johnnycobra
-
Posts
27 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by johnnycobra
-
-
Things are running well! The PC is faster to load webpages and alltogether looks good. The online banking popups have gone. I ran the ESET scanner and it found nothing. There is no logfile in the ESET online scanner directory
Here is the security check
Results of screen317's Security Check version 0.99.9
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
McAfee Security Scan Plus
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java 6 Update 24
Adobe Flash Player 10.2.152.32
Adobe Reader X (10.0.1)
Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
I think the problem is fixed.
Screen 317 thank you very much for your help.
You are The Dude
-
Hi
Since posting I have scanned my system with MBAM and Avast. No MBR (or any other virus) was found. It looks like TDSS works. Is there anything else I should to do verify that the system is clean?
-
Hi screen 137
I did as you said. Below is the report file. It found the sinowal rootkit. Things are looking better, my machine loads screens faster so this may have cured it.
2011/03/07 20:00:43.0765 3908 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/07 20:00:44.0046 3908 ================================================================================
2011/03/07 20:00:44.0046 3908 SystemInfo:
2011/03/07 20:00:44.0046 3908
2011/03/07 20:00:44.0046 3908 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/07 20:00:44.0046 3908 Product type: Workstation
2011/03/07 20:00:44.0046 3908 ComputerName: DCM5KS81
2011/03/07 20:00:44.0062 3908 UserName: John and Fran
2011/03/07 20:00:44.0062 3908 Windows directory: C:\WINDOWS
2011/03/07 20:00:44.0062 3908 System windows directory: C:\WINDOWS
2011/03/07 20:00:44.0062 3908 Processor architecture: Intel x86
2011/03/07 20:00:44.0062 3908 Number of processors: 2
2011/03/07 20:00:44.0062 3908 Page size: 0x1000
2011/03/07 20:00:44.0062 3908 Boot type: Normal boot
2011/03/07 20:00:44.0062 3908 ================================================================================
2011/03/07 20:00:44.0234 3908 Initialize success
2011/03/07 20:00:48.0984 2512 ================================================================================
2011/03/07 20:00:48.0984 2512 Scan started
2011/03/07 20:00:48.0984 2512 Mode: Manual;
2011/03/07 20:00:48.0984 2512 ================================================================================
2011/03/07 20:00:50.0406 2512 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/07 20:00:50.0500 2512 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/07 20:00:50.0578 2512 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/07 20:00:50.0625 2512 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/07 20:00:50.0656 2512 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/07 20:00:50.0718 2512 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/07 20:00:50.0781 2512 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/07 20:00:50.0828 2512 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/07 20:00:50.0890 2512 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/07 20:00:50.0906 2512 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/07 20:00:50.0921 2512 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/07 20:00:50.0953 2512 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/07 20:00:50.0984 2512 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/07 20:00:51.0000 2512 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/07 20:00:51.0046 2512 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/07 20:00:51.0078 2512 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/07 20:00:51.0140 2512 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/07 20:00:51.0171 2512 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/07 20:00:51.0234 2512 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/07 20:00:51.0343 2512 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/07 20:00:51.0421 2512 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/03/07 20:00:51.0484 2512 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/07 20:00:51.0546 2512 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/07 20:00:51.0578 2512 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/07 20:00:51.0640 2512 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/07 20:00:51.0671 2512 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/07 20:00:51.0687 2512 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/07 20:00:51.0734 2512 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/07 20:00:51.0750 2512 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/07 20:00:51.0843 2512 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/07 20:00:51.0890 2512 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/07 20:00:51.0937 2512 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/07 20:00:51.0984 2512 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/03/07 20:00:52.0015 2512 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/07 20:00:52.0109 2512 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/07 20:00:52.0109 2512 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/07 20:00:52.0140 2512 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/07 20:00:52.0171 2512 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/07 20:00:52.0218 2512 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/07 20:00:52.0250 2512 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/07 20:00:52.0296 2512 cis1284 (7e1d1616c7e2fbba784e5dbd05d88eca) C:\WINDOWS\system32\drivers\cis1284.sys
2011/03/07 20:00:52.0343 2512 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/07 20:00:52.0390 2512 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/07 20:00:52.0468 2512 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/03/07 20:00:52.0500 2512 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/03/07 20:00:52.0609 2512 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/03/07 20:00:52.0671 2512 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/03/07 20:00:52.0734 2512 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/03/07 20:00:52.0843 2512 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/07 20:00:52.0921 2512 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/07 20:00:53.0015 2512 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/07 20:00:53.0078 2512 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/07 20:00:53.0125 2512 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/07 20:00:53.0156 2512 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/07 20:00:53.0203 2512 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/07 20:00:53.0250 2512 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/07 20:00:53.0281 2512 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/07 20:00:53.0328 2512 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/03/07 20:00:53.0343 2512 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/03/07 20:00:53.0484 2512 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/03/07 20:00:53.0546 2512 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/03/07 20:00:53.0593 2512 DVDAccss (937ac237c80b2f0a1b7f88c40bc30334) C:\WINDOWS\system32\drivers\DVDAccss.sys
2011/03/07 20:00:53.0671 2512 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/07 20:00:53.0718 2512 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2011/03/07 20:00:53.0750 2512 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2011/03/07 20:00:53.0796 2512 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/03/07 20:00:53.0859 2512 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/07 20:00:53.0906 2512 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/07 20:00:53.0953 2512 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/07 20:00:54.0078 2512 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/07 20:00:54.0140 2512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/07 20:00:54.0203 2512 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/07 20:00:54.0281 2512 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/07 20:00:54.0359 2512 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/03/07 20:00:54.0390 2512 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/07 20:00:54.0406 2512 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/07 20:00:54.0468 2512 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/03/07 20:00:54.0500 2512 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/03/07 20:00:54.0578 2512 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/07 20:00:54.0625 2512 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/07 20:00:54.0671 2512 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/07 20:00:54.0703 2512 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/07 20:00:54.0734 2512 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/07 20:00:54.0750 2512 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/07 20:00:54.0812 2512 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/07 20:00:54.0859 2512 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/07 20:00:54.0937 2512 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/03/07 20:00:54.0984 2512 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/03/07 20:00:55.0015 2512 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/03/07 20:00:55.0046 2512 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/07 20:00:55.0109 2512 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/07 20:00:55.0234 2512 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/07 20:00:55.0265 2512 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/07 20:00:55.0281 2512 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/07 20:00:55.0343 2512 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/07 20:00:55.0406 2512 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/07 20:00:55.0437 2512 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/07 20:00:55.0484 2512 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/07 20:00:55.0500 2512 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/07 20:00:55.0546 2512 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/07 20:00:55.0578 2512 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/07 20:00:55.0609 2512 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/07 20:00:55.0750 2512 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/03/07 20:00:55.0781 2512 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/03/07 20:00:55.0859 2512 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/07 20:00:55.0890 2512 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/07 20:00:55.0953 2512 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/07 20:00:56.0000 2512 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/03/07 20:00:56.0015 2512 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/07 20:00:56.0062 2512 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/07 20:00:56.0140 2512 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/07 20:00:56.0218 2512 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/07 20:00:56.0234 2512 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/07 20:00:56.0296 2512 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/07 20:00:56.0375 2512 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/07 20:00:56.0406 2512 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/07 20:00:56.0531 2512 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/07 20:00:56.0562 2512 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/07 20:00:56.0609 2512 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/07 20:00:56.0625 2512 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/07 20:00:56.0656 2512 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/07 20:00:56.0671 2512 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/07 20:00:56.0687 2512 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/07 20:00:56.0703 2512 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/07 20:00:56.0750 2512 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/07 20:00:56.0765 2512 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/07 20:00:56.0796 2512 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/07 20:00:56.0843 2512 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/07 20:00:56.0859 2512 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/07 20:00:56.0906 2512 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/07 20:00:56.0937 2512 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/07 20:00:57.0031 2512 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/07 20:00:57.0078 2512 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/07 20:00:57.0093 2512 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/07 20:00:57.0109 2512 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/07 20:00:57.0171 2512 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/03/07 20:00:57.0218 2512 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/07 20:00:57.0234 2512 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/07 20:00:57.0265 2512 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/07 20:00:57.0281 2512 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/07 20:00:57.0328 2512 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/07 20:00:57.0359 2512 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/07 20:00:57.0421 2512 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/07 20:00:57.0437 2512 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/07 20:00:57.0500 2512 pfc (d1779c14abb7992f5c20c262ba5c7af2) C:\WINDOWS\system32\drivers\pfc.sys
2011/03/07 20:00:57.0531 2512 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/03/07 20:00:57.0625 2512 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/07 20:00:57.0703 2512 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/07 20:00:57.0718 2512 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/07 20:00:57.0796 2512 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/07 20:00:57.0828 2512 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/07 20:00:57.0843 2512 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/07 20:00:57.0875 2512 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/07 20:00:57.0890 2512 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/07 20:00:57.0921 2512 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/07 20:00:57.0968 2512 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/07 20:00:57.0984 2512 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/07 20:00:58.0015 2512 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/07 20:00:58.0031 2512 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/07 20:00:58.0046 2512 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/07 20:00:58.0078 2512 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/07 20:00:58.0125 2512 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/07 20:00:58.0203 2512 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/07 20:00:58.0234 2512 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/07 20:00:58.0296 2512 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/07 20:00:58.0359 2512 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/07 20:00:58.0421 2512 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/07 20:00:58.0484 2512 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/07 20:00:58.0562 2512 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/07 20:00:58.0593 2512 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/07 20:00:58.0640 2512 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/07 20:00:58.0671 2512 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/07 20:00:58.0718 2512 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/07 20:00:58.0750 2512 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/03/07 20:00:58.0781 2512 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/03/07 20:00:58.0875 2512 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/07 20:00:58.0984 2512 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/07 20:00:59.0046 2512 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/07 20:00:59.0062 2512 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/07 20:00:59.0156 2512 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/03/07 20:00:59.0203 2512 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/07 20:00:59.0218 2512 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/07 20:00:59.0265 2512 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/07 20:00:59.0343 2512 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/07 20:00:59.0390 2512 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/07 20:00:59.0406 2512 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/07 20:00:59.0437 2512 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/07 20:00:59.0468 2512 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/03/07 20:00:59.0484 2512 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/03/07 20:00:59.0500 2512 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/03/07 20:00:59.0515 2512 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/03/07 20:00:59.0531 2512 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/03/07 20:00:59.0546 2512 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/03/07 20:00:59.0562 2512 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/03/07 20:00:59.0578 2512 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/03/07 20:00:59.0609 2512 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/03/07 20:00:59.0656 2512 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/07 20:00:59.0687 2512 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/07 20:00:59.0718 2512 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/07 20:00:59.0781 2512 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/07 20:00:59.0828 2512 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/07 20:00:59.0890 2512 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/07 20:00:59.0937 2512 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/07 20:01:00.0031 2512 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/07 20:01:00.0046 2512 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/07 20:01:00.0093 2512 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/07 20:01:00.0250 2512 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/07 20:01:00.0312 2512 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/07 20:01:00.0328 2512 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/07 20:01:00.0390 2512 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/07 20:01:00.0437 2512 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/07 20:01:00.0500 2512 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/07 20:01:00.0546 2512 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/07 20:01:00.0625 2512 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/07 20:01:00.0734 2512 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/07 20:01:00.0796 2512 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/07 20:01:00.0828 2512 \HardDisk0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/03/07 20:01:00.0843 2512 ================================================================================
2011/03/07 20:01:00.0843 2512 Scan finished
2011/03/07 20:01:00.0843 2512 ================================================================================
2011/03/07 20:01:00.0843 2504 Detected object count: 1
2011/03/07 20:01:20.0062 2504 \HardDisk0 - will be cured after reboot
2011/03/07 20:01:20.0062 2504 Backdoor.Win32.Sinowal.knf(\HardDisk0) - User select action: Cure
2011/03/07 20:01:25.0109 0864 Deinitialize success
-
I rebooted and rescanned with Avast and its still reporting an MBR Rootkit
Any thoughts?
-
Here is the ESET scan.....looks like it found the same file in system restore that the original MBAM scan found
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=f4bf4ca0c679f042b79062e5330f403f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-02 12:31:20
# local_time=2011-03-01 07:31:20 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 862499 862499 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=131182
# found=1
# cleaned=1
# scan_time=5069
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP622\A0073611.exe probably a variant of MSIL/Injector.CF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Here is the security check log
Results of screen317's Security Check version 0.99.9
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java 6 Update 18
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
I tried a dummy run to access an online bank that gave me the popup and it seems to ok. I am going to reboot and try again.
Once again thanks for your help Screen
-
here is the DDS
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/12/2005 7:54:49 PM
System Uptime: 2/28/2011 7:06:55 AM (0 hours ago)
Motherboard: Dell Inc. | | 0RD203
Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 229 GiB total, 97.234 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP560: 11/30/2010 6:42:12 PM - System Checkpoint
RP561: 12/1/2010 7:20:38 PM - System Checkpoint
RP562: 12/2/2010 8:02:30 PM - System Checkpoint
RP563: 12/3/2010 8:31:36 PM - System Checkpoint
RP564: 12/4/2010 9:06:30 PM - System Checkpoint
RP565: 12/5/2010 9:53:26 PM - System Checkpoint
RP566: 12/7/2010 4:15:11 PM - System Checkpoint
RP567: 12/8/2010 4:20:47 PM - System Checkpoint
RP568: 12/9/2010 6:57:45 PM - System Checkpoint
RP569: 12/10/2010 1:18:21 PM - Restore Operation
RP570: 12/11/2010 2:00:11 PM - System Checkpoint
RP571: 12/12/2010 2:57:08 PM - System Checkpoint
RP572: 12/13/2010 6:06:35 PM - System Checkpoint
RP573: 12/14/2010 7:06:11 PM - System Checkpoint
RP574: 12/15/2010 7:44:07 PM - System Checkpoint
RP575: 12/16/2010 8:06:40 PM - System Checkpoint
RP576: 12/17/2010 7:27:31 AM - Software Distribution Service 3.0
RP577: 12/18/2010 8:35:57 AM - System Checkpoint
RP578: 12/19/2010 9:23:07 AM - System Checkpoint
RP579: 12/20/2010 10:07:40 AM - System Checkpoint
RP580: 12/21/2010 6:31:12 PM - System Checkpoint
RP581: 1/2/2011 7:39:00 AM - System Checkpoint
RP582: 1/3/2011 3:00:17 AM - Software Distribution Service 3.0
RP583: 1/4/2011 3:37:00 AM - System Checkpoint
RP584: 1/5/2011 7:24:55 AM - Software Distribution Service 3.0
RP585: 1/6/2011 7:55:11 AM - System Checkpoint
RP586: 1/7/2011 8:21:34 AM - System Checkpoint
RP587: 1/8/2011 8:28:09 AM - System Checkpoint
RP588: 1/9/2011 12:01:17 PM - System Checkpoint
RP589: 1/10/2011 6:15:50 PM - System Checkpoint
RP590: 1/11/2011 6:49:39 PM - System Checkpoint
RP591: 1/12/2011 5:57:26 AM - Software Distribution Service 3.0
RP592: 1/13/2011 3:54:42 PM - System Checkpoint
RP593: 1/14/2011 6:17:42 PM - System Checkpoint
RP594: 1/16/2011 11:24:37 AM - System Checkpoint
RP595: 1/17/2011 5:46:23 PM - System Checkpoint
RP596: 1/18/2011 6:02:54 PM - System Checkpoint
RP597: 1/19/2011 7:02:25 PM - System Checkpoint
RP598: 1/20/2011 8:10:48 PM - System Checkpoint
RP599: 1/21/2011 11:21:49 PM - System Checkpoint
RP600: 1/23/2011 9:17:33 AM - System Checkpoint
RP601: 1/24/2011 5:57:09 PM - System Checkpoint
RP602: 1/25/2011 7:26:08 PM - System Checkpoint
RP603: 1/26/2011 8:11:51 PM - System Checkpoint
RP604: 1/27/2011 8:35:23 PM - System Checkpoint
RP605: 2/6/2011 6:29:03 AM - System Checkpoint
RP606: 2/7/2011 6:16:03 PM - System Checkpoint
RP607: 2/8/2011 6:21:43 PM - System Checkpoint
RP608: 2/8/2011 10:21:54 PM - Software Distribution Service 3.0
RP609: 2/10/2011 6:00:18 PM - System Checkpoint
RP610: 2/11/2011 6:11:55 PM - System Checkpoint
RP611: 2/12/2011 6:43:00 PM - System Checkpoint
RP612: 2/14/2011 6:13:42 PM - System Checkpoint
RP613: 2/15/2011 6:41:26 PM - System Checkpoint
RP614: 2/16/2011 6:53:58 PM - System Checkpoint
RP615: 2/17/2011 6:57:01 PM - System Checkpoint
RP616: 2/18/2011 6:31:16 PM - pre av
RP617: 2/18/2011 6:31:54 PM - avast! Free Antivirus Setup
RP618: 2/20/2011 5:18:06 PM - System Checkpoint
RP619: 2/21/2011 8:22:20 PM - System Checkpoint
RP620: 2/22/2011 8:32:34 PM - System Checkpoint
RP621: 2/23/2011 10:24:32 PM - System Checkpoint
RP622: 2/25/2011 7:08:39 AM - System Checkpoint
RP623: 2/26/2011 10:21:09 AM - Removed AVG Free 8.5
RP624: 2/26/2011 10:21:58 AM - Removed AVG Free 8.5
RP625: 2/26/2011 10:25:43 AM - Removed AVG Free 8.5
RP626: 2/27/2011 11:15:02 AM - System Checkpoint
==== Installed Programs ======================
3ivx MPEG-4 5.0.1 Decoder (remove only)
7-Zip 4.57
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.9
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Banctec Service Agreement
Battlefield 2
Belarc Advisor 7.2
Belltech Greeting Card Designer 4.2
Camera Window
Canon Camera WIA Driver
Canon Camera Window for ZoomBrowser EX
Canon MultiPASS Suite 4.00
Canon PhotoRecord
Canon PowerShot S45 WIA Driver
Canon Utilities FileViewerUtility 1.0
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.6
Canon Utilities ZoomBrowser EX
CCleaner
Creative Audio Console
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
DivX Converter
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Setup
DivX Version Checker
Drivers Install For Linksys Easylink Advisor
DVD@ccess 2.0.3
EA Download Manager
Easy Card 3.1
EducateU
Eudora
Express Burn
FileASSASSIN
FileViewerUtility 1.0
Freenet
GameSpy Arcade
GearDrvs
Google Earth
GrabIt 1.7.2 Beta 4 (build 997)
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Resizer Powertoy for Windows XP
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2006-01-10
iPod Updater 2004-10-20
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java 6 Update 18
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor 1.6 (0032)
Macromedia Flash Player
Malwarebytes' Anti-Malware
Media Player Codec Pack 2.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Small Business
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Event Monitor
Modem Helper
Modem On Hold
Moyea FLV Player version: 2.0.2.96
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
muvee Plugin 1.0
NCH Toolbox
NewzToolz
NewzToolz v2.0.2
Operation Flashpoint uninstall
Optimum Online net guide
Panda ActiveScan
Photo Click
PhotoStitch
PicaView32
PowerDVD 5.5
Print Screen Deluxe
PunkBuster Services
Quake Live Mozilla Plugin
QuickBooks Simple Start Special Edition
QuickTime
RarZilla Free Unrar 2.52
RealPlayer Basic
RemoteCapture 2.6
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype 2.5
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sophos Anti-Rootkit 1.5.4
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy
Symantec Technical Support Advanced Chat Controls
Symantec Technical Support Web Controls
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinUHA 2.0 RC1 (2005.02.27)
WinZip
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
2/28/2011 7:05:27 AM, error: PlugPlayManager [11] - The device Root\LEGACY_MEMSWEEP2\0000 disappeared from the system without first being prepared for removal.
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The MpService service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/28/2011 6:53:00 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
2/26/2011 10:33:29 AM, error: Print [6161] - The document http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show& owned by John and Fran failed to print on printer Canon MultiPASS F30 Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 148072. Total number of pages in the document: 2. Number of pages printed: 1. Client machine: \\DCM5KS81. Win32 error code returned by the print processor: 0 (0x0).
2/24/2011 6:45:13 AM, error: Service Control Manager [7016] - The MpService service has reported an invalid current state 0.
==== End Of File ===========================
Here is the Combofix
ComboFix 11-02-27.02 - John and Fran 02/28/2011 6:53.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1676 [GMT -5:00]
Running from: c:\documents and settings\John and Fran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John and Fran\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FILE ::
"c:\windows\system32\5.tmp"
"c:\windows\system32\drivers\ntrtrgh.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
-------\Service_rdrmqo
((((((((((((((((((((((((( Files Created from 2011-01-28 to 2011-02-28 )))))))))))))))))))))))))))))))
.
2011-02-25 23:50 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-18 23:32 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-18 23:32 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-18 23:32 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-18 23:32 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-18 23:32 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-18 23:32 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-18 23:32 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-18 23:32 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-02-18 23:31 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-18 23:31 . 2011-02-18 23:31 -------- d-----w- c:\program files\Alwil Software
2011-02-18 23:31 . 2011-02-18 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-16 15:35 . 2011-02-16 15:35 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-16 15:32 . 2011-02-16 15:32 -------- d-----w- c:\documents and settings\John and Fran\Local Settings\Application Data\Sunbelt Software
2011-02-16 15:31 . 2011-02-16 15:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-15 23:53 . 2011-02-15 23:53 -------- d-----w- c:\program files\Sophos
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-27 23:25 . 2007-09-06 23:56 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-27 23:23 . 2009-03-26 22:38 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-27 23:23 . 2007-09-06 23:56 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-16 15:35 . 2009-04-03 10:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-16 15:35 . 2009-04-03 02:35 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-01-21 14:44 . 2004-08-10 18:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 18:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-10 18:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-10 18:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2009-02-18 15:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-02-18 15:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 22:15 . 2004-08-10 18:51 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15 . 2004-08-10 18:51 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:15 . 2004-08-10 18:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 17:26 . 2004-08-10 18:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 15:30 . 2004-08-10 18:51 369664 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-10 18:51 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-10 18:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-10 18:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Freenet Tray.lnk - c:\program files\Freenet\bin\freenettray.exe [2010-6-14 465251]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Freenet Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Freenet Tray.lnk
backup=c:\windows\pss\Freenet Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-02-16 15:34 939848 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 03:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 16:43 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 13:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-01-09 20:11 3321856 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 23:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 02:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\monitr32]
2001-08-21 22:52 311296 ----a-w- c:\program files\Canon\MultiPASS4\monitr32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
2001-08-21 22:52 151552 ----a-w- c:\program files\Canon\MultiPASS4\mptbox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2006-07-06 22:53 20034600 ----a-w- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\services.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1559:TCP"= 1559:TCP:Services
"1618:TCP"= 1618:TCP:Services
"2193:TCP"= 2193:TCP:Services
"4383:TCP"= 4383:TCP:Services
"7266:TCP"= 7266:TCP:Services
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/2/2009 9:35 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/25/2011 6:50 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/18/2011 6:32 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/18/2011 6:32 PM 19544]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [4/21/2009 1:54 PM 29156]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 freenet;Freenet background service;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [10/23/2009 1:43 PM 241664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 4:05 AM 15232]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
TCP: {C7286E96-F0C4-439A-ACBC-53F753730663} = 195.242.208.40
TCP: {D007FA9F-2198-4403-9A17-E2E55FA1E4B3} = 195.242.208.40
FF - ProfilePath - c:\documents and settings\John and Fran\Application Data\Mozilla\Firefox\Profiles\j9fk5lqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-28 07:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2430473397-3533442952-3856520278-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2430473397-3533442952-3856520278-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2430473397-3533442952-3856520278-1006)
@Allowed: (Read) (S-1-5-21-2430473397-3533442952-3856520278-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-02-28 07:18:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-28 12:18
ComboFix2.txt 2011-02-26 16:20
ComboFix3.txt 2009-04-18 15:08
Pre-Run: 104,404,025,344 bytes free
Post-Run: 104,370,270,208 bytes free
- - End Of File - - 9E79CEA257A32C9DC7DBC1700CED2B46
Thanks again for your help
-
here is the MBAM quick scan
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5883
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
2/26/2011 10:15:05 AM
mbam-log-2011-02-26 (10-15-05).txt
Scan type: Quick scan
Objects scanned: 158805
Time elapsed: 5 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
__________________________________________________________________________
____________________________________________________________________________
The forum will not allow me to post the ComboFix Log as it is too long. So I am attaching the text file
Thanks again for your help
-
I would like to try to get rid of this virus, rather than reformat. Can you advise please?
-
I'll get back to you tomorrow. Thanks for the help.
-
Thats not good.
Before I take the next steps can you tell me what trojan it is and where the logs indicate that it is present?
Is it the PWS trojan shown by MBAM, or is there something else you can see?
Thanks again
-
Thank you for your reply.
here is the DDS
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John and Fran\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\freene~1.lnk - c:\program files\freenet\bin\freenettray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://offsite.cartus.com/msrdp.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {C7286E96-F0C4-439A-ACBC-53F753730663} = 195.242.208.40
TCP: {D007FA9F-2198-4403-9A17-E2E55FA1E4B3} = 195.242.208.40
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\johnan~1\applic~1\mozilla\firefox\profiles\j9fk5lqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\john and fran\application data\mozilla\firefox\profiles\j9fk5lqv.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-2 64512]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-18 294608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-18 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-18 40384]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 297752]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2009-4-21 29156]
S0 rdrmqo;rdrmqo;c:\windows\system32\drivers\ntrtrgh.sys --> c:\windows\system32\drivers\ntrtrgh.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 freenet;Freenet background service;c:\program files\freenet\bin\wrapper-windows-x86-32.exe [2009-10-23 241664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
=============== Created Last 30 ================
2011-02-18 23:32:00 38848 ----a-w- c:\windows\avastSS.scr
2011-02-18 23:31:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-16 15:35:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-16 15:32:20 -------- d-----w- c:\docume~1\johnan~1\locals~1\applic~1\Sunbelt Software
2011-02-16 15:31:23 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-15 23:53:04 -------- d-----w- c:\program files\Sophos
==================== Find3M ====================
2011-02-24 01:39:00 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-24 01:39:00 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-16 15:35:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15:52 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:15:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 15:30:29 369664 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
============= FINISH: 6:47:07.39 ===============
Here is the MBAM, I ran a full scan last night, before I received your instruction to run a quick scan. It detected trojan PWS but the problem is still there
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5863
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
2/24/2011 6:38:49 AM
mbam-log-2011-02-24 (06-38-49).txt
Scan type: Full scan (C:\|)
Objects scanned: 264176
Time elapsed: 1 hour(s), 13 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP613\A0072823.exe (Trojan.PWS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP613\A0072822.exe (Trojan.PWS) -> Quarantined and deleted successfully.
Thanks again
-
Hello
My PC is infected with some malware which interferes when I try to do online banking. It displays a very offical looking popup which asks for personal information like SS# and PIN. There are also processes running in the background all the time (I can hear the disk accessing) but I cant see anything obvious in task manager processes, and my PC runs very slowly especially when i'm online with (I use Firefox 5.0).
I ran MBAM and it reported no malicious items detected. I also scanned with Spybot S&D, Adaware and AVG and they all found nothing. I ran Avast and it round sinowal@mbr which it removed and each subsequent scan found rootkit: hidden boot sector which does not go away after each clean up. and the popup still shows every time I try to log on to the bank site .
Can you help please?
-
Im not sure> my machine has an automatic reset to factoiry spec facility which will wipe and reinstall automatically. Either way I think you have done all you can and i am very grateful for your help. Thanks.
John
-
Hi Advancedsetup. I did the things you suggest
Its just getting worse. I get more frequent lock ups, the hard drive is constantly accessing, and many apps dont run ie itunes, windows medis, divxplayer, Battlefield 2. I have been backing up my data and the CD burner also keeps locking up. I amthiinking of doing format C and reloading XP and starting again. What do you think?
-
OK thanks
-
here are the files:
Malwarebytes' Anti-Malware 1.36
Database version: 1989
Windows 5.1.2600 Service Pack 3
4/16/2009 8:55:04 AM
mbam-log-2009-04-16 (08-55-04).txt
Scan type: Quick Scan
Objects scanned: 74073
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is the bootlog.................................. this is the second pass as the first was so large
Service Pack 3 4 16 2009 17:17:19.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver Lbd.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\ati2mtag.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\IntelC53.sys
Loaded driver \SystemRoot\system32\DRIVERS\IntelC51.sys
Loaded driver \SystemRoot\system32\DRIVERS\IntelC52.sys
Loaded driver \SystemRoot\system32\DRIVERS\mohfilt.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\system32\DRIVERS\gameenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\SymIM.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys
Loaded driver \SystemRoot\system32\drivers\emupia2k.sys
Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\system32\drivers\ctac32k.sys
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\ssrtln.sys
Did not load driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\Drivers\avgtdix.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys
Loaded driver \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMREDRV.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMDNS.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMNDIS.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMFW.SYS
Loaded driver \SystemRoot\System32\Drivers\SYMIDS.SYS
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090225.002\SymIDSCo.sys
Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\serial.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\Drivers\SRTSPX.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys
Loaded driver \SystemRoot\System32\Drivers\avgldx86.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\drivers\drvnddm.sys
Loaded driver \SystemRoot\system32\dla\tfsndres.sys
Loaded driver \SystemRoot\system32\dla\tfsnifs.sys
Loaded driver \SystemRoot\system32\dla\tfsnopio.sys
Loaded driver \SystemRoot\system32\dla\tfsnpool.sys
Loaded driver \SystemRoot\system32\dla\tfsnboio.sys
Loaded driver \SystemRoot\system32\dla\tfsncofs.sys
Loaded driver \SystemRoot\system32\dla\tfsndrct.sys
Loaded driver \SystemRoot\system32\dla\tfsnudf.sys
Loaded driver \SystemRoot\system32\dla\tfsnudfa.sys
Loaded driver \SystemRoot\system32\DRIVERS\elagopro.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\CO_Mon.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ASCTRM.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\cis1284.sys
Loaded driver \SystemRoot\system32\DRIVERS\dsunidrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\elaunidr.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\PfModNT.sys
Loaded driver \SystemRoot\system32\DRIVERS\secdrv.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090412.003\NAVEX15.SYS
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090412.003\NAVENG.SYS
Did not load driver \SystemRoot\System32\Drivers\SRTSPX.SYS
Loaded driver \SystemRoot\System32\Drivers\SRTSP.SYS
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Here is the rootrepeal log................................................
ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/16 17:28
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB07E2000 Size: 98304 File Visible: No
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5F2000 Size: 8192 File Visible: No
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAD724000 Size: 45056 File Visible: No
Status: -
Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\WINDOWS\ntbtlog.txt
Status: Size mismatch (API: 17464, Raw: 17354)
Path: C:\Documents and Settings\John and Fran\Cookies\john and fran@malwarebytes[1].txt
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\John and Fran\Cookies\john and fran@malwarebytes[2].txt
Status: Visible to the Windows API, but not on disk.
SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89cf5880
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba0f887e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba0f8c10
Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x8a44a390]
Process: System Address: 0x898a5bd0 Size: -
Object: Hidden Code [ETHREAD: 0x8a329248]
Process: System Address: 0x89874c20 Size: -
Object: Hidden Code [ETHREAD: 0x8a306da8]
Process: System Address: 0x898c2e40 Size: -
Object: Hidden Code [ETHREAD: 0x8a2fb8e8]
Process: System Address: 0x89884160 Size: -
Object: Hidden Code [ETHREAD: 0x890cc660]
Process: System Address: 0x898a5bd0 Size: -
Object: Hidden Code [ETHREAD: 0x88f563d0]
Process: System Address: 0x89874c20 Size: -
Object: Hidden Code [ETHREAD: 0x899d42b0]
Process: System Address: 0x898c2e40 Size: -
Object: Hidden Code [ETHREAD: 0x8a74b020]
Process: System Address: 0x89884160 Size: -
Object: Hidden Code [ETHREAD: 0x88b4d938]
Process: System Address: 0x898a5bd0 Size: -
Object: Hidden Code [ETHREAD: 0x88af1020]
Process: System Address: 0x89874c20 Size: -
Object: Hidden Code [ETHREAD: 0x88b4bb38]
Process: System Address: 0x898c2e40 Size: -
Object: Hidden Code [ETHREAD: 0x88b71a90]
Process: System Address: 0x89884160 Size: -
-
Hi Advanced Setup
I'll do that. Meantime, this may be important...... I ran Dr Web again last night (it takes around 4 hours to complete). When I restarted everything was fine and stayed fine until i connnected to the internet. Then itunes, windows media and others failed to work and the system has erratic lock ups. It seems that whatever fixed dr Web has put in place are undoen whene i connect to the internet. Could something be dialling out in the background?
I'll get back to you on the other fixes.....
-
I have also just noticed that even though I set MSCONFIG to full start up, the system always only starts with selective startup
-
Hi the disk check is done and was fine. Dr Web was completed and immediately after reboot, everything was fine! ie windows media , itunes all worked perfectly for one time only and now they won't load again. HOWEVER.....overall the pc is running much better and doesn't lock up. Clearly Dr Web got rid of some stuff, but there is still something running in the background which is conflicting with some other apps. Dr Web in heuristic mode also gave some false positives as you suspected it would in your instructions. This included ComboFix, FYI.
Here is the Dr Web log:
ComboFix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\John and Fran\Desktop\ComboFix.exe/data002;Probably BATCH.Virus;;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\John and Fran\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\John and Fran\Desktop;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\John and Fran\Desktop;Container contains infected objects;Moved.;
smitRem.exe\smitRem/Process.exe;C:\Documents and Settings\John and Fran\Desktop\smitRem.exe;Tool.Prockill;;
smitRem.exe\smitRem/pv.exe;C:\Documents and Settings\John and Fran\Desktop\smitRem.exe;Program.PrcView.3741;;
smitRem.exe;C:\Documents and Settings\John and Fran\Desktop;Archive contains infected objects;Moved.;
Fport.exe;C:\Documents and Settings\John and Fran\Desktop\Fport-2.0\Fport-2.0;Program.FPort.20;;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\John and Fran\Desktop\N360\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\John and Fran\Desktop\N360\SmitfraudFix.exe;Tool.ShutDown.14;;
SmitfraudFix.exe;C:\Documents and Settings\John and Fran\Desktop\N360;Archive contains infected objects;Moved.;
Process.exe;C:\Documents and Settings\John and Fran\Desktop\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\Documents and Settings\John and Fran\Desktop\SmitfraudFix;Tool.ShutDown.14;Moved.;
Process.exe;C:\Documents and Settings\John and Fran\Desktop\smitRem;Tool.Prockill;Moved.;
pv.exe;C:\Documents and Settings\John and Fran\Desktop\smitRem;Program.PrcView.3741;Moved.;
A0122831.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1038;Program.FPort.20;Moved.;
A0124013.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1038;Tool.Prockill;Moved.;
A0175038.exe\data006;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1097\A0175038.exe;Adware.Webdir;;
A0175038.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1097;Archive contains infected objects;Moved.;
A0178066.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1098;Probably BATCH.Virus;;
A0179066.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1098;Probably BATCH.Virus;;
A0179109.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1099;Probably BATCH.Virus;;
A0179112.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1099;Program.PsExec.170;Moved.;
A0188129.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1099;Probably BATCH.Virus;;
A0188199.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1100;Probably BATCH.Virus;;
A0198159.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1100;Probably BATCH.Virus;;
A0198226.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1100;Probably BATCH.Virus;;
A0203309.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1100;Probably BATCH.Virus;;
A0203367.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1100;Probably BATCH.Virus;;
A0203438.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1101;Probably BATCH.Virus;;
A0203507.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1101;Probably BATCH.Virus;;
A0203576.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102;Probably BATCH.Virus;;
A0210664.exe\smitRem/Process.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102\A0210664.exe;Tool.Prockill;;
A0210664.exe\smitRem/pv.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102\A0210664.exe;Program.PrcView.3741;;
A0210664.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102;Archive contains infected objects;Moved.;
A0210665.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102\A0210665.exe;Tool.Prockill;;
A0210665.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102\A0210665.exe;Tool.ShutDown.14;;
A0210665.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102;Archive contains infected objects;Moved.;
A0210666.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102;Tool.Prockill;Moved.;
A0210667.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102;Tool.ShutDown.14;Moved.;
A0210668.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102;Tool.Prockill;Moved.;
A0210669.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1102;Program.PrcView.3741;Moved.;
-
I'll try your suggestions, in the meantime I finally got MBAM to complete a scan without locking up. It came back clean, but locked immediately afterwards so something is still there. I ran CF multiple times so I am posting the latest logs from MBAM and CF. Meanwhile ill try your suggestions. Thanks again.
Here is CF
ComboFix 09-04-15.08 - John and Fran 04/15/2009 6:37.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1425 [GMT -4:00]
Running from: c:\documents and settings\John and Fran\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-12 23:32 . 2009-04-13 02:05 -------- d--h--w C:\$AVG8.VAULT$
2009-04-12 19:13 . 2009-04-12 19:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-12 19:13 . 2009-04-12 19:13 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-12 19:13 . 2009-04-12 19:13 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-12 19:13 . 2009-04-14 22:21 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-12 19:13 . 2009-04-12 19:13 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-12 18:37 . 2009-04-12 18:37 30720 ----a-w c:\windows\system32\drivers\rootrepeal.sys
2009-04-03 10:39 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-03 02:35 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-03 02:33 . 2009-04-03 02:33 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-02 01:47 . 2009-04-03 00:55 -------- d-----w c:\documents and settings\John and Fran\Pavark(2)
2009-03-26 22:38 . 2009-04-01 01:52 189472 ----a-w c:\windows\system32\PnkBstrB.xtr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 10:39 . 2009-02-19 22:54 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-15 02:10 . 2009-04-03 10:56 14469 ----a-w C:\aaw7boot.log
2009-04-15 01:56 . 2008-12-12 22:07 -------- d-----w c:\documents and settings\John and Fran\Application Data\GrabIt
2009-04-12 19:13 . 2009-04-12 19:13 -------- d-----w c:\program files\AVG
2009-04-12 17:01 . 2009-02-19 22:57 -------- d-----w c:\program files\Norton 360
2009-04-12 16:33 . 2009-02-18 15:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:32 . 2009-02-18 15:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-02-18 15:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 02:33 . 2008-05-20 12:06 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-03 02:33 . 2005-11-23 00:51 -------- d-----w c:\program files\Lavasoft
2009-04-03 00:55 . 2009-04-02 02:05 -------- d-----w c:\program files\FileASSASSIN
2009-04-02 01:52 . 2009-04-02 01:52 -------- d-----w c:\program files\Panda Security
2009-03-06 21:21 . 2007-09-06 23:56 140216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 21:21 . 2007-09-06 23:56 201352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-02 14:14 . 2009-03-19 19:45 198074 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-02-24 15:51 . 2009-02-19 22:56 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-24 15:51 . 2009-02-19 22:56 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-24 15:51 . 2009-02-19 22:56 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-02-24 15:51 . 2009-02-19 22:56 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-24 15:51 . 2009-02-19 22:55 -------- d-----w c:\program files\Symantec
2009-02-21 14:10 . 2006-05-26 19:26 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-20 00:54 . 2006-05-31 23:49 -------- d-----w c:\program files\ewido anti-malware
2009-02-20 00:50 . 2009-02-20 00:50 -------- d-----w c:\program files\CCleaner
2009-02-20 00:13 . 2009-02-06 02:08 -------- d-----w c:\documents and settings\John and Fran\Application Data\Symantec
2009-02-19 22:57 . 2009-02-19 22:57 -------- d-----w c:\program files\Windows Sidebar
2009-02-19 17:03 . 2009-02-19 17:03 579464 ----a-w c:\windows\system32\SymNeti.dll
2009-02-19 17:03 . 2009-02-19 17:03 207240 ----a-w c:\windows\system32\SymRedir.dll
2009-02-19 16:31 . 2009-02-19 16:31 9844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 16:31 . 2009-02-19 16:31 1611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-19 16:31 . 2008-02-06 21:43 31280 ----a-w c:\windows\system32\drivers\SymIM.sys
2009-02-19 16:31 . 2009-02-19 16:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 16:31 . 2009-02-19 16:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 16:31 . 2009-02-19 16:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 16:31 . 2009-02-19 16:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys
2009-02-19 16:31 . 2009-02-19 16:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 16:31 . 2009-02-19 16:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 16:31 . 2009-02-19 16:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-16 22:59 . 2006-05-26 21:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-16 22:59 . 2006-05-26 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 11:13 . 2008-10-15 19:20 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 18:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 14:55 . 2006-06-01 01:05 1128 ----a-w C:\rapport.txt
2009-01-23 01:04 . 2009-01-23 01:04 16 ----a-w C:\h.txt
2009-01-21 01:06 . 2009-01-21 01:06 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-21 01:06 . 2005-11-08 12:20 109080 ----a-w c:\windows\system32\OpenAL32.dll
2008-07-16 13:12 . 2006-02-12 22:38 29552 ----a-w c:\documents and settings\John and Fran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-31 23:49 . 2006-05-31 23:49 48872 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-04-13_19.51.30.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 02:10 . 2009-04-15 02:10 16384 c:\windows\temp\Perflib_Perfdata_784.dat
- 2008-07-13 07:07 . 2009-04-12 19:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-13 07:07 . 2009-04-14 10:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-11-13 00:42 . 2009-04-14 10:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-13 00:42 . 2009-04-12 19:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-13 00:42 . 2009-04-12 19:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-13 00:42 . 2009-04-14 10:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-08 15:31 . 2009-04-14 21:42 102400 c:\windows\Installer\{9F70BF98-003C-491D-81FC-FF9792206AF0}\iTunesIco.exe
- 2008-07-08 15:31 . 2008-07-08 15:31 102400 c:\windows\Installer\{9F70BF98-003C-491D-81FC-FF9792206AF0}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-12 19:13 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-03-09 19:06 515416 ----a-w c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 03:05 344064 ----a-w c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-04-12 19:13 1932568 ----a-w c:\progra~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 16:43 57344 ----a-w c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-08-13 22:32 206064 ----a-w c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 13:24 16384 ----a-w c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-01-09 20:11 3321856 ----a-w c:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 23:16 454784 ----a-w c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 02:12 221184 ----a-w c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 15:13 267048 ----a-w c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\monitr32]
2001-08-21 22:52 311296 ----a-w c:\program files\Canon\MultiPASS4\monitr32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
2001-08-21 22:52 151552 ----a-w c:\program files\Canon\MultiPASS4\mptbox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2008-02-26 14:50 988512 ----a-w c:\program files\Norton 360\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2006-07-06 22:53 20034600 ----a-w c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 23:48 32881 ----a-w c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-w c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w c:\windows\Updreg.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 rdrmqo;rdrmqo; [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 COMMONFX.SYS;COMMONFX.SYS; [x]
R3 COMMONFX;COMMONFX; [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS; [x]
R3 CTAUDFX;CTAUDFX; [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS; [x]
R3 CTERFXFX;CTERFXFX; [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS; [x]
R3 CTSBLFX;CTSBLFX; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-12 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-12 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-12 298264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92b671b6-c4a4-11dd-8690-00123fb0df31}]
\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 06:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2430473397-3533442952-3856520278-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2430473397-3533442952-3856520278-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2430473397-3533442952-3856520278-1006)
@Allowed: (Read) (S-1-5-21-2430473397-3533442952-3856520278-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(260)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-15 6:41
ComboFix-quarantined-files.txt 2009-04-15 10:41
ComboFix2.txt 2009-04-15 02:07
ComboFix3.txt 2009-04-14 21:30
ComboFix4.txt 2009-04-14 14:06
ComboFix5.txt 2009-04-15 10:36
Pre-Run: 43,337,949,184 bytes free
Post-Run: 43,318,116,352 bytes free
252 --- E O F --- 2009-04-03 07:02
Here is M<BAM
Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3
4/15/2009 6:25:24 AM
mbam-log-2009-04-15 (06-25-24).txt
Scan type: Full Scan (C:\|)
Objects scanned: 195555
Time elapsed: 1 hour(s), 18 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Since running combofix, clearly something has changed as the system initially runs much faster. But it gradually slows down and eventually locks. for that reason I couldn't run a MBAM scan; it just locks up halfway through. Also I can't run certain apps like iTunes or windows media. When it locks I reboot and then it keeps locking. If I reboot and run Combofix again it runs better for a while and then eventuslly locks agaiin. Any thoughts?
-
OK i'll run a full scan tonight. But I'm curious; Combofix and HJT don't fix or remove stuff, they simply log it right? So what have the logs indicated?
-
Hi there
No I am not posting to any other forum. I scanned this forum for potentai answers before posting...thats where i got rootrepeal. Thanks for looking at this.....
Here is the combofix log:
ComboFix 09-04-13.A2 - John and Fran 2009-04-13 19:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1548 [GMT -4:00]
Running from: c:\documents and settings\John and Fran\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\imas3r
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\t1t.exe
c:\windows\system32\wpcap.dll
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.
2009-04-12 23:32 . 2009-04-13 02:05 -------- d--h--w C:\$AVG8.VAULT$
2009-04-12 19:13 . 2009-04-12 19:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-12 19:13 . 2009-04-12 19:13 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-12 19:13 . 2009-04-12 19:13 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-12 19:13 . 2009-04-13 22:22 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-12 19:13 . 2009-04-12 19:13 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-12 18:37 . 2009-04-12 18:37 30720 ----a-w c:\windows\system32\drivers\rootrepeal.sys
2009-04-03 10:39 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-03 02:35 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-03 02:33 . 2009-04-03 02:33 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-02 01:47 . 2009-04-03 00:55 -------- d-----w c:\documents and settings\John and Fran\Pavark(2)
2009-03-26 22:38 . 2009-04-01 01:52 189472 ----a-w c:\windows\system32\PnkBstrB.xtr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 23:46 . 2009-02-19 22:54 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-13 23:46 . 2009-04-03 10:56 7749 ----a-w C:\aaw7boot.log
2009-04-13 22:30 . 2008-12-12 22:07 -------- d-----w c:\documents and settings\John and Fran\Application Data\GrabIt
2009-04-12 19:13 . 2009-04-12 19:13 -------- d-----w c:\program files\AVG
2009-04-12 17:01 . 2009-02-19 22:57 -------- d-----w c:\program files\Norton 360
2009-04-12 16:33 . 2009-02-18 15:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:32 . 2009-02-18 15:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-02-18 15:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 02:33 . 2008-05-20 12:06 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-03 02:33 . 2005-11-23 00:51 -------- d-----w c:\program files\Lavasoft
2009-04-03 00:55 . 2009-04-02 02:05 -------- d-----w c:\program files\FileASSASSIN
2009-04-02 01:52 . 2009-04-02 01:52 -------- d-----w c:\program files\Panda Security
2009-03-06 21:21 . 2007-09-06 23:56 140216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 21:21 . 2007-09-06 23:56 201352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-02 14:14 . 2009-03-19 19:45 198074 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-02-24 15:51 . 2009-02-19 22:56 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-24 15:51 . 2009-02-19 22:56 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-24 15:51 . 2009-02-19 22:56 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-02-24 15:51 . 2009-02-19 22:56 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-24 15:51 . 2009-02-19 22:55 -------- d-----w c:\program files\Symantec
2009-02-21 14:10 . 2006-05-26 19:26 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-20 00:54 . 2006-05-31 23:49 -------- d-----w c:\program files\ewido anti-malware
2009-02-20 00:50 . 2009-02-20 00:50 -------- d-----w c:\program files\CCleaner
2009-02-20 00:13 . 2009-02-06 02:08 -------- d-----w c:\documents and settings\John and Fran\Application Data\Symantec
2009-02-19 22:57 . 2009-02-19 22:57 -------- d-----w c:\program files\Windows Sidebar
2009-02-19 17:03 . 2009-02-19 17:03 579464 ----a-w c:\windows\system32\SymNeti.dll
2009-02-19 17:03 . 2009-02-19 17:03 207240 ----a-w c:\windows\system32\SymRedir.dll
2009-02-19 16:31 . 2009-02-19 16:31 9844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 16:31 . 2009-02-19 16:31 1611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-19 16:31 . 2008-02-06 21:43 31280 ----a-w c:\windows\system32\drivers\SymIM.sys
2009-02-19 16:31 . 2009-02-19 16:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 16:31 . 2009-02-19 16:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 16:31 . 2009-02-19 16:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 16:31 . 2009-02-19 16:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys
2009-02-19 16:31 . 2009-02-19 16:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 16:31 . 2009-02-19 16:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 16:31 . 2009-02-19 16:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-16 22:59 . 2006-05-26 21:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-16 22:59 . 2006-05-26 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 11:13 . 2008-10-15 19:20 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 18:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 14:55 . 2006-06-01 01:05 1128 ----a-w C:\rapport.txt
2009-01-23 01:04 . 2009-01-23 01:04 16 ----a-w C:\h.txt
2009-01-21 01:06 . 2009-01-21 01:06 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-21 01:06 . 2005-11-08 12:20 109080 ----a-w c:\windows\system32\OpenAL32.dll
2008-07-16 13:12 . 2006-02-12 22:38 29552 ----a-w c:\documents and settings\John and Fran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-31 23:49 . 2006-05-31 23:49 48872 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-12 1932568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-12 15:13 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-03-09 15:06 515416 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-05 23:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-10-17 16:52 51048 c:\program files\Common Files\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 12:43 57344 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 18:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 03:05 127035 c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2009-01-09 16:11 3321856 c:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 19:16 454784 c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 22:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 12:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 12:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\monitr32]
--a------ 2001-08-21 18:52 311296 c:\program files\Canon\MultiPASS4\monitr32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
--a------ 2001-08-21 18:52 151552 c:\program files\Canon\MultiPASS4\mptbox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2008-02-26 10:50 988512 c:\program files\Norton 360\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-06 18:53 20034600 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 19:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 rdrmqo;rdrmqo; [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 COMMONFX.SYS;COMMONFX.SYS; [x]
R3 COMMONFX;COMMONFX; [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS; [x]
R3 CTAUDFX;CTAUDFX; [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS; [x]
R3 CTERFXFX;CTERFXFX; [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS; [x]
R3 CTSBLFX;CTSBLFX; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-12 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-12 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-12 298264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92b671b6-c4a4-11dd-8690-00123fb0df31}]
\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06]
2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CTHelper - CTHELPER.EXE
MSConfigStartUp-CTXFIREG - CTxfiReg.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 19:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2430473397-3533442952-3856520278-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2430473397-3533442952-3856520278-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-2430473397-3533442952-3856520278-1006)
@Allowed: (Read) (S-1-5-21-2430473397-3533442952-3856520278-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-13 19:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-13 23:52
Pre-Run: 47,436,107,776 bytes free
Post-Run: 48,089,309,184 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
274 --- E O F --- 2009-04-03 07:02
and here is the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:10, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\John and Fran\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://offsite.cartus.com/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
--
End of file - 7512 bytes
I hope you can use this to advise on how to fix this. Thanks again
John
-
Thanks for reopening this
here is DDS.txt
DDS (Ver_09-03-16.01) - NTFSx86
Run by John and Fran at 16:12:52.68 on Sun 04/12/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1492 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John and Fran\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://offsite.cartus.com/msrdp.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcDvusS
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-2 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-12 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 298264]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-12 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090412.003\NAVENG.SYS [2009-4-12 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090412.003\NAVEX15.SYS [2009-4-12 876144]
S0 rdrmqo;rdrmqo;c:\windows\system32\drivers\ntrtrgh.sys --> c:\windows\system32\drivers\ntrtrgh.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2004-12-10 30336]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640]
S3 rootrepeal;rootrepeal;c:\windows\system32\drivers\rootrepeal.sys [2009-4-12 30720]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-2-19 1245064]
=============== Created Last 30 ================
2009-04-12 15:13 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-12 15:13 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-12 15:13 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-12 15:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-12 15:13 <DIR> --d----- c:\program files\AVG
2009-04-12 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-12 14:37 30,720 a------- c:\windows\system32\drivers\rootrepeal.sys
2009-04-03 06:39 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-02 22:35 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-02 22:33 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-01 22:05 <DIR> --d----- c:\program files\FileASSASSIN
2009-04-01 21:52 <DIR> --d----- c:\program files\Panda Security
2009-04-01 21:47 <DIR> --d----- c:\documents and settings\john and fran\Pavark(2)
2009-03-26 18:38 189,472 a------- c:\windows\system32\PnkBstrB.xtr
==================== Find3M ====================
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-06 17:21 140,216 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-06 17:21 201,352 a------- c:\windows\system32\PnkBstrB.exe
2009-03-02 10:14 198,074 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-02-24 11:51 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-24 11:51 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-24 11:51 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-24 11:51 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 12:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 12:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-20 21:06 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-01-20 21:06 109,080 a------- c:\windows\system32\OpenAL32.dll
2006-12-30 00:34 104 ---shr-- c:\windows\system32\858344CD46.sys
============= FINISH: 16:13:17.29 ===============
and here is attach.txt
DDS (Ver_09-03-16.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/12/2005 7:54:49 PM
System Uptime: 4/12/2009 4:05:40 PM (0 hours ago)
Motherboard: Dell Inc. | | 0RD203
Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 229 GiB total, 44.816 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1007: 1/4/2009 1:06:01 PM - System Checkpoint
RP1008: 1/5/2009 5:45:37 PM - System Checkpoint
RP1009: 1/6/2009 6:22:55 PM - System Checkpoint
RP1010: 1/7/2009 6:43:32 PM - System Checkpoint
RP1011: 1/8/2009 8:39:14 PM - System Checkpoint
RP1012: 1/9/2009 8:50:10 PM - System Checkpoint
RP1013: 1/10/2009 9:50:07 PM - System Checkpoint
RP1014: 1/11/2009 10:50:08 PM - System Checkpoint
RP1015: 1/13/2009 8:23:36 AM - System Checkpoint
RP1016: 1/14/2009 6:24:25 PM - System Checkpoint
RP1017: 1/15/2009 7:18:39 PM - Software Distribution Service 3.0
RP1018: 1/16/2009 5:46:48 PM - friday 16 jan
RP1019: 1/17/2009 6:23:07 PM - System Checkpoint
RP1020: 1/18/2009 8:55:26 PM - System Checkpoint
RP1021: 1/19/2009 9:28:10 PM - System Checkpoint
RP1022: 1/20/2009 8:07:14 PM - Installed Creative Audio Console
RP1023: 1/21/2009 10:01:18 PM - Restore Operation
RP1024: 1/21/2009 10:07:09 PM - Restore Operation
RP1025: 1/21/2009 10:23:08 PM - Restore Operation
RP1026: 1/21/2009 11:18:21 PM - Restore Operation
RP1027: 1/23/2009 6:48:12 PM - System Checkpoint
RP1028: 1/25/2009 9:06:24 AM - System Checkpoint
RP1029: 1/26/2009 12:48:41 PM - System Checkpoint
RP1030: 1/27/2009 6:20:05 PM - System Checkpoint
RP1031: 1/28/2009 6:49:15 PM - System Checkpoint
RP1032: 2/1/2009 7:03:18 PM - System Checkpoint
RP1033: 2/2/2009 7:10:42 PM - System Checkpoint
RP1034: 2/3/2009 7:55:10 PM - System Checkpoint
RP1035: 2/4/2009 7:56:19 PM - System Checkpoint
RP1036: 2/6/2009 8:57:09 PM - System Checkpoint
RP1037: 2/7/2009 3:44:24 PM - Ad-Aware Restore Point 2009-02-07 15:44:20
RP1038: 2/7/2009 6:22:09 PM - Restore Operation
RP1039: 2/8/2009 4:37:43 PM - pre update
RP1040: 2/8/2009 4:40:45 PM - Removed LiveUpdate (Symantec Corporation)
RP1041: 2/9/2009 6:46:21 PM - Restore Operation
RP1042: 2/10/2009 6:52:12 PM - System Checkpoint
RP1043: 2/11/2009 6:54:59 PM - System Checkpoint
RP1044: 2/12/2009 11:11:55 AM - Software Distribution Service 3.0
RP1045: 2/13/2009 1:49:06 PM - System Checkpoint
RP1046: 2/13/2009 7:52:28 PM - pre regfix
RP1047: 2/14/2009 8:00:17 PM - System Checkpoint
RP1048: 2/15/2009 8:09:52 PM - System Checkpoint
RP1049: 2/16/2009 5:28:56 PM - Installed Symantec Technical Support Advanced Chat Controls
RP1050: 2/16/2009 5:58:53 PM - pre Norton chat
RP1051: 2/16/2009 6:38:11 PM - Installed Symantec Technical Support Web Controls
RP1052: 2/16/2009 7:06:40 PM - Removed Ad-Aware
RP1053: 2/16/2009 9:59:40 PM - post norton chat
RP1054: 2/18/2009 7:30:17 AM - System Checkpoint
RP1055: 2/18/2009 7:35:51 PM - Removed LiveUpdate (Symantec Corporation)
RP1056: 2/19/2009 7:47:48 PM - post n360 succesful installation
RP1057: 2/19/2009 8:49:50 PM - Norton 360 Registry Clean
RP1058: 2/21/2009 9:16:02 AM - System Checkpoint
RP1059: 2/22/2009 9:40:31 AM - System Checkpoint
RP1060: 2/23/2009 6:02:05 PM - System Checkpoint
RP1061: 2/24/2009 6:58:09 PM - System Checkpoint
RP1062: 2/25/2009 5:13:44 PM - Software Distribution Service 3.0
RP1063: 2/26/2009 5:26:33 PM - System Checkpoint
RP1064: 2/28/2009 9:03:10 AM - System Checkpoint
RP1065: 3/1/2009 3:50:14 PM - System Checkpoint
RP1066: 3/2/2009 9:13:57 AM - pre pi
RP1067: 3/3/2009 7:51:14 PM - System Checkpoint
RP1068: 3/5/2009 4:37:53 PM - System Checkpoint
RP1069: 3/6/2009 6:00:27 PM - System Checkpoint
RP1070: 3/7/2009 6:24:14 PM - System Checkpoint
RP1071: 3/8/2009 7:13:09 PM - System Checkpoint
RP1072: 3/9/2009 8:15:53 PM - System Checkpoint
RP1073: 3/11/2009 4:52:41 PM - Software Distribution Service 3.0
RP1074: 3/12/2009 5:00:23 PM - System Checkpoint
RP1075: 3/15/2009 8:34:53 PM - System Checkpoint
RP1076: 3/16/2009 6:07:33 PM - Software Distribution Service 3.0
RP1077: 3/17/2009 6:28:07 PM - System Checkpoint
RP1078: 3/18/2009 6:53:37 PM - System Checkpoint
RP1079: 3/19/2009 3:45:26 PM - Restore Operation
RP1080: 3/20/2009 6:28:24 PM - System Checkpoint
RP1081: 3/22/2009 9:50:05 AM - System Checkpoint
RP1082: 3/23/2009 6:09:07 PM - System Checkpoint
RP1083: 3/24/2009 6:28:50 PM - System Checkpoint
RP1084: 3/25/2009 7:04:08 PM - System Checkpoint
RP1085: 3/26/2009 7:24:32 PM - System Checkpoint
RP1086: 3/27/2009 7:53:29 PM - System Checkpoint
RP1087: 3/28/2009 7:55:07 PM - System Checkpoint
RP1088: 3/30/2009 7:35:14 AM - System Checkpoint
RP1089: 3/31/2009 6:17:51 PM - System Checkpoint
RP1090: 3/31/2009 10:01:44 PM - Restore Operation
RP1091: 4/1/2009 10:36:53 PM - System Checkpoint
RP1092: 4/2/2009 8:54:42 PM - Restore Operation
RP1093: 4/3/2009 3:00:16 AM - Software Distribution Service 3.0
RP1094: 4/3/2009 7:04:40 AM - Installed AVG Free 8.5
RP1095: 4/3/2009 6:26:15 PM - Removed AVG Free 8.5
RP1096: 4/3/2009 6:27:00 PM - Installed AVG Free 8.5
RP1097: 4/12/2009 3:13:10 PM - Installed AVG Free 8.5
==== Installed Programs ======================
3ivx MPEG-4 5.0.1 Decoder (remove only)
Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
AOLIcon
AppCore
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 8.5
Backup
Banctec Service Agreement
Battlefield 2
Belltech Greeting Card Designer 4.2
Camera Window
Canon Camera WIA Driver
Canon Camera Window for ZoomBrowser EX
Canon MultiPASS Suite 4.00
Canon PhotoRecord
Canon PowerShot S45 WIA Driver
Canon Utilities FileViewerUtility 1.0
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.6
Canon Utilities ZoomBrowser EX
ccCommon
CCleaner (remove only)
Creative Audio Console
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drivers Install For Linksys Easylink Advisor
EA Download Manager
Easy Card 3.1
EducateU
Eudora
FileViewerUtility 1.0
GameSpy Arcade
GearDrvs
Google Earth
GrabIt 1.7.2 Beta 3 (build 996)
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Image Resizer Powertoy for Windows XP
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2006-01-10
iPod Updater 2004-10-20
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor 1.6 (0032)
LiveUpdate (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
Media Player Codec Pack 2.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Small Business
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
muvee Plugin 1.0
NewzToolz
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Operation Flashpoint uninstall
Optimum Online net guide
Panda ActiveScan
Photo Click
PhotoStitch
PicaView32
PowerDVD 5.5
Print Screen Deluxe
QuickBooks Simple Start Special Edition
QuickTime
RarZilla Free Unrar 2.52
RealPlayer Basic
RemoteCapture 2.6
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Skype 2.5
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sound Blaster Audigy 2 ZS
SPBBC 32bit
Symantec Real Time Storage Protection Component
Symantec Technical Support Advanced Chat Controls
Symantec Technical Support Controls
Symantec Technical Support Web Controls
SymNet
TeamSpeak 2 RC2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
4/12/2009 12:02:10 PM, error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.
4/12/2009 12:02:10 PM, error: SRTSPL [20] - Unable to initialize the virus scanning engine database files.
4/12/2009 12:02:10 PM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
4/12/2009 12:02:10 PM, error: SRTSP [4] - Error loading virus definitions.
4/12/2009 12:02:04 PM, error: Service Control Manager [7034] - The LiveUpdate Notice service terminated unexpectedly. It has done this 1 time(s).
4/12/2009 12:02:04 PM, error: Service Control Manager [7034] - The Symantec Lic NetConnect service service terminated unexpectedly. It has done this 1 time(s).
4/12/2009 12:02:04 PM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
4/12/2009 12:02:04 PM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
4/12/2009 11:56:40 AM, error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.
4/12/2009 8:20:01 AM, error: Service Control Manager [7016] - The MpService service has reported an invalid current state 0.
4/12/2009 12:12:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2009 12:12:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2009 12:12:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2009 12:12:44 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2009 12:12:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/12/2009 12:12:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SYMTDI Tcpip WS2IFSL
4/12/2009 12:13:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/12/2009 12:13:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/12/2009 12:16:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
==== End Of File ===========================
malware interfering with online banking
in Resolved Malware Removal Logs
Posted
Hi Screen 317
I did all that. Everything is running perfectly! Thank you!
you: