Jump to content

ceet12

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ceet12
    Hi screen i have done as requested thankyou however i still cannot boot into safe mode it haults at jgogo.sys i can not get past that point when trying to boot into safe mode, however windows boots normally Howerver, i have just had another explorer.exe crash Here is the log AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: unknown ModVer: 0.0.0.0 Offset: 09a89cf4 Any help would be appreciated mate
  2. ceet12
    Did you get reply mate?
  3. ceet12
    Hi mate here are the results SECURITY CHECK LOG Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Norton 360 iolo technologies' Search and Recover Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2011 CCleaner Duplicate Cleaner 1.4.3 Duplicate File Cleaner v2.6 Java
  4. ceet12
    Hi screen here is the new log, Thankyou again for your help Combofix COMBO FIXLOG ComboFix 11-05-09.02 - Craig 10/05/2011 5:44.3.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1821 [GMT 1:00] Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\stu2.exe c:\windows\system32\winlogon.bak . . ((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 ))))))))))))))))))))))))))))))) . . 2011-05-10 03:52 . 2011-05-10 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaAccount 2011-05-09 20:47 . 2011-05-09 20:47 -------- d-----w- c:\program files\PC Connectivity Solution 2011-05-06 17:36 . 2011-05-06 17:55 -------- d-----w- c:\windows\SxsCaPendDel 2011-05-04 05:56 . 2011-05-04 05:56 -------- d-----w- C:\temp 2011-05-04 05:15 . 2011-05-06 17:17 -------- d-----w- c:\program files\JDownloader 2011-05-02 03:14 . 2011-05-03 19:20 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\NPE 2011-05-02 01:24 . 2011-05-02 09:53 -------- d-----w- C:\NBRT 2011-04-30 01:53 . 2011-04-30 01:53 -------- d-----w- c:\documents and settings\Craig\Application Data\Uniblue 2011-04-30 01:52 . 2011-04-30 01:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} 2011-04-30 01:52 . 2011-04-30 01:52 -------- d-----w- c:\program files\Uniblue 2011-04-30 01:52 . 2011-04-30 01:52 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\PackageAware 2011-04-30 00:40 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-04-30 00:40 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-04-30 00:40 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-04-30 00:40 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-04-30 00:40 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-04-30 00:40 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-04-30 00:40 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-04-30 00:40 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-04-29 10:45 . 2011-04-29 10:45 -------- d-----w- c:\documents and settings\Craig\Application Data\Canneverbe Limited 2011-04-29 10:45 . 2011-04-29 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2011-04-27 19:25 . 2008-04-13 17:40 96512 ----a-w- c:\windows\system32\drivers\atapi_TM.sys 2011-04-27 19:21 . 2011-04-27 19:21 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2011-04-21 17:40 . 2011-04-21 17:40 -------- d-----w- c:\program files\Sophos 2011-04-21 06:35 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2011-04-21 06:35 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2011-04-21 06:35 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll 2011-04-21 06:35 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe 2011-04-21 06:35 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe 2011-04-21 06:35 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe 2011-04-21 06:35 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys 2011-04-21 06:35 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys 2011-04-21 06:35 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys 2011-04-21 06:35 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2011-04-21 06:33 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll 2011-04-21 06:32 . 2001-08-17 21:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll 2011-04-21 06:31 . 2004-08-03 21:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys 2011-04-21 06:30 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-04-21 06:29 . 2001-08-17 21:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll 2011-04-21 06:28 . 2008-04-13 17:40 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys 2011-04-21 06:27 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2011-04-21 06:26 . 2008-04-13 17:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys 2011-04-21 06:26 . 2008-04-13 17:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys 2011-04-21 06:26 . 2001-08-17 13:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll 2011-04-21 06:26 . 2001-08-17 11:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys 2011-04-21 06:26 . 2001-08-17 13:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys 2011-04-21 06:26 . 2001-08-17 12:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys 2011-04-21 06:26 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-04-20 11:00 . 2011-03-04 16:32 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2011-04-20 11:00 . 2011-03-04 16:28 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-04-20 11:00 . 2011-04-20 11:05 -------- d-----w- c:\program files\TuneUp Utilities 2011 2011-04-20 10:59 . 2011-04-20 10:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-04-18 19:52 . 2011-02-23 15:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-04-18 19:52 . 2011-02-23 16:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2011-04-18 03:47 . 2011-04-18 03:47 -------- d-----w- c:\program files\Common Files\Java 2011-04-18 03:46 . 2011-02-02 20:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-04-18 03:46 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-13 00:49 . 2011-04-13 00:49 -------- d-----w- c:\documents and settings\Craig\Application Data\JAM Software 2011-04-13 00:48 . 2011-04-13 00:48 -------- d-----w- c:\program files\JAM Software 2011-04-12 21:25 . 2011-04-12 21:25 -------- d-----w- c:\windows\system32\winrm 2011-04-12 21:25 . 2011-04-12 21:25 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2011-04-12 21:24 . 2011-04-12 21:24 -------- d-----w- c:\windows\system32\DRM . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-26 22:34 . 2010-11-09 00:19 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-03-07 05:33 . 2009-02-20 01:10 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2007-09-20 04:59 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2007-09-20 04:49 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:27 . 2007-09-20 04:59 919552 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:27 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:27 . 2007-09-20 04:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-18 12:08 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2007-09-20 04:33 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2007-09-20 04:34 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-04-21 13:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-16 20:06 . 2011-02-16 20:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-02-16 20:06 . 2011-02-16 20:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-02-15 12:56 . 2004-08-03 23:56 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2004-08-03 23:56 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-03 23:56 186880 ----a-w- c:\windows\system32\encdec.dll 2011-04-14 16:26 . 2011-04-30 00:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-09 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792] "Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-09-08 3850752] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-2-20 995328] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "Window Washer"=c:\program files\Webroot\Washer\wwDisp.exe "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" "HDDHealth"=c:\program files\HDD Health\HDDHealth.exe -wl "DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -RESTART "Eraser RiskMonitor"="c:\program files\East-Tec Eraser 2009\Launch.exe" "c:\program files\East-Tec Eraser 2009\etRiskMon.exe" "East-Tec Backup 2009"="c:\program files\East-Tec Backup\etBackup.exe" /startup "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray "Google Update"="c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c "Mega Manager"=c:\program files\Megaupload\Mega Manager\MegaManager.exe /Tray . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RTHDCPL"=RTHDCPL.EXE "Alcmtr"=ALCMTR.EXE "Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Ashampoo HDD Control Guard"=c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe "VxTaskbarMgr"=c:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe "CorelGadget"=Rundll32.exe "c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll",LaunchGadget "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" -START "USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe "ASUS Update Checker"=c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup "ESDRWSTT"=c:\program files\wGXe SOFTWARE\wGXe Data Recovery Professional\esdrwstt.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\VERITAS\\Backup Exec\\NT\\beremote.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [18/04/2011 20:52 13496] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [23/02/2011 21:12 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [23/02/2011 21:12 173104] R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [19/01/2010 19:20 911680] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [04/01/2010 06:50 11448] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [30/04/2011 01:44 802936] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [23/02/2011 21:12 501888] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656] R1 sonysdx-VRTS;sonysdx-VRTS;c:\windows\system32\drivers\sonysdx.sys [01/11/2009 04:17 36936] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [23/02/2011 21:12 116784] R1 TSKNF900.SYS;TSKNF900.SYS;c:\windows\system32\drivers\Tsknf900.sys [31/12/2009 21:00 17672] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/03/2011 03:37 363344] R2 MSSQL$BKUPEXEC;MSSQL$BKUPEXEC;c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC --> c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC [?] R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [23/02/2011 21:12 126392] R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [31/12/2009 21:55 1170304] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [04/05/2011 10:01 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110506.001\IDSXpx86.sys [07/05/2011 01:26 341944] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/03/2011 03:37 20952] R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [21/12/2009 15:34 27168] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [20/02/2009 03:00 332928] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [20/02/2009 04:47 13532] S1 efbDisk;efbDisk; [x] S1 s32ait;s32ait;c:\windows\system32\drivers\s32ait.sys [31/08/2004 12:58 14208] S1 SCSIChanger;SCSIChanger;c:\windows\system32\drivers\SCSICHNG.SYS [18/09/2003 20:23 16136] S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [19/01/2010 19:21 160288] S3 CW100;CW100 Device;c:\windows\system32\drivers\CW100.sys [16/09/2009 16:11 24092] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [01/11/2009 02:05 410976] S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [21/12/2009 15:34 27168] S3 SQLAgent$BKUPEXEC;SQLAgent$BKUPEXEC;c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC --> c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC [?] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/02/2011 10:22 10064] S3 W;W; [x] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 00:56 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [19/01/2010 19:21 2480048] S4 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\MATCO\BuzzSawService.exe [23/07/2007 12:27 327680] S4 EraserSvc10923;Symantec Eraser Service; [x] S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [04/03/2009 16:15 712048] S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [04/03/2009 16:15 712048] S4 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904] S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [04/03/2011 17:30 1523008] S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [22/05/2009 05:23 598856] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SJYPKT *Deregistered* - klmd25 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper WINRM REG_MULTI_SZ WINRM . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] . 2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003Core.job - c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 18:57] . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003UA.job - c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 18:57] . 2011-04-20 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25] . 2011-05-10 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19] . 2011-04-05 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-24 16:29] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: microsoft.com\www.update FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\thqv6y6g.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-10 05:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
  5. ceet12
    Hello screen i have deleted the karaoke cracks, they were sent to me, that was the only stuff on the system, as you can see they were not installed anyway?
  6. ceet12
    P.s i have also noticed out of no where my winlogon.exe ios using high resources all of a sudden!
  7. ceet12
    Hi screen sorry about the delay i came out opf hospityal yesterdaY i am still unable to boot into safemode i recently tried tdss killer kapersky, and it found a locked suspisious file sptd.sys, i rmeoved the file, but then realsied it was installed with alcohol 120% burning program so i reinstaled sptd driver when i try and load into safemode, its loads up you see the files (white text) ands it gets to dcsnap.sys and hangs and (undernetath, it says press space to cancel loadin sptd driver) by pressing space bart or not i simply cannot boot into safemode, my safemode was working fine before the virus I have done the eset log here are the results ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=f8d7b4000c52cb4487d0e6555388fde5 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-29 09:11:23 # local_time=2011-04-29 10:11:23 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3589 16777189 100 86 20698 67469309 0 0 # compatibility_mode=8192 67108863 100 0 3073766 3073766 0 0 # scanned=563361 # found=4 # cleaned=4 # scan_time=10469 C:\Documents and Settings\Craig\Desktop\Karaoke Software + plugins\BEST_KARAOKE_PROGRAMS_+CRACKS\Latshaw Systems Song List Generator v3.5..2\Crack\Song List Generator.exe Win32/TrojanDownloader.Agent.QCL trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Craig\Desktop\Karaoke Software + plugins\BEST_KARAOKE_PROGRAMS_+CRACKS\Latshaw.Systems.Karma.v2010.1.28.0-Lz0\Karma.exe Win32/TrojanDownloader.Agent.QCL trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Craig\Desktop\Karaoke Software + plugins\BEST_KARAOKE_PROGRAMS_+CRACKS\Latshaw.Systems.Karma.v2010.1.28.0-Lz0\Crack\Karma.exe Win32/TrojanDownloader.Agent.QCL trojan (deleted - quarantined) 00000000000000000000000000000000 C Q:\FROM D DRIVE (QUADCORE 19.01.09)\Veritas Backup Exec v10\Veritas.Backup.Exec.v10.keygen\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Securit Check Report Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Norton 360 iolo technologies' Search and Recover Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2011 CCleaner Duplicate Cleaner 1.4.3 Duplicate File Cleaner v2.6 Java 6 Update 24 Adobe Flash Player 10.2.152.32 Adobe Reader 9.4.3 Out of date Adobe Reader installed! Mozilla Firefox (3.6.12) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log```````````` Thanks again screen, really appreciate your help mate!
  8. ceet12
    Thanks so much mate, sorry about the late reply, i have been in hospital, i will post the results of the next steps you have asked after doing them
  9. ceet12
    Thanks so much for your reply screen mate, here are my logs ComboFix Log ComboFix 11-03-24.01 - Craig 24/03/2011 19:26:26.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2300 [GMT 0:00] Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ADS - WINDOWS: deleted 24 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\audiograbber\audiograbber.exe c:\documents and settings\Craig\Application Data\Adobe\plugs c:\documents and settings\Craig\Application Data\OfferBox c:\documents and settings\Craig\Application Data\OfferBox\config.xml c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32} c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\chrome.manifest c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\chrome\content\_cfg.js c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\chrome\content\overlay.xul c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\install.rdf c:\documents and settings\Craig\My Documents\iexplore.exe c:\windows\system32\wbem\svchost.jxe . . ((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 ))))))))))))))))))))))))))))))) . . 2011-03-24 19:01 . 2011-03-24 19:01 -------- d-----w- c:\windows\LastGood 2011-03-24 18:54 . 2011-03-24 18:54 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2011-03-24 18:54 . 2011-03-24 18:54 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2011-03-24 18:54 . 2011-03-24 18:54 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2011-03-24 18:54 . 2011-03-24 18:54 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2011-03-24 18:54 . 2011-03-24 18:54 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2011-03-24 18:54 . 2011-03-24 18:54 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2011-03-24 18:54 . 2011-03-24 18:54 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2011-03-24 18:54 . 2011-03-24 18:54 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2011-03-24 18:54 . 2011-03-24 18:54 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2011-03-24 18:53 . 2011-03-24 18:53 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2011-03-24 18:53 . 2011-03-24 18:53 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2011-03-24 18:53 . 2011-03-24 18:53 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2011-03-24 18:53 . 2011-03-24 18:53 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2011-03-24 18:53 . 2011-03-24 18:53 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2011-03-24 18:53 . 2011-03-24 18:53 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2011-03-24 18:53 . 2011-03-24 18:53 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2011-03-24 18:53 . 2011-03-24 18:53 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2011-03-22 03:25 . 2011-03-22 03:06 625664 ----a-w- C:\dds.scr 2011-03-22 02:39 . 2011-03-22 02:39 -------- d-----w- c:\program files\Ace Utilities 2011-03-22 02:37 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-22 02:37 . 2011-03-22 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-22 02:37 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-21 17:28 . 2011-03-21 17:28 -------- d-----w- c:\documents and settings\Craig\Application Data\SUPERAntiSpyware.com 2011-03-21 01:51 . 2011-03-21 01:51 -------- d-----w- c:\program files\coverXP 2011-03-21 01:48 . 2011-03-21 01:48 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\MicroVision Applications 2011-03-21 01:47 . 2008-04-14 00:12 25088 ----a-w- c:\windows\system32\shfolder.dll 2011-03-21 01:47 . 2011-03-21 01:47 -------- d-----w- c:\program files\Common Files\SureThing Shared 2011-03-21 01:46 . 2011-03-21 01:48 -------- d-----w- c:\program files\SureThing CD Labeler 5 2011-03-09 04:29 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll 2011-03-09 04:29 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll 2011-03-09 04:29 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll 2011-03-09 04:29 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe 2011-03-01 04:20 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll 2011-02-25 18:46 . 2011-02-25 18:46 -------- d-----w- c:\program files\Crypto Systems 2011-02-25 18:46 . 2011-02-25 18:46 -------- d-----w- c:\documents and settings\Craig\Application Data\InstallShield 2011-02-25 11:09 . 2011-02-25 11:09 -------- d-----w- c:\windows\system32\drivers\N360\0402000.00C 2011-02-23 20:12 . 2011-02-24 20:07 -------- d-----w- c:\windows\system32\drivers\N360\0403000.005 . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-16 20:06 . 2011-02-16 20:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-02-16 20:06 . 2011-02-16 20:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-02-09 13:53 . 2004-08-03 23:56 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-03 23:56 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2009-02-20 01:08 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2009-02-20 01:08 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-03 23:56 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-03 23:56 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2007-09-20 04:49 1854976 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-21 2424560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792] "Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-09-08 3850752] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-2-20 995328] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "EPSON Stylus D92 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "c:\windows\TEMP\E_S1EC.tmp" /EF "HKCU" "Window Washer"=c:\program files\Webroot\Washer\wwDisp.exe "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount "HDDHealth"=c:\program files\HDD Health\HDDHealth.exe -wl "DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -RESTART "Eraser RiskMonitor"="c:\program files\East-Tec Eraser 2009\Launch.exe" "c:\program files\East-Tec Eraser 2009\etRiskMon.exe" "East-Tec Backup 2009"="c:\program files\East-Tec Backup\etBackup.exe" /startup "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "HDDtemp4"=c:\program files\BinarySense\HDDTemp4\\hddtemp4 /minimized "NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray "Google Update"="c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c "Mega Manager"=c:\program files\Megaupload\Mega Manager\MegaManager.exe /Tray . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RTHDCPL"=RTHDCPL.EXE "Alcmtr"=ALCMTR.EXE "Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Ashampoo HDD Control Guard"=c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe "VxTaskbarMgr"=c:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe "CorelGadget"=Rundll32.exe "c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll",LaunchGadget "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" -START "USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe "ASUS Update Checker"=c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup "ESDRWSTT"=c:\program files\wGXe SOFTWARE\wGXe Data Recovery Professional\esdrwstt.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\VERITAS\\Backup Exec\\NT\\beremote.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 . R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [04/03/2009 14:31 77472] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/03/2009 23:28 721904] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [23/02/2011 20:12 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [23/02/2011 20:12 173104] R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [19/01/2010 18:20 911680] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [04/01/2010 05:50 11448] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [10/03/2011 21:44 800376] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [23/02/2011 20:12 501888] R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [04/03/2009 14:31 155648] R1 s32ait;s32ait;c:\windows\system32\drivers\s32ait.sys [31/08/2004 11:58 14208] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [23/02/2011 20:12 116784] R1 TSKNF900.SYS;TSKNF900.SYS;c:\windows\system32\drivers\Tsknf900.sys [31/12/2009 20:00 17672] R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [22/06/2010 17:40 165888] R2 MSSQL$BKUPEXEC;MSSQL$BKUPEXEC;c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC --> c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC [?] R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [23/02/2011 20:12 126392] R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [31/12/2009 20:55 1170304] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/03/2011 14:54 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSXpx86.sys [22/03/2011 00:55 341944] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/03/2011 02:37 20952] R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [21/12/2009 14:34 27168] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [20/02/2009 02:00 332928] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [20/02/2009 03:47 13532] S1 efbDisk;efbDisk; [x] S1 SCSIChanger;SCSIChanger;c:\windows\system32\drivers\SCSICHNG.SYS [18/09/2003 20:23 16136] S1 sonysdx-VRTS;sonysdx-VRTS;c:\windows\system32\drivers\sonysdx.sys [01/11/2009 03:17 36936] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/03/2011 02:37 363344] S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [19/01/2010 18:21 160288] S3 CW100;CW100 Device;c:\windows\system32\drivers\CW100.sys [16/09/2009 15:11 24092] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [01/11/2009 01:05 410976] S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [21/12/2009 14:34 27168] S3 SQLAgent$BKUPEXEC;SQLAgent$BKUPEXEC;c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC --> c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC [?] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064] S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [19/01/2010 18:21 2480048] S4 Backup Scheduler;Backup Scheduler;c:\program files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe [04/03/2009 14:31 98304] S4 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\MATCO\BuzzSawService.exe [23/07/2007 11:27 327680] S4 EraserSvc10923;Symantec Eraser Service;"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe" /h ccCommon --> c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [?] S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [04/03/2009 15:15 712048] S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [04/03/2009 15:15 712048] S4 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [02/11/2008 21:05 254024] S4 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 14:05 14904] S4 Real time Backup Loader;Real time Backup Loader;c:\program files\NovaStor\NovaStor NovaBACKUP\DR\FsLoader.exe [04/03/2009 14:31 90112] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 14:41 92008] S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:28 1021256] S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [22/05/2009 04:23 598856] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SJYPKT . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] . 2009-11-29 c:\windows\Tasks\Automatic troubleshooting.job - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 15:35] . 2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003Core.job - c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 18:57] . 2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003UA.job - c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 18:57] . 2011-03-14 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25] . 2011-03-15 c:\windows\Tasks\SmartDefrag.job - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-06 17:08] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: microsoft.com\www.update FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\thqv6y6g.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-24 19:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
  10. ceet12
    P.s also i am unable to boot in to safe mode, it keeps crashing at loadding dcsnap.sys
  11. ceet12
    HERE ARE MY LOGS DDS . DDS (Ver_11-03-05.01) - NTFSx86 Run by Craig at 3:25:17.09 on 22/03/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2248 [GMT 0:00] . AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\BinarySense\disksvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hard Disk Sentinel\HDSentinel.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\uTorrent\uTorrent.exe C:\dds.scr . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: GetRight IE Download Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot mRun: [Hard Disk Sentinel] "c:\program files\hard disk sentinel\HDSentinel.exe" /AUTORUN mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuswi~1.lnk - c:\program files\asus wifi-ap solo\RtWLan.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: microsoft.com\www.update DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\common files\binarysense\hlAPP.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\craig\applic~1\mozilla\firefox\profiles\thqv6y6g.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll FF - plugin: c:\documents and settings\craig\application data\mozilla\firefox\profiles\thqv6y6g.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\craig\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll . ============= SERVICES / DRIVERS =============== . R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [2009-3-4 77472] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-2-23 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-2-23 173104] R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-1-19 911680] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-4 11448] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-2-23 501888] R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [2009-3-4 155648] R1 s32ait;s32ait;c:\windows\system32\drivers\s32ait.sys [2004-8-31 14208] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-2-23 116784] R1 TSKNF900.SYS;TSKNF900.SYS;c:\windows\system32\drivers\Tsknf900.sys [2009-12-31 17672] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-11-29 17056] R2 HDD & SSD access service;HDD & SSD access service;c:\program files\common files\binarysense\disksvc.exe [2010-6-22 165888] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-22 363344] R2 MSSQL$BKUPEXEC;MSSQL$BKUPEXEC;c:\program files\microsoft sql server\mssql$bkupexec\binn\sqlservr.exe -sbkupexec --> c:\program files\microsoft sql server\mssql$bkupexec\binn\sqlservr.exe -sBKUPEXEC [?] R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2011-2-23 126392] R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [2009-12-31 1170304] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-23 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110317.005\IDSXpx86.sys [2011-3-22 341944] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-22 20952] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110321.019\NAVENG.SYS [2011-3-21 86008] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110321.019\NAVEX15.SYS [2011-3-21 1360760] R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 27168] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-2-20 332928] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-2-20 13532] S1 efbDisk;efbDisk; [x] S1 SCSIChanger;SCSIChanger;c:\windows\system32\drivers\SCSICHNG.SYS [2003-9-18 16136] S1 sonysdx-VRTS;sonysdx-VRTS;c:\windows\system32\drivers\sonysdx.sys [2009-11-1 36936] S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-1-19 160288] S3 CW100;CW100 Device;c:\windows\system32\drivers\CW100.sys [2009-9-16 24092] S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo hdd control\DfSdkS.exe [2009-11-1 410976] S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 27168] S3 SQLAgent$BKUPEXEC;SQLAgent$BKUPEXEC;c:\program files\microsoft sql server\mssql$bkupexec\binn\sqlagent.exe -i bkupexec --> c:\program files\microsoft sql server\mssql$bkupexec\binn\sqlagent.EXE -i BKUPEXEC [?] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-1-19 2480048] S4 Backup Scheduler;Backup Scheduler;c:\program files\novastor\novastor novabackup\dr\cbp\DCSchdlerSRVC.exe [2009-3-4 98304] S4 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\matco\BuzzSawService.exe [2007-7-23 327680] S4 EraserSvc10923;Symantec Eraser Service;"c:\program files\norton 360\engine\4.1.0.32\ccsvchst.exe" /h cccommon --> c:\program files\norton 360\engine\4.1.0.32\ccSvcHst.exe [?] S4 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\common files\binarysense\hldasvc.exe [2008-2-15 832760] S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-4 712048] S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-4 712048] S4 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2008-11-2 254024] S4 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904] S4 Real time Backup Loader;Real time Backup Loader;c:\program files\novastor\novastor novabackup\dr\FsLoader.exe [2009-3-4 90112] S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008] S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256] S4 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-5-22 598856] . =============== Created Last 30 ================ . 2011-03-22 03:25:13 625664 ----a-w- C:\dds.scr 2011-03-22 02:39:03 -------- d-----w- c:\program files\Ace Utilities 2011-03-22 02:37:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-22 02:37:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-22 02:37:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-21 17:28:07 -------- d-----w- c:\docume~1\craig\applic~1\SUPERAntiSpyware.com 2011-03-21 07:01:16 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\{402DB7CF-560F-4EA7-92B7-85079C3D4D32} 2011-03-21 04:18:26 -------- d-----w- c:\docume~1\craig\applic~1\OfferBox 2011-03-21 01:51:13 -------- d-----w- c:\program files\coverXP 2011-03-21 01:48:00 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\MicroVision Applications 2011-03-21 01:47:37 25088 ----a-w- c:\windows\system32\shfolder.dll 2011-03-21 01:47:09 -------- d-----w- c:\program files\common files\SureThing Shared 2011-03-21 01:46:56 -------- d-----w- c:\program files\SureThing CD Labeler 5 2011-03-09 04:29:55 270848 -c----w- c:\windows\system32\dllcache\sbe.dll 2011-03-09 04:29:55 186880 -c----w- c:\windows\system32\dllcache\encdec.dll 2011-03-09 04:29:54 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe 2011-03-09 04:29:54 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll 2011-03-01 04:20:27 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll 2011-02-25 18:46:53 -------- d-----w- c:\program files\Crypto Systems 2011-02-25 11:09:40 -------- d-----w- c:\windows\system32\drivers\n360\0402000.00C 2011-02-23 20:12:29 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys 2011-02-23 20:12:29 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys 2011-02-23 20:12:28 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys 2011-02-23 20:12:28 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys 2011-02-23 20:12:28 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys 2011-02-23 20:12:28 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys 2011-02-23 20:12:28 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys 2011-02-23 20:12:28 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys 2011-02-23 20:12:14 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005 . ==================== Find3M ==================== . 2011-03-21 07:01:18 0 ----a-w- c:\windows\Qpepup.bin 2011-02-16 20:06:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll . ============= FINISH: 3:25:39.70 =============== attatch.zip
  12. ceet12
    Hello, some how recently got infected with this anti malware doctor i recently read the instructions on mybleeping computer to download a program called rkill however when trying to run this program, my computer restarted and now is in a reboot cycle every time i see the windows splash screen it restarts i have now fixed this by weriting the mbr, however now m,y computer is extremelly slow, and malwarebytes keeps freezing/crashing at around 40 seconds into the scan, it does not freeze or crash my computer the program freezes and to end i have to use ctrl alt del can anyone help as i no im still infected and need to remove this virus/malware can anyone help please?
  13. ceet12
    Hello, some how recently got infected with this anti malware doctor i recently read the instructions on mybleeping computer to download a program called rkill however when trying to run this program, my computer restarted and now is in a reboot cycle every time i see the windows splash screen it restarts can anyone help please?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.