hib - ok
16:17:00.0625 5792 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
16:17:00.0625 5792 PfModNT - ok
16:17:00.0718 5792 PID_PEPI (4fc23dae30ef4f6a2952cd93104909e7) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
16:17:00.0734 5792 PID_PEPI - ok
16:17:00.0812 5792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:17:00.0812 5792 PptpMiniport - ok
16:17:00.0875 5792 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
16:17:00.0875 5792 PQNTDrv - ok
16:17:00.0921 5792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:17:00.0921 5792 PSched - ok
16:17:00.0953 5792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:17:00.0968 5792 Ptilink - ok
16:17:01.0015 5792 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:17:01.0015 5792 PxHelp20 - ok
16:17:01.0078 5792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:17:01.0078 5792 ql1080 - ok
16:17:01.0125 5792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:17:01.0125 5792 Ql10wnt - ok
16:17:01.0156 5792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:17:01.0156 5792 ql12160 - ok
16:17:01.0203 5792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:17:01.0203 5792 ql1240 - ok
16:17:01.0250 5792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:17:01.0250 5792 ql1280 - ok
16:17:01.0296 5792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:17:01.0296 5792 RasAcd - ok
16:17:01.0375 5792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:17:01.0375 5792 Rasl2tp - ok
16:17:01.0421 5792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:17:01.0421 5792 RasPppoe - ok
16:17:01.0468 5792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:17:01.0468 5792 Raspti - ok
16:17:01.0515 5792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:17:01.0531 5792 Rdbss - ok
16:17:01.0640 5792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:17:01.0640 5792 RDPCDD - ok
16:17:01.0718 5792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:17:01.0718 5792 rdpdr - ok
16:17:01.0781 5792 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:17:01.0781 5792 RDPWD - ok
16:17:01.0843 5792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:17:01.0843 5792 redbook - ok
16:17:01.0921 5792 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:17:01.0921 5792 SASDIFSV - ok
16:17:01.0937 5792 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:17:01.0937 5792 SASKUTIL - ok
16:17:02.0000 5792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:17:02.0000 5792 Secdrv - ok
16:17:02.0062 5792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:17:02.0062 5792 serenum - ok
16:17:02.0125 5792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:17:02.0140 5792 Serial - ok
16:17:02.0203 5792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:17:02.0203 5792 Sfloppy - ok
16:17:02.0234 5792 Simbad - ok
16:17:02.0281 5792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:17:02.0296 5792 sisagp - ok
16:17:02.0343 5792 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:17:02.0343 5792 SLIP - ok
16:17:02.0406 5792 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
16:17:02.0406 5792 snapman - ok
16:17:02.0468 5792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:17:02.0468 5792 Sparrow - ok
16:17:02.0546 5792 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:17:02.0546 5792 SPBBCDrv - ok
16:17:02.0578 5792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:17:02.0578 5792 splitter - ok
16:17:02.0640 5792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:17:02.0640 5792 sr - ok
16:17:02.0718 5792 SRTSP (8b938345e1d2e49465cc9c11ae410438) C:\WINDOWS\system32\Drivers\SRTSP.SYS
16:17:02.0718 5792 SRTSP - ok
16:17:02.0781 5792 SRTSPL (f1eb4f77241ddf0bc11f5d638402a788) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
16:17:02.0796 5792 SRTSPL - ok
16:17:02.0843 5792 SRTSPX (be24052f4173bb6fe5badc032b6bc978) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
16:17:02.0843 5792 SRTSPX - ok
16:17:02.0890 5792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:17:02.0890 5792 Srv - ok
16:17:02.0968 5792 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:17:02.0968 5792 StillCam - ok
16:17:03.0000 5792 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:17:03.0000 5792 streamip - ok
16:17:03.0031 5792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:17:03.0031 5792 swenum - ok
16:17:03.0078 5792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:17:03.0093 5792 swmidi - ok
16:17:03.0156 5792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:17:03.0156 5792 symc810 - ok
16:17:03.0203 5792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:17:03.0203 5792 symc8xx - ok
16:17:03.0265 5792 SymEvent (d430a5fa6a82d0b53db969067535c92b) C:\Program Files\Symantec\SYMEVENT.SYS
16:17:03.0265 5792 SymEvent - ok
16:17:03.0312 5792 SYMREDRV (90a15cd58994ceaf7697f03ab4b304a0) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
16:17:03.0312 5792 SYMREDRV - ok
16:17:03.0390 5792 SYMTDI (169cc67cc03c1c7195787c49d200e232) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
16:17:03.0390 5792 SYMTDI - ok
16:17:03.0453 5792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:17:03.0453 5792 sym_hi - ok
16:17:03.0484 5792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:17:03.0484 5792 sym_u3 - ok
16:17:03.0578 5792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:17:03.0578 5792 sysaudio - ok
16:17:03.0640 5792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:17:03.0640 5792 Tcpip - ok
16:17:03.0687 5792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:17:03.0687 5792 TDPIPE - ok
16:17:03.0734 5792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:17:03.0734 5792 TDTCP - ok
16:17:03.0781 5792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:17:03.0796 5792 TermDD - ok
16:17:03.0953 5792 tifsfilter (1ad143f1779f87996b20979cf4b48714) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:17:03.0953 5792 tifsfilter - ok
16:17:04.0015 5792 timounter (64694b2a5c772e1c61feac300ed90ca6) C:\WINDOWS\system32\DRIVERS\timntr.sys
16:17:04.0046 5792 timounter - ok
16:17:04.0093 5792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:17:04.0093 5792 TosIde - ok
16:17:04.0156 5792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:17:04.0156 5792 Udfs - ok
16:17:04.0203 5792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:17:04.0203 5792 ultra - ok
16:17:04.0265 5792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:17:04.0265 5792 Update - ok
16:17:04.0390 5792 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:17:04.0390 5792 usbaudio - ok
16:17:04.0437 5792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:17:04.0437 5792 usbccgp - ok
16:17:04.0484 5792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:17:04.0484 5792 usbehci - ok
16:17:04.0562 5792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:17:04.0562 5792 usbhub - ok
16:17:04.0609 5792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:17:04.0609 5792 usbscan - ok
16:17:04.0640 5792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:17:04.0640 5792 USBSTOR - ok
16:17:04.0671 5792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:17:04.0671 5792 usbuhci - ok
16:17:04.0718 5792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:17:04.0718 5792 VgaSave - ok
16:17:04.0765 5792 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:17:04.0765 5792 viaagp - ok
16:17:04.0812 5792 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:17:04.0812 5792 ViaIde - ok
16:17:04.0859 5792 VMnetAdapter - ok
16:17:04.0890 5792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:17:04.0890 5792 VolSnap - ok
16:17:04.0968 5792 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
16:17:05.0078 5792 Vsdatant - ok
16:17:05.0140 5792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:17:05.0140 5792 Wanarp - ok
16:17:05.0171 5792 wanatw - ok
16:17:05.0203 5792 WDICA - ok
16:17:05.0250 5792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:17:05.0250 5792 wdmaud - ok
16:17:05.0328 5792 WDM_Capture_220A (5ad19fd45820173e094194c1e6f719ef) C:\WINDOWS\system32\Drivers\WDM_Capture_220A.sys
16:17:05.0328 5792 WDM_Capture_220A - ok
16:17:05.0515 5792 WDM_Loader_220A (94a7879c904f3f34034396950c2002f2) C:\WINDOWS\system32\Drivers\WDM_Loader_220A.sys
16:17:05.0531 5792 WDM_Loader_220A - ok
16:17:05.0625 5792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:17:05.0625 5792 WS2IFSL - ok
16:17:05.0687 5792 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:17:05.0687 5792 WSTCODEC - ok
16:17:05.0750 5792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:17:05.0750 5792 WudfPf - ok
16:17:05.0796 5792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:17:05.0796 5792 WudfRd - ok
16:17:05.0843 5792 MBR (0x1B8) (a03e065717cb65f3034ad33ad58b6bba) \Device\Harddisk0\DR0
16:17:05.0843 5792 \Device\Harddisk0\DR0 - ok
16:17:05.0859 5792 Boot (0x1200) (a1462bce528c3857412057414fef5354) \Device\Harddisk0\DR0\Partition0
16:17:05.0859 5792 \Device\Harddisk0\DR0\Partition0 - ok
16:17:05.0875 5792 Boot (0x1200) (685bb468fd8f9cd1b4239b1b06ef3e25) \Device\Harddisk0\DR0\Partition1
16:17:05.0875 5792 \Device\Harddisk0\DR0\Partition1 - ok
16:17:05.0890 5792 Boot (0x1200) (1079219dbf6e62fd1763e21dbfd08929) \Device\Harddisk0\DR0\Partition2
16:17:05.0890 5792 \Device\Harddisk0\DR0\Partition2 - ok
16:17:05.0921 5792 Boot (0x1200) (6f81d441965708fe142fe5148ac1991e) \Device\Harddisk0\DR0\Partition3
16:17:05.0921 5792 \Device\Harddisk0\DR0\Partition3 - ok
16:17:05.0937 5792 Boot (0x1200) (5b42d10b068a9d3f8ff81c312726d629) \Device\Harddisk0\DR0\Partition4
16:17:05.0937 5792 \Device\Harddisk0\DR0\Partition4 - ok
16:17:05.0953 5792 Boot (0x1200) (6dca85d887f1294898b595a9d93cf752) \Device\Harddisk0\DR0\Partition5
16:17:05.0953 5792 \Device\Harddisk0\DR0\Partition5 - ok
16:17:05.0968 5792 Boot (0x1200) (1db979c937e450fa0a2be21e3ff7201c) \Device\Harddisk0\DR0\Partition6
16:17:05.0968 5792 \Device\Harddisk0\DR0\Partition6 - ok
16:17:05.0968 5792 ============================================================
16:17:05.0968 5792 Scan finished
16:17:05.0968 5792 ============================================================
16:17:05.0984 5784 Detected object count: 0
16:17:05.0984 5784 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   589bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:57 PM

Posted 12 December 2011 - 09:22 AM

You did well.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

Post the logs for my review.

#7 sam90

sam90
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 12 December 2011 - 06:09 PM

Thanks for the reply and I’m sorry this is rather long but quite a bit happened when I tried to follow your instructions.

Booted up into normal Windows - seemed a bit slow to log in. I got the red Windows security center warning about anti-virus not being installed (but the Symantec yellow shield was OK). Got some of the regular icons in the tasktray. Got error message I'd not had before: "Windows - Application Error" "The application failed to initialize properly (0xc0000017) Click on OK to terminate the application". I clicked OK and then I restarted the computer again. Took a while to shutdown.

After logging in again, got red Windows security center warning about anti-virus not being installed (but the Symantec yellow shield was OK). Got more of the regular icons in the tasktray including zonealarm. Was able to open Firefox to get to the links to ComboFix and Security Check from your post. I closed Firefox. When I went to disable Symantec by right-clicking on icon in tasktray, was able to click and choose disable but the icon didn't change to having the red circle with line so I went to click it again and could not click on it any more. Mouse pointer moves around OK but I was unable to click on Start button or any icons in quicklaunch tray or system tray. Did ctrl-alt-del and told computer to shutdown. Got three error messages.
rundll32.exe DLL initialisation failed - the application failed to initialise because the window station is shutting down.
end program - cftmon.exe - ending program please wait
end program - explorer.exe - ending program please wait
I clicked 'end now' on explorer.exe but it didn't seem to do anything. So after a few minutes wait, I powered off the computer and restarted it again.

Again logged in, Symantec had red circle with line through it so decided to start combofix. (Also I got the red Windows security centre warning about anti-virus not being installed and got quite a few of the regular icons in the tasktray including zonealarm). Clicked on the ComboFix program on desktop. Just got hourglass mouse cursor. After a few minutes wait of nothing happening, I tried to click on the start button to shutdown and I couldn't click on the start button so I ctrl-alt-del and clicked shutdown from there.

I got the same three error messages as above but this time, the computer did eventually shutdown by itself - though it did take a while to do this (but at least it did shut down by itself).

Restarted computer and logged in again - took a while to log in. Downloaded combofix fresh from the other link (just in case) and called it something else. (Also when I logged in got the red Windows security center warning about anti-virus not being installed and got quite a few of the regular icons in the tasktray including zonealarm. Symantec said it was still disabled). I closed Firefox and started my renamed combofix.

This time combofix started up normally. My firewall asked for access for a number of .3xe programs and I said OK

I'm not sure how much detail you would like about this bit so here are some notes I made as combofix ran:
combofix window opened
combofix preparing to run
attempted to create a new system restore point
backup registry etc

bit of a wait but I didn't click anything as per instructions
eventually asked for install recovery console so I said yes (my XP is not Home Edition)
I accepted the EULA and the installer unpacked some files but then there was a bit of a wait
I got that the recovery console was installed OK and then clicked to continue to scan for malware

when scanning, brief period when all icons on screen disappeared - came back pretty quickly.
Completed Stages 1, 2, 3, 4, 5, 6, 6A, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 19b, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 32A, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50 (though some of the stages seemed to be completed very rapidly one after another)

It then deleted four files and three folders - at this point the screen cleared of all of the icons again and the combofix program then said it would reboot windows. The computer then shutdown and rebooted (it took a while to shutdown).

When it had rebooted and I logged in again, combofix windows re-opened by itself and it said it was preparing the log report. Whilst it was preparing the report, the computer continued to start up. I got the red Windows security center warning about anti-virus not being installed and got quite a few of the regular icons in the tasktray including zonealarm. Symantec said it was now active. I didn’t try to change Symantex whilst the ComboFix was preparing the report – was this OK? It seemed to take quite a long time to prepare the report (about 5-6 minutes in total). Whilst the report was being prepared, Symantec auto-protect gave a warning that it had acted on the risk “Bloodhound.MalPE” and quarantined it successfully from file name LVPrcInj01.dll in location \Temp\logishrd. (I noticed that this was one of the files that ComboFix had said that it had deleted.) Later on, the screen also cleared of all icons and then refreshed a second or so later. Almost immediately after this, ComboFix told me that it was almost done and the window then closed and the report appeared.


I then ran the Security Check tool – this was quite quick to run.

Please find the logs below.



ComboFix 11-12-12.02 - sam 12/12/2011 22:26:13.1.2 - x86
Running from: c:\documents and settings\sam\Desktop\fixcombo.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\sam\g2mdlhlpx.exe
c:\documents and settings\sam\Recent\StefWan-Team.cjb.net.url
c:\documents and settings\sam\WINDOWS
c:\windows\CSC\d6
c:\windows\system32\PowerToyReadme.htm
i:\temp\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-11-27 16:51 . 2011-11-27 16:51 -------- d-----w- c:\documents and settings\sam\Application Data\SUPERAntiSpyware.com
2011-11-27 16:50 . 2011-11-27 16:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-27 16:50 . 2011-11-27 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-20 17:41 . 2011-12-12 21:37 -------- d-----w- c:\windows\Internet Logs
2011-11-20 17:38 . 2011-11-20 17:38 -------- d-----w- c:\documents and settings\sam\Application Data\CheckPoint
2011-11-20 17:36 . 2011-11-20 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-11-20 17:27 . 2011-11-20 17:36 -------- d-----w- c:\program files\CheckPoint
2011-11-20 16:49 . 2011-11-20 16:49 -------- d-----w- c:\program files\Common Files\Java
2011-11-20 16:48 . 2011-11-20 16:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-20 16:46 . 2011-11-20 16:46 0 ----a-w- c:\windows\system32\RENC6.tmp
2011-11-20 16:46 . 2011-11-20 16:46 0 ----a-w- c:\windows\system32\RENC5.tmp
2011-11-20 16:46 . 2011-11-20 16:46 0 ----a-w- c:\windows\system32\RENC4.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 16:55 . 2011-05-14 05:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 16:47 . 2010-04-16 19:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22 . 2004-08-10 13:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-09-14 09:58 . 2005-09-09 11:08 20480 ----a-w- c:\program files\Common Files\UninstallDrv.exe
2000-06-05 17:47 . 2000-06-05 17:47 32768 ----a-w- c:\program files\mozilla firefox\plugins\AppSub32.dll
2008-02-21 02:04 . 2008-02-21 02:04 98304 ----a-w- c:\program files\mozilla firefox\plugins\xxx DivX Player npDivxPlayerPlugin.dll
2000-06-05 17:48 . 2000-06-05 17:48 98304 ----a-w- c:\program files\mozilla firefox\plugins\xxx iPIX NpIpx32.dll
2007-04-10 16:21 . 2007-04-10 16:21 163256 ----a-w- c:\program files\mozilla firefox\plugins\xxx MS Media Player np-mswmp.dll
2010-04-16 19:54 . 2005-12-23 22:44 140864 ----a-w- c:\program files\mozilla firefox\plugins\xxx RealPlayer nppl3260.dll
2010-04-16 19:55 . 2005-12-23 22:44 8192 ----a-w- c:\program files\mozilla firefox\plugins\xxx RealPlayer nprjplug.dll
2010-04-16 19:53 . 2010-04-16 19:53 98304 ----a-w- c:\program files\mozilla firefox\plugins\xxx RealPlayer nprpjplug.dll
2010-07-12 16:33 . 2010-07-12 16:33 12800 ----a-w- c:\program files\mozilla firefox\plugins\xxx WinAmp npwachk.dll
2011-11-20 17:01 . 2011-10-01 16:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll
2006-05-03 11:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2007-02-21 12:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-13 95848]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"CardScanAgent"="c:\program files\CardScan\CardScan\CardScanAgent.exe" [2008-08-27 152824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-01-31 12:01 140832 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-01-31 12:03 1862112 ----a-w- c:\program files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-01-31 11:59 1129232 ----a-w- c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-10-14 122056]
R3 WDM_Capture_220A;DVB-T TV Receiver;c:\windows\system32\Drivers\WDM_Capture_220A.sys [2004-09-06 18432]
R3 WDM_Loader_220A;DVB-T TV Loader;c:\windows\system32\Drivers\WDM_Loader_220A.sys [2005-12-28 15488]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 27016]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 497280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-11 106104]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 15:43]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 15:43]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///F:/Internet/StartPage/index.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
Trusted Zone: microsoft.com\*.update
TCP: DhcpNameServer = 192.168.0.220
FF - ProfilePath - c:\documents and settings\sam\Application Data\Mozilla\Firefox\Profiles\xfv2qcqw.defaultff3\
FF - prefs.js: browser.startup.homepage - file:///F:/Internet/StartPage/index.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1168)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(1228)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(7096)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\PrintKey2000\Printkey2000.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Symantec AntiVirus\SavUI.exe
.
**************************************************************************
.
Completion time: 2011-12-12 22:49:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 22:49
.
Pre-Run: 3,346,149,376 bytes free
Post-Run: 3,267,538,944 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 70C1A2D0BB8179EB9C550522FF01001F


Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
Symantec AntiVirus
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Toolbar
ZoneAlarm Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Duplicate Cleaner 1.4.7c
Duplicate Cleaner 1.4.5
Java™ 6 Update 29
Adobe Flash Player 11.1.102.55
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus VPTray.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:57 PM

Posted 13 December 2011 - 10:41 AM

"The application failed to initialize properly (0xc0000017) Click on OK to terminate the application". I clicked OK and then I restarted the computer again. Took a while to shutdown.


I suspect that your Virtual Memory is low.

Follow the instructions on low memory in this article.

http://support.microsoft.com/kb/315351
If you need help before proceeding please ask.
===

All files in a Temporary folder will be deleted by Combofix. (or any other cleaning tool that cleans the \temp folder)
i:\temp\logishrd\LVPrcInj01.dll
This file is from Logitec. You may have to update or reinstall the product.
Read this article. http://forums.logitech.com/t5/Webcams/Temp-Folder-installation-LVPrcInj01-dll/td-p/314149/page/2

We can restore the file for now by running combofix will again delete the file.
Let me know.
===

Please check the issue of your Virtual Memory and let me know what problem persists.

Also please Run the DDS tool again and post do not attach the content of the attach.txt log for my review.
Makes sure you post the complete log. The previous log you attached was not complete.

#9 sam90

sam90
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 13 December 2011 - 05:39 PM

Thanks for the further advice.

My email provider (I am using a separate email service from the one my ISP gives) has told me that someone has been spamming pretending to be me and they tell me that its possible that I have been infected with a virus or botnet. They have disabled my SMTP access until I confirm that this is cured. This has made me quite worried that there is something really bad happening to my computer. Is it safe to use again yet? I have other PCs on my home network - what should I do to check them? The other computers have AVG antivirus and ZA firewall (XP SP3 machines).

The computer booted up OK (with the red Windows security centre shield alert).

On the Virtual Memory issue - I can't remember having this message before. I read the article you linked to and made some changes to my computer. My computer has 3GB of physical RAM but the paging file was only 1.5GB. It turned out that there was not much free space left on that drive so I moved the paging file to another disk with more space (and rebooted).

The Logitech article wasn't very easy to understand. I don't use the video effects with my webcam - just use it for Skype - so I have set the Process Monitor service to disabled and stopped it. If I have understood the article right, then disabling this service should avoid the issue in future. After I disabled the service, my Skype still seems to work OK (I can see video in the test).

I followed the instructions for DDS (I downloaded it again, disconnected from the internet, disabled my Symantec antivirus and ran the scan - I then re-enabled the antivirus and reconnected to the internet to post this). The attach.txt file is posted below for you. Hope it has everything in it this time.

.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.4 - CPSID_50030
Adobe Acrobat 7.1.4 Professional
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
Auslogics Registry Defrag
AutoUpdate
Brother MFL-Pro Suite
CardScan 8.0.5
CCleaner
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DivX Codec
DivX Player
Duplicate Cleaner 1.4.5
Duplicate Cleaner 1.4.7c
ESET Online Scanner v3
Fast Video Indexer 1.05
ffdshow [rev 2033] [2008-07-05]
Files Compare Tool
FileZilla Client 3.5.1
FlashPeak SlimBrowser
FLV Player 2.0 (build 25)
FontExpert 2007
Forté Agent
Free Studio version 4.2
Google Earth
Google Talk (remove only)
Google Update Helper
GoToMeeting/GoToWebinar 3.0.0.198
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Help Workshop
Image Grabber II
ImgBurn
InCD
Inzomia Viewer 3.11
Java Auto Updater
Java™ 6 Update 29
LiveUpdate (Symantec Corporation)
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware version 1.51.2.1300
Medieval CUE Splitter
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Monkey's Audio
Mozilla Firefox 8.0 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MythTv 0.23(svn_25174)
Nero 6 Ultra Edition
Nero Digital
NeroMIX
NSIS FreePOPs (remove only)
Photo Viewer S2.5
PuTTY version 0.60
Registry Mechanic 7.0
RSSOwl
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SIM Edit Tool
Skype™ 5.5
Snapform Viewer 1.7.6
SourceGear DiffMerge
Spybot - Search & Destroy
SUPERAntiSpyware
swMSM
Symantec AntiVirus
Symantec Technical Support Web Controls
TinCam 1.05
Tweak UI
UBCD4Win 3.50
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
v2010.build.42
VC 9.0 Runtime
ViceVersa Pro 2 (Build 2015)
VLC media player 1.1.11
WebFldrs XP
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinSCP 4.2.8
Workshare - DeltaView 2.9
XPS Annotator 1.20
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== End Of File ===========================

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:57 PM

Posted 14 December 2011 - 08:22 AM

My email provider (I am using a separate email service from the one my ISP gives) has told me that someone has been spamming pretending to be me and they tell me that its possible that I have been infected with a virus or botnet


Your ComboFix is clean.

If I could I would change my e-mail address and cancel the old one when all my contacts have been informed.
===

Run this on line scan on all the computers connected to the network.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Keep me posted.

#11 sam90

sam90
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 15 December 2011 - 03:00 PM

Here are the results of the ESET online scan

laptop - no threats found
desktop 2 - no threats found

desktop 1 - Two threats found and cleaned

D:\Sources\Software\Nero v6\Install Group\07. Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
D:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001951.exe Win32/Toolbar.AskSBar application deleted - quarantined

desktop 1 is the computer that had the problem.

Thanks

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:57 PM

Posted 16 December 2011 - 08:48 AM

Looking good.

Any other issues with this computer?

#13 sam90

sam90
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 16 December 2011 - 01:24 PM

No - there are no other issues. Thanks for the help. What do I need to do to finish off?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:57 PM

Posted 16 December 2011 - 02:00 PM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#15 sam90

sam90
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 16 December 2011 - 03:58 PM

Thank you. Bye.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users