Jump to content

Fordy

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by Fordy

  1. Fordy
    Thanks for all your help. Removed Orange Search and the old Norton and replaced with a new version of Norton which is being kept uptodate now. Updated Windows to service pack 3 and everything seems to be working OK. Thanks again to everyone for their fantastic help on this forum.
  2. Fordy
    Really appreciate your support with this thanks. MBAM log, combofix log and 2 DDS logs follow below:- Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8064 Windows 5.1.2600 Service Pack 1 Internet Explorer 6.0.2800.1106 01/11/2011 21:50:43 mbam-log-2011-11-01 (21-50-43).txt Scan type: Quick scan Objects scanned: 167696 Time elapsed: 8 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Combofix Log ComboFix 11-11-01.04 - Geoffery 01/11/2011 22:09:11.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.254.125 [GMT 0:00] Running from: c:\documents and settings\Geoffery\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Start Menu\Programs\Zango c:\documents and settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk c:\documents and settings\Geoffery\Start Menu\Programs\Windows XP Repair c:\documents and settings\Geoffery\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk c:\documents and settings\Geoffery\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk c:\documents and settings\Geoffery\WINDOWS c:\program files\Toolbar c:\program files\Toolbar\common.dll c:\program files\Toolbar\CT5Upd.exe c:\program files\Toolbar\ctupgd.exe c:\program files\Toolbar\ctupgrd.dll c:\program files\Toolbar\Cursors\cursors.xml c:\program files\Toolbar\gykhxlmu.rmr c:\program files\Toolbar\nzqlihv.wzg c:\program files\Toolbar\rw.wzg c:\program files\Toolbar\TBPS.dat c:\program files\Toolbar\Update\tb3.cab c:\program files\Toolbar\Update\zwipvbh.wzg c:\program files\Toolbar\xlmurin.wzg c:\program files\Toolbar\xzxsv.wzg c:\program files\Toolbar\yildhvi.olt c:\program files\Toolbar\yywr.wzg c:\program files\Toolbar\yywsv.wzg c:\program files\Toolbar\zwipvbh.wzg c:\windows\system32\0cfvmd4p.dat c:\windows\system32\9mjuabbh.dat c:\windows\system32\adxldkmm.ini c:\windows\system32\aifvjvox.ini c:\windows\system32\bdmthdgx.ini c:\windows\system32\biribykr.ini c:\windows\system32\btkrxayd.ini c:\windows\system32\cjmjedke.ini c:\windows\system32\cvyjgycj.ini c:\windows\system32\dayqoqsb.ini c:\windows\system32\dpjosfqh.ini c:\windows\system32\dwwtekcf.ini c:\windows\system32\ecaerssl.exe c:\windows\system32\elkhmoeu.ini c:\windows\system32\extpbdaj.ini c:\windows\system32\fauhmkjl.ini c:\windows\system32\feewthmy.ini c:\windows\system32\fejkqawt.ini c:\windows\system32\ffohqpug.ini c:\windows\system32\fgcqnxnp.ini c:\windows\system32\fxpafpfq.ini c:\windows\system32\fxqliivf.ini c:\windows\system32\gpgrytrd.ini c:\windows\system32\griiodkw.ini c:\windows\system32\grpipmki.ini c:\windows\system32\gtqdjsaf.ini c:\windows\system32\hddkuerr.ini c:\windows\system32\hflbgnva.ini c:\windows\system32\hxkkpnce.ini c:\windows\system32\hyhxstoj.ini c:\windows\system32\ikgdjldy.ini c:\windows\system32\ilytlsxn.ini c:\windows\system32\ithmmoff.ini c:\windows\system32\iypgujxq.ini c:\windows\system32\iytgsedv.ini c:\windows\system32\jiixffih.ini c:\windows\system32\jkfosxxq.ini c:\windows\system32\jtjrokjt.ini c:\windows\system32\jvukktcg.ini c:\windows\system32\kcavemxg.ini c:\windows\system32\kmpacjsf.ini c:\windows\system32\kovimgyg.ini c:\windows\system32\kuyfnelu.ini c:\windows\system32\kvdtwyti.ini c:\windows\system32\lklinhao.ini c:\windows\system32\lnunxymw.ini c:\windows\system32\lxfnffog.ini c:\windows\system32\mbohqopc.ini c:\windows\system32\mkuiytpo.ini c:\windows\system32\mvjdanda.ini c:\windows\system32\nawkyfgv.ini c:\windows\system32\nnydayra.ini c:\windows\system32\nsucpxlg.ini c:\windows\system32\ntgvirvo.ini c:\windows\system32\nvfewfpb.ini c:\windows\system32\octrixue.ini c:\windows\system32\ojvfucfm.ini c:\windows\system32\oltalenh.ini c:\windows\system32\opuowxll.ini c:\windows\system32\otevbgsq.ini c:\windows\system32\oxorvamx.exe c:\windows\system32\oyqdvqin.ini c:\windows\system32\pgnmlygs.ini c:\windows\system32\phhcwipv.ini c:\windows\system32\phobcjxr.ini c:\windows\system32\phrwtslf.ini c:\windows\system32\popfiesu.ini c:\windows\system32\psuqaipu.ini c:\windows\system32\qkixthnr.ini c:\windows\system32\rdgtfbqb.ini c:\windows\system32\rjekemeb.ini c:\windows\system32\rtbvcdra.ini c:\windows\system32\sdexgpmr.ini c:\windows\system32\sibmpwka.ini c:\windows\system32\tboryjoq.ini c:\windows\system32\tdxhfuas.ini c:\windows\system32\tosvrnbx.exe c:\windows\system32\tslfkvfb.ini c:\windows\system32\twqcphmi.ini c:\windows\system32\uaolboax.ini c:\windows\system32\uccttyeb.ini c:\windows\system32\ujwmrwpc.ini c:\windows\system32\umocxykp.exe c:\windows\system32\uwqyqhjb.exe c:\windows\system32\uyscxkos.ini c:\windows\system32\vbxjqcpw.ini c:\windows\system32\veqbjtld.ini c:\windows\system32\vuxoebxe.ini c:\windows\system32\xakbnltv.ini c:\windows\system32\xixhuuuf.ini c:\windows\system32\xluccjcg.ini c:\windows\system32\yidkhvsl.ini c:\windows\system32\yopphctd.exe c:\windows\SYSTEM32\ywrppbpt.ini c:\windows\SYSTEM32\ywrppbpt.ini2 c:\windows\SYSTEM32\ywrppbpt.tmp c:\windows\TSOC.LOG . Infected copy of c:\windows\system32\qmgr.dll was found and disinfected Restored copy from - c:\i386\QMGR.DLL . . ((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 ))))))))))))))))))))))))))))))) . . 2011-10-26 21:52 . 2011-10-26 21:52 -------- d-----w- c:\documents and settings\Monica\Application Data\SUPERAntiSpyware.com 2011-10-26 21:51 . 2011-10-26 21:52 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-10-26 21:51 . 2011-10-26 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-10-26 21:37 . 2011-10-26 21:37 -------- d-s---w- c:\documents and settings\Monica\UserData 2011-10-26 21:20 . 2011-10-26 21:20 -------- d-----w- c:\documents and settings\Monica\Local Settings\Application Data\Mozilla 2011-10-26 21:10 . 2011-10-26 21:10 -------- d-----w- c:\documents and settings\Geoffery\Local Settings\Application Data\Mozilla 2011-10-26 21:00 . 2011-10-26 21:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-26 20:53 . 2011-10-26 21:08 -------- d-----w- c:\documents and settings\Geoffery\Local Settings\Application Data\Google 2011-10-26 19:10 . 2011-10-26 19:10 -------- d--h--w- c:\documents and settings\Geoffery\Application Data\Malwarebytes 2011-10-26 19:07 . 2011-10-26 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-10-26 19:07 . 2011-08-31 17:00 20552 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-26 19:07 . 2011-11-01 21:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-26 19:03 . 2002-08-29 00:32 21760 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2011-10-25 21:57 . 2003-01-13 12:50 151552 ----a-w- c:\windows\system32\igfxres.dll 2011-10-25 21:48 . 2002-09-03 17:11 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2011-10-25 21:48 . 2002-09-03 17:11 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys 2011-10-25 21:48 . 2002-09-03 17:10 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll 2011-10-25 21:48 . 2002-09-03 16:26 86074 -c--a-w- c:\windows\system32\dllcache\voicesub.dll 2011-10-25 21:48 . 2002-09-03 16:26 426042 -c--a-w- c:\windows\system32\dllcache\voicepad.dll 2011-10-25 21:48 . 2002-09-03 16:26 72192 -c--a-w- c:\windows\system32\dllcache\uniime.dll 2011-10-25 21:46 . 2002-09-03 16:41 6656 -c--a-w- c:\windows\system32\dllcache\migregdb.exe 2011-10-25 21:45 . 2002-09-03 16:29 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe 2011-10-25 21:42 . 2002-09-03 17:10 27648 -c--a-w- c:\windows\system32\dllcache\wabmig.exe 2011-10-25 21:40 . 2002-09-03 16:46 83968 -c--a-w- c:\windows\system32\dllcache\mtxoci.dll 2011-10-25 21:30 . 2002-09-03 17:16 7046 ----a-r- c:\windows\SET72.tmp 2011-10-25 21:30 . 2002-09-03 16:35 13608 ----a-r- c:\windows\SET54.tmp 2011-10-25 21:30 . 2002-09-03 16:50 1086182 ----a-r- c:\windows\SET3F.tmp 2011-10-25 20:57 . 2002-08-29 02:40 20480 ----a-w- c:\windows\system32\hidserv.dll 2011-10-25 20:57 . 2001-08-17 12:48 13952 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-10-25 20:57 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-10-25 20:54 . 2002-09-03 17:16 7046 ----a-r- c:\windows\SET71.tmp 2011-10-25 20:54 . 2002-09-03 16:35 13608 ----a-r- c:\windows\SET53.tmp 2011-10-25 20:54 . 2002-09-03 16:50 1086182 ----a-r- c:\windows\SET3E.tmp 2011-10-25 19:47 . 2002-09-03 17:04 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2011-10-25 19:47 . 2002-09-03 17:04 24661 ----a-w- c:\windows\system32\spxcoins.dll 2011-10-25 19:47 . 2002-09-03 16:35 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2011-10-25 19:47 . 2002-09-03 16:35 13312 ----a-w- c:\windows\system32\irclass.dll 2011-10-25 19:47 . 2002-09-03 17:16 7046 ----a-r- c:\windows\SETB1.tmp 2011-10-25 19:47 . 2002-09-03 16:35 13608 ----a-r- c:\windows\SET93.tmp 2011-10-25 19:47 . 2002-09-03 16:50 1086182 ----a-r- c:\windows\SET7E.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-29 07:09 . 2011-10-26 21:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe . [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll . c:\windows\System32\wscntfy.exe ... is missing !! c:\windows\System32\xmlprov.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-05-16 26112] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880] "ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032] "LXSUPMON"="c:\windows\System32\LXSUPMON.EXE" [2002-01-28 885760] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-03 13312] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AOL 7.0 Tray Icon.lnk - c:\program files\AOL 7.0\aoltray.exe [2003-5-16 32839] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-5-16 24576] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608] . Contents of the 'Scheduled Tasks' folder . 2003-06-14 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 04:00] . 2011-01-28 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NAVW32.exe [2002-08-19 21:24] . 2003-06-14 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-05-16 08:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.freeserve.com/ uInternet Settings,ProxyOverride = <local> IE: orange search - file://c:\program files\ORANGE3\Cache\SelectedContextSearch.htm IE: Search with Freeserve - c:\progra~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Geoffery\Application Data\Mozilla\Firefox\Profiles\w34bwcdg.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . ShellExecuteHooks-{9914B4D2-F63E-48C1-ABA6-635153835DAC} - (no file) AddRemove-8sk24fbg - c:\windows\8sk24fbg.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-01 22:21 Windows 5.1.2600 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Toolbar] @DACL=(02 0000) "TB_ID"="50245" "CFG_VER"="\02.+-+-+-" "CHECK_DAYS"="\02." "CAPTION"="\02Pb^o`e\1dQlli_^o" "AUTOHIGHLIGHT"="\02-" "AUTOSEARCH"="\02." "AUTOSESEARCH"="\02." "AUTOCOMPLETE"="\02." "USECTRLENTER"="\02." "USEALTENTER"="\02." "USESHIFTENTER"="\02." "ALLOWUPDATE"="\02." "KEEPHISTORY"="\02." "PRESERVEHISTORY"="\02." "NARROWSEARCH"="\02." "AUTOSHOW"="\02." "TAKEADSUPPORTSETTINGS"="\02." "DISABLEADSUPPORTSEARCH"="\02." "DIALOG_PAUSE"="\020-" "REGISTRATION_PAUSE"="\02." "URL_FOLDER_NAME"="\02Tb_\1dPb^o`e\1dQllip" "URL_ITEMS_1"="\02Eljbyeqqm7,,ttt+tb_pb^o`e+`lj," "URL_ITEMS_2"="\02Cobnrbkqiv\1d>phba\1dNrbpqflkpyeqqm7,,ttt+tb_pb^o`e+`lj,Ebim,Ebim\\Qlli_^o+^pmu" "URL_ITEMS_3"="\02Qbojp\1dlc\1dRpbyeqqm7,,ttt+tb_pb^o`e+`lj,ibd^i,qbojp+^pmu" "URL_ITEMS_4"="\02Mofs^`v\1dMlif`vyeqqm7,,ttt+tb_pb^o`e+`lj,ibd^i,mofs^`v+^pmu" "INSTALL_CONFIRM_1"="\02eqqm7,,altkil^a+tb_pb^o`e+`lj,Q_Pq^qFkpqIld+^pju,PbqPq^qrp<Q_Fa:\"q_\\fa#Jlari:PQ0\\AII\\FK#QRFa:\"qrfa#fkcl:pb^o`efkpq^ii#pa^qb:\"fa^qb#pqfjb:\"fqfjb" "UNINSTALL_CONFIRM"="\02eqqm7,,altkil^a+tb_pb^o`e+`lj,Q_Pq^qFkpqIld+^pju,PbqPq^qrp<Q_Fa:\"q_\\fa#Jlari:PQ0\\AII\\RK#QRFa:\"qrfa#fkcl:pb^o`eobjls^i#pa^qb:\"fa^qb#pqfjb:\"fqfjb" "INSTALL_CONFIRM_SYS"="\02eqqm7,,altkil^a+tb_pb^o`e+`lj,Q_FkpqIld+^pju,DbqUJI<Q_Fa:\"q_\\fa#Q^phFa:\"q^ph\\fa#Jlari:@LKCFOJ#Bsbkq\\fa:PQ0\\PVP#Mltbo\\r:\"rpbop#fkcl:\"ob^plk#QRFA:\"qrfa" "INSTALL_CONFIRM_SYSEX"="\02eqqm7,,altkil^a+tb_pb^o`e+`lj,Q_FkpqIld+^pju,DbqUJI<Q_Fa:\"q_\\fa#Q^phFa:\"q^ph\\fa#Jlari:@LKCFOJ#Bsbkq\\fa:PQ0\\PVPBU#Mltbo\\r:\"rpbop#fkcl:\"ob^plk#QRFA:\"qrfa" "RECOVERY_URL"="\02eqqm7,,altkil^a+tb_pb^o`e+`lj,aki,Q\\2-/12,Q?MP+`^_" "NONUTF_DOMAINS"="\02fp.+yaf`qflk^ov+yqebp^rorp+y^j^wlk+" "KEYWORDS_IMPORT"="\02tb_pb^o`e:eqqm7,,ttt+tb_pb^o`e+`ljypb^o`e:eqqm7,,ttt+tb_pb^o`e+`ljydlldib:eqqm7,,ttt+dlldib+`lj" "BB_HELP_URL"="\02eqqm7,,ttt+tb_pb^o`e+`lj,ebim,ebim\\pq+^pmu n\\/54" "SEARCH_INST"="\02wawfs)wde)eh_awfseuwjjsf)qowjdwjdoeh_awfskwoj)eh_videt)eh_pcjdsf)eatiudif)eh_awfsvlwedsf)dfinwj\1dqcwftsf)dfinwjpcjdsf)fkbdfnwj)eh_easshsf)aojhwdfil" "BBDSERVICE"="\02eqqm7,,^p+^at^sb+`lj,^p+^pju,??A<q_fa:\"q_\\fa#qrfa:\"qrfa#pb^o`e\\nrbov:#bkdfkb\\k^jb:#lia\\alj:#`\\efpq:\"`\\efpq#kbt\\roi:\"kbt\\roi" "OBE_FCAP"="\02.-" "OVERRIDE_HOMEPAGE_DIALOG"="\02-" "USEENTER"="\02-" "USEAUTOSEARCH"="\02-" "ERROR404"="\02-" "OVERRIDE_AUTOSEARCH_DIALOG"="\02-" "AUTO_SEARCH"="\02eqqm7,,po+tb_pb^o`e+`lj,^p+^pmu<n:\"pb^o`e#q:2-/12" "ERROR_PAGE"="\02eqqm7,,^p+^at^sb+`lj,pb^o`e\\1-1+^pmu<^cc:.#n:\"p#@lab:\"`lab#q_\\fa:\"q_\\fa" "USESEARCHASSISTANT"="\02." "OVERRIDE_IESEARCH_DIALOG"="\02." "SEARCH_PAGE"="\02eqqm7,,ttt+tb_pb^o`e+`lj,fb+^pmu<q_\\fa:\"q_\\fa" "SEARCH_PAGE_INFO"="\02Tb_Pb^o`e+`lj" "USEBB"="\02-" "OVERRIDE_BBACTIVATE_DIALOG"="\02-" "ACSIZE"="\02-" "USEBBENH"="\02-" "POPUPBLOCKER"="\02." "OVERRIDE_JSDEBUG_DIALOG"="\02." "DEACTIVATETOOLBARS"="\02." "OVERRIDE_DEACTIVATE_DIALOG"="\02-" "ITime"=hex:c5,a0,9c,2f,1c,c4,e2,40 "IGU"="\02x4B6164.C*?0@0*1B32*>@36*5AC.6315A@/.z" "STUI"="\02S01>/.0>///C/@352-225C/.@.B5?C-B>4-/22041-042621131?1.1@212-260400/?/A/?/C02/A/A/?/B/B/A00" "IEC"=dword:00000222 "SEC"=dword:00000000 "SOC"=dword:00000000 "UC"=dword:00000001 "AllowUseDefskin"="1" "RTime"="38529.8852629398" "UCL"="\02dblccbov\0a\07" "LastCFG"=dword:00009687 "FIT"="\020510/+56.6/50116" "LogCount"=dword:00000026 "NO_AUTOSEARCH_HOOK"="\02." "IE_RESET"="\02." "IE4"=dword:00000000 "IAS"=dword:00000000 "GSTC"=dword:00000018 "STC"=dword:00000000 "AVGSEARCH"="0.07" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(640) c:\windows\System32\ODBC32.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'lsass.exe'(696) c:\windows\System32\dssenh.dll . - - - - - - - > 'explorer.exe'(2496) c:\windows\System32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\wanmpsvc.exe . ************************************************************************** . Completion time: 2011-11-01 22:28:49 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-01 22:28 . Pre-Run: 23,821,475,840 bytes free Post-Run: 23,756,296,192 bytes free . winxpsp1_en_hom_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect . - - End Of File - - 36BE41720041FF3196C3705F5BACFB3C DDS Files . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2800.1106 Run by Geoffery at 22:29:37 on 2011-11-01 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.254.85 [GMT 0:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.freeserve.com/ uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - c:\progra~1\orange3\orange3.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: Freeserve: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\freese~1\fsbar\FSBar.dll TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - c:\progra~1\orange3\orange3.dll EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe" mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol70t~1.lnk - c:\program files\aol 7.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: orange search - file://c:\program files\orange3\cache\SelectedContextSearch.htm IE: Search with Freeserve - c:\progra~1\freese~1\fsbar\FSBar.dll/VSearch.htm IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284129697171 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{3E176829-9D27-47D4-A4CE-0834311C956E} : DhcpNameServer = 192.168.1.254 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\geoffery\application data\mozilla\firefox\profiles\w34bwcdg.default\ FF - prefs.js: network.proxy.type - 0 . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936] R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\Savrtpel.sys [2002-7-25 34992] S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408] S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176] S3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\Navapsvc.exe [2002-8-19 116336] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20030227.004\NAVENG.SYS [2003-5-16 61732] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20030227.004\NAVEX15.SYS [2003-5-16 519333] S3 SAVRT;SAVRT;c:\windows\system32\drivers\savrt.sys [2002-7-25 235184] . =============== Created Last 30 ================ . 2011-11-01 21:58:51 -------- d-sha-r- C:\cmdcons 2011-11-01 21:56:44 98816 ----a-w- c:\windows\sed.exe 2011-11-01 21:56:44 518144 ----a-w- c:\windows\SWREG.exe 2011-11-01 21:56:44 256000 ----a-w- c:\windows\PEV.exe 2011-11-01 21:56:44 208896 ----a-w- c:\windows\MBR.exe 2011-10-26 21:51:45 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-10-26 21:51:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-10-26 21:10:00 -------- d-----w- c:\documents and settings\geoffery\local settings\application data\Mozilla 2011-10-26 21:00:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-26 20:53:51 -------- d-----w- c:\documents and settings\geoffery\local settings\application data\Google 2011-10-26 19:10:57 -------- d-----w- c:\documents and settings\geoffery\application data\Malwarebytes 2011-10-26 19:07:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-10-26 19:07:43 20552 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-26 19:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-26 19:03:39 21760 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2011-10-25 21:57:29 151552 ----a-w- c:\windows\system32\igfxres.dll 2011-10-25 21:48:07 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2011-10-25 21:48:07 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys 2011-10-25 21:48:04 86074 -c--a-w- c:\windows\system32\dllcache\voicesub.dll 2011-10-25 21:48:04 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll 2011-10-25 21:48:04 426042 -c--a-w- c:\windows\system32\dllcache\voicepad.dll 2011-10-25 21:48:00 72192 -c--a-w- c:\windows\system32\dllcache\uniime.dll 2011-10-25 21:46:49 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys 2011-10-25 21:45:46 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe 2011-10-25 21:42:21 43008 -c--a-w- c:\windows\system32\dllcache\wab.exe 2011-10-25 21:40:30 83968 -c--a-w- c:\windows\system32\dllcache\mtxoci.dll 2011-10-25 21:30:28 7046 ----a-r- c:\windows\SET72.tmp 2011-10-25 21:30:26 13608 ----a-r- c:\windows\SET54.tmp 2011-10-25 21:30:24 1086182 ----a-r- c:\windows\SET3F.tmp 2011-10-25 20:57:43 20480 ----a-w- c:\windows\system32\hidserv.dll 2011-10-25 20:57:41 13952 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-10-25 20:57:35 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-10-25 20:54:15 7046 ----a-r- c:\windows\SET71.tmp 2011-10-25 20:54:13 13608 ----a-r- c:\windows\SET53.tmp 2011-10-25 20:54:11 1086182 ----a-r- c:\windows\SET3E.tmp 2011-10-25 19:47:42 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2011-10-25 19:47:42 24661 ----a-w- c:\windows\system32\spxcoins.dll 2011-10-25 19:47:42 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2011-10-25 19:47:42 13312 ----a-w- c:\windows\system32\irclass.dll 2011-10-25 19:47:22 7046 ----a-r- c:\windows\SETB1.tmp 2011-10-25 19:47:21 13608 ----a-r- c:\windows\SET93.tmp 2011-10-25 19:47:16 1086182 ----a-r- c:\windows\SET7E.tmp . ==================== Find3M ==================== . . ============= FINISH: 22:30:02.60 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 25/10/2011 23:48:26 System Uptime: 01/11/2011 22:20:59 (0 hours ago) . Motherboard: Dell Computer Corporation | | 07W080 Processor: Intel® Pentium® 4 CPU 2.00GHz | Socket 478 | 1993/400mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 28 GiB total, 22.15 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 25/10/2011 22:53:29 - System Checkpoint RP2: 26/10/2011 23:24:50 - System Checkpoint RP3: 01/11/2011 21:57:02 - ComboFix created restore point . ==== Installed Programs ====================== . Adobe Download Manager 2.0 (Remove Only) Adobe Reader 6.0.1 AOL UK BACS Broadcom Advanced Control Suite Canon PhotoRecord Canon PowerShot A200 WIA Driver Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.5 Canon Utilities ZoomBrowser EX Conexant SmartHSFi V92 56K DF PCI Modem Dell Picture Studio - Dell Image Expert Dell Solution Center Digital Line Detect DVDSentry Easy CD Creator 5 Basic Freeserve Search toolbar Help and Support Customization Intel® Extreme Graphics Driver Lexmark Supplies Monitor Lexmark Z25-Z35 LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft Works 7.0 Modem Helper Mozilla Firefox 7.0.1 (x86 en-GB) NetWaiting Norton AntiVirus 2003 Orange Search Toolbar Paint Shop Pro 7 PowerDVD RealPlayer Basic Search Relevancy Security Update for Step By Step Interactive Training (KB898458) SUPERAntiSpyware Tiscali 10.0 Tiscali Messenger 2.0 Viewpoint Media Player (Remove Only) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) . ==== Event Viewer Messages From Past Week ======== . 26/10/2011 22:00:57, error: Service Control Manager [7034] - The WinTools for IE service service terminated unexpectedly. It has done this 1 time(s). 25/10/2011 23:58:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ZESOFT service to connect. 25/10/2011 23:58:41, error: Service Control Manager [7000] - The ZESOFT service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 25/10/2011 23:49:02, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. 25/10/2011 23:43:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} 01/11/2011 22:23:04, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Terminal Services service to connect. 01/11/2011 22:23:04, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 01/11/2011 22:23:04, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service. 01/11/2011 22:23:04, error: Service Control Manager [7000] - The Terminal Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== Once again Thanks for your help! Regards David
  3. Fordy
    Hi, Someone has brought me their PC to try and assist as they believe it has a trojan virus. The PC would not boot up and was booting into a blue screen with lots of writing on it. They booted from the original CD ROM and reinstalled Windows. This then allowed them to start windows but when they did they were faced with lots of pop ups regarding issues with RAM and the hard drive and what appeared to be the Windows recovery console was displayed. At this point they ran a Malwarebytes quick scan which picked up a large number of issues. They also then installed superantispyware which found a lot more issues. They selected for the software to deal with the problems on both occasions and now the pop ups etc have stopped. What they now have is a PC which appears to be on a very old version of windows prior to service pack 1a. On one of the user profiles the files still appear to be hidden following the virus. On selecting to install new files on the PC itbrings up the error "the procedure entry point xx could not be located in the dynamic link library xx". This is all beyond my nunderstanding so I was hoping that you can help to just ensure all virus issues have been sorted and restore the PC to be fully working again. I've run the dds application and got the following: dds . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2800.1106 Run by Geoffery at 19:53:06 on 2011-10-27 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.254.43 [GMT 1:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\WINDOWS\System32\lexpps.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.freeserve.com/ uDefault_Page_URL = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm uSearch Bar = hxxp://www.websearch.com/ie.aspx?tb_id=50245 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.websearch.com/ie.aspx?tb_id=50245 mCustomizeSearch = uURLSearchHooks: H - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - c:\progra~1\orange3\orange3.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: Freeserve: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\freese~1\fsbar\FSBar.dll TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - c:\progra~1\orange3\orange3.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe mRun: [ccRegVfy] c:\program files\common files\symantec shared\ccRegVfy.exe mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe" mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: orange search - file://c:\program files\orange3\cache\SelectedContextSearch.htm IE: Search with Freeserve - c:\progra~1\freese~1\fsbar\FSBar.dll/VSearch.htm IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284129697171 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{3E176829-9D27-47D4-A4CE-0834311C956E} : DhcpNameServer = 192.168.1.254 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxsrvc.dll SEH: {9914B4D2-F63E-48C1-ABA6-635153835DAC} - No File SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 c:\windows\system32\gebca.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\geoffery\application data\mozilla\firefox\profiles\w34bwcdg.default\ FF - prefs.js: network.proxy.type - 0 . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-8-8 308936] R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\Navapsvc.exe [2002-8-19 116336] R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\Savrtpel.sys [2002-7-25 34992] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20030227.004\NAVENG.SYS [2003-5-16 61732] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20030227.004\NAVEX15.SYS [2003-5-16 519333] R3 SAVRT;SAVRT;c:\windows\system32\drivers\savrt.sys [2002-7-25 235184] S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2001-8-13 54408] S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-8-19 63176] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . . ============= FINISH: 19:54:17.01 =============== attach UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 25/10/2011 23:48:26 System Uptime: 27/10/2011 07:36:37 (12 hours ago) . Motherboard: Dell Computer Corporation | | 07W080 Processor: Intel® Pentium® 4 CPU 2.00GHz | Socket 478 | 1993/400mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 28 GiB total, 22.303 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 25/10/2011 22:53:29 - System Checkpoint RP2: 26/10/2011 23:24:50 - System Checkpoint . ==== Installed Programs ====================== . Adobe Download Manager 2.0 (Remove Only) Adobe Reader 6.0.1 AOL UK BACS Broadcom Advanced Control Suite Canon PhotoRecord Canon PowerShot A200 WIA Driver Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.5 Canon Utilities ZoomBrowser EX Conexant SmartHSFi V92 56K DF PCI Modem Dell Picture Studio - Dell Image Expert Dell Solution Center Digital Line Detect DVDSentry Easy CD Creator 5 Basic Freeserve Search toolbar Help and Support Customization Intel® Extreme Graphics Driver Lexmark Supplies Monitor Lexmark Z25-Z35 LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft Works 7.0 Modem Helper Mozilla Firefox 7.0.1 (x86 en-GB) NetWaiting Norton AntiVirus 2003 Orange Search Toolbar Paint Shop Pro 7 PowerDVD RealPlayer Basic Search Relevancy Security Update for Step By Step Interactive Training (KB898458) SelectRebates SUPERAntiSpyware Tiscali 10.0 Tiscali Messenger 2.0 Viewpoint Media Player (Remove Only) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) . ==== Event Viewer Messages From Past Week ======== . 26/10/2011 22:00:57, error: Service Control Manager [7034] - The WinTools for IE service service terminated unexpectedly. It has done this 1 time(s). 25/10/2011 23:58:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ZESOFT service to connect. 25/10/2011 23:58:41, error: Service Control Manager [7000] - The ZESOFT service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 25/10/2011 23:49:02, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. 25/10/2011 23:43:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} . ==== End Of File =========================== Hope you can help. Regards David
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.