Jump to content

MWBytes locks up possibly infected


Recommended Posts

Hi. I'm getting some problems on my XP notebook that's looking like infection.

One thing is that although my wireless works, I can't open network connections from anyplace nor can I get into properties for the network adapter to set the TCP/IP etc.

Avira Free did find a trojan amongst my files and dealt with it - that may be incidental . I'll tack the Avira report on the end of this in case it's helpful. When I run MWBAM, it gets stuck partway through with the CPU at 100% and I have to hard restart to get out of it. So I can't get any new logs with it, either.

For infomation purposes, I should add that I actually have another nearly identical notebook that is a recent clone of this system and it's also freezing when I run MWBAM and also when I run SAS. Also, not with Avira. A common symptom with both. Also the cloned one has other, more serious problems that are different.

But one at a time (or I can just reclone) The logs for this one follow.

I do appreciate any help, thanks !

________________________________________________________________________________

__________________________________________

DDS (Ver_09-09-29.01) - NTFSx86

Run by admin at 20:42:57.34 on Mon 03/22/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.978 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

svchost.exe

C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Folder Shield\FSService.exe

C:\Program Files\Folder Shield\fsp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\TPHDEXLG.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SafeGuard\SafeGuard PrivateDisk\pdservice.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Notebook Hardware Control\nhc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\IBM\Bluetooth Software\BTTray.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\OpenWide\openwide.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Documents and Settings\admin\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: HDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\hughesnet download manager\iefdm2.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [s3TRAY2] S3Tray2.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [PDService.exe] "c:\program files\safeguard\safeguard privatedisk\pdservice.exe"

mRun: [TpShocks] TpShocks.exe

mRun: [NotebookHardwareControl] "c:\program files\notebook hardware control\nhc.exe" -quiet

mRun: [TrackPointSrv] tp4serv.exe

mRun: [fspr] "c:\program files\folder shield\FolderShield.exe" CR

mRun: [bMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE

mRun: [bMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor

mRun: [bLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [bMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\admin\startm~1\programs\startup\openwide.lnk - c:\program files\openwide\openwide.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ibm\bluetooth software\BTTray.exe

uPolicies-explorer: NoActiveDesktop = 01000000

uPolicies-explorer: NoLogoff = 01000000

uPolicies-explorer: NoSMMyDocs = 00000000

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

uPolicies-explorer: NoWinKeys = 01000000

uPolicies-explorer: NoRecentDocsNetHood = 01000000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlall.htm

IE: Download selected with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlselected.htm

IE: Download video with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlfvideo.htm

IE: Download with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dllink.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: {7BBC43BC-B540-4F3F-9F18-B872BEB00D69} = 192.168.1.1

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: tpfnf2 - notifyf2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\1kj5inh9.firefox 3beta\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=3vc40vf47avlj|http://www.geekgirls.com/windows_sendto.htm|http://www.enlacedelacosta.com/

FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\1kj5inh9.firefox 3beta\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\program files\hughesnet download manager\firefox\extension\components\vmsfdmff.dll

FF - plugin: c:\documents and settings\admin\local settings\application data\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 bxShield;BAxBEx File Protector;c:\windows\system32\drivers\bxshield.sys --> c:\windows\system32\drivers\bxShield.sys [?]

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-9-28 103472]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-28 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2009-6-12 16384]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-28 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-28 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-28 56816]

R2 FSService;FSService;c:\program files\folder shield\FSService.exe [2003-5-26 28672]

R2 PrivateDisk;PrivateDisk;c:\program files\safeguard\safeguard privatedisk\privatediskm.sys [2007-9-7 57856]

S2 gupdate1c98ff01efd4a50;Google Update Service (gupdate1c98ff01efd4a50);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]

S2 netflowanalyzer;ManageEngine NetFlow Analyzer 7;c:\advent~1\me\netflow\bin\wrapper.exe -s c:\advent~1\me\netflow\bin\\..\server\default\conf\wrapper.conf --> c:\advent~1\me\netflow\bin\wrapper.exe -s c:\advent~1\me\netflow\bin\\..\server\default\conf\wrapper.conf [?]

S2 scrutinizer;Scrutinizer Netflow Collector;c:\scruti~1\html\scrut_collector.exe --> c:\scruti~1\html\scrut_collector.exe [?]

S2 scrutinizer_filed;Scrutinizer Filer Service;c:\scruti~1\html\scrut_filer.exe --> c:\scruti~1\html\scrut_filer.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-16 38224]

S3 pmxscan;Visioneer USB Service;c:\windows\system32\drivers\usbscan.sys [2008-7-4 15104]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

S3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2003-8-18 13904]

S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2006-8-24 477696]

S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2009-3-27 280064]

=============== Created Last 30 ================

2010-03-22 09:05 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll

2010-03-22 09:05 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe

2010-03-22 09:05 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-03-22 09:05 17,408 a------- c:\windows\system32\dllcache\xrxscnui.dll

2010-03-22 09:05 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe

2010-03-22 09:05 99,865 a------- c:\windows\system32\dllcache\xlog.exe

2010-03-22 09:05 28,288 a------- c:\windows\system32\dllcache\xjis.nls

2010-03-22 09:05 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys

2010-03-22 09:05 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys

2010-03-22 09:05 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys

2010-03-22 09:05 8,832 a------- c:\windows\system32\dllcache\wmiacpi.sys

2010-03-22 09:03 37,961 a------- c:\windows\system32\dllcache\tdk100b.sys

2010-03-22 09:02 9,216 a------- c:\windows\system32\dllcache\rsmgrstr.dll

2010-03-22 09:01 51,552 a------- c:\windows\system32\dllcache\ntgrip.sys

2010-03-22 09:00 4,992 a------- c:\windows\system32\dllcache\loop.sys

2010-03-22 08:59 126,976 a------- c:\windows\system32\dllcache\hpgt34tk.dll

2010-03-22 08:58 236,060 a------- c:\windows\system32\dllcache\ditrace.exe

2010-03-22 08:57 173,602 a------- c:\windows\system32\dllcache\c_10008.nls

2010-03-22 08:56 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll

2010-03-22 08:56 169,984 a------- c:\windows\system32\dllcache\iisui.dll

2010-03-22 08:56 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll

2010-03-22 08:56 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe

2010-03-22 08:56 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll

2010-03-22 08:56 14,336 a------- c:\windows\system32\dllcache\iisreset.exe

2010-03-22 08:56 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll

2010-03-22 08:56 94,720 a------- c:\windows\system32\dllcache\certmap.ocx

2010-03-21 09:19 36,187 a------- C:\pizza.jpg

2010-03-12 12:41 167,936 a------- c:\windows\system32\SendToToys.cpl

2010-03-12 12:41 90,112 a------- c:\windows\SendToClip.exe

2010-03-12 12:41 <DIR> --d----- c:\program files\Send To Toys

2010-03-12 12:25 <DIR> --d----- c:\program files\ContextMenuEditor

2010-03-12 10:15 <DIR> --d----- c:\program files\NirSoft

2010-03-11 08:21 <DIR> --d----- c:\program files\AutoStreamer

2010-03-11 08:00 <DIR> --d----- c:\docume~1\admin\applic~1\HughesNet Download Manager

2010-03-11 08:00 <DIR> --d----- c:\program files\HughesNet Download Manager

2010-03-09 22:52 <DIR> --d----- c:\program files\Seagate

2010-03-09 22:01 <DIR> --d----- c:\program files\Western Digital Corporation

2010-03-09 17:47 <DIR> --d----- c:\program files\ACW

2010-03-09 17:28 <DIR> --dshr-- C:\cmdcons

2010-03-09 17:28 <DIR> --d----- c:\windows\setup.pss

2010-03-09 17:27 <DIR> --d----- c:\windows\setupupd

2010-03-08 20:41 <DIR> --d----- c:\program files\nLite

==================== Find3M ====================

2010-03-22 20:40 28,276 a------- c:\windows\system32\drivers\MxlW2k.sys

2010-03-22 20:24 22,528 a------- c:\windows\system32\drivers\nhcDriver.sys

2010-03-10 00:55 1,180,672 a------- c:\windows\system32\AutoPartNt.exe

2009-12-31 10:14 352,640 a------- c:\windows\system32\dllcache\srv.sys

2008-10-28 10:24 3,686,400 a------- c:\documents and settings\admin\ddwrt.bin

2008-04-29 17:35 87,608 a------- c:\docume~1\admin\applic~1\inst.exe

2008-04-29 17:35 47,360 a------- c:\docume~1\admin\applic~1\pcouffin.sys

2007-10-11 20:00 5,689,344 a------- c:\program files\mplayerc.exe

1998-11-17 11:09 24,576 a------- c:\windows\inf\Vizpnpin.exe

1998-10-12 11:23 40,960 a------- c:\windows\inf\vizpnp\Vipersti.dll

1998-07-30 12:44 19,112 a------- c:\windows\inf\vizpnp\Pmxscan.sys

============= FINISH: 20:43:18.29 ===============

________________________________________________________________________________

__________________________________________

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-22 22:06:55

Windows 5.1.2600 Service Pack 2

Running: rypehzj1.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\kwrcqpob.sys

---- System - GMER 1.0.15 ----

SSDT F7AA9BBE ZwCreateKey

SSDT F7AA9BB4 ZwCreateThread

SSDT F7AA9BC3 ZwDeleteKey

SSDT F7AA9BCD ZwDeleteValueKey

SSDT F7AA9BD2 ZwLoadKey

SSDT F7AA9BA0 ZwOpenProcess

SSDT F7AA9BA5 ZwOpenThread

SSDT F7AA9BDC ZwReplaceKey

SSDT F7AA9BD7 ZwRestoreKey

SSDT F7AA9BC8 ZwSetValueKey

SSDT F7AA9BAF ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bxShield.sys

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Library C:\Program Files\Folder Shield\fsp.exe (*** hidden *** ) @ C:\Program Files\Folder Shield\fsp.exe [816] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e075b1eb

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e075b1eb@001a45c1a395 0x57 0x81 0xA7 0x03 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e079fbd6

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x88 0xAC 0xD7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x62 0x16 0x55 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x12 0x24 0x2D 0x28 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x22 0x9B 0x50 0x1D ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x56 0xF8 0xF1 0x64 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0020e075b1eb (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0020e075b1eb@001a45c1a395 0x57 0x81 0xA7 0x03 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0020e079fbd6 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEC 0x88 0xAC 0xD7 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x62 0x16 0x55 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x12 0x24 0x2D 0x28 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x22 0x9B 0x50 0x1D ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x56 0xF8 0xF1 0x64 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F472E88-2DEE-5309-607A-E094B3C51D4D}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F472E88-2DEE-5309-607A-E094B3C51D4D}@jakdillkanebjlnoggdm 0x6A 0x61 0x6F 0x65 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F472E88-2DEE-5309-607A-E094B3C51D4D}@iaidojpahidjcmbcfa 0x6A 0x61 0x61 0x66 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F472E88-2DEE-5309-607A-E094B3C51D4D}@haocaefdflcnjjbk 0x61 0x61 0x00 0x00

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F472E88-2DEE-5309-607A-E094B3C51D4D}@haocaefdelponika 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.15 ----

________________________________________________________________________________

____________________________________

Avira AntiVir Personal

Report file date: Monday, March 22, 2010 06:38

Scanning for 1879445 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : STEVEST42

Version information:

BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 1/7/2010 18:14:29

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:14:29

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 18:14:29

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 19:09:51

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:25:15

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 21:16:10

VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 21:16:11

VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 21:16:12

VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 21:16:14

VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 21:16:15

VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 21:16:19

VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 21:16:21

VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 21:16:25

VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 21:16:26

VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 22:34:03

VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 22:34:17

VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:35:03

VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 15:54:38

VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 15:54:41

VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 15:54:43

VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:54:47

VBASE020.VDF : 7.10.5.139 2048 Bytes 3/18/2010 15:54:48

VBASE021.VDF : 7.10.5.140 2048 Bytes 3/18/2010 15:54:49

VBASE022.VDF : 7.10.5.141 2048 Bytes 3/18/2010 15:54:51

VBASE023.VDF : 7.10.5.142 2048 Bytes 3/18/2010 15:54:52

VBASE024.VDF : 7.10.5.143 2048 Bytes 3/18/2010 15:54:53

VBASE025.VDF : 7.10.5.144 2048 Bytes 3/18/2010 15:54:54

VBASE026.VDF : 7.10.5.145 2048 Bytes 3/18/2010 15:54:55

VBASE027.VDF : 7.10.5.146 2048 Bytes 3/18/2010 15:54:57

VBASE028.VDF : 7.10.5.147 2048 Bytes 3/18/2010 15:54:58

VBASE029.VDF : 7.10.5.148 2048 Bytes 3/18/2010 15:54:59

VBASE030.VDF : 7.10.5.149 2048 Bytes 3/18/2010 15:55:00

VBASE031.VDF : 7.10.5.155 59392 Bytes 3/19/2010 15:55:02

Engineversion : 8.2.1.196

AEVDF.DLL : 8.1.1.3 106868 Bytes 1/24/2010 19:11:44

AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/20/2010 15:55:49

AESCN.DLL : 8.1.5.0 127347 Bytes 3/6/2010 21:17:05

AESBX.DLL : 8.1.2.1 254323 Bytes 3/20/2010 15:55:51

AERDL.DLL : 8.1.4.3 541043 Bytes 3/20/2010 15:55:43

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/20/2010 15:55:37

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/20/2010 15:55:30

AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/20/2010 15:55:27

AEHELP.DLL : 8.1.10.2 237941 Bytes 3/20/2010 15:55:13

AEGEN.DLL : 8.1.3.2 373108 Bytes 3/20/2010 15:55:11

AEEMU.DLL : 8.1.1.0 393587 Bytes 10/4/2009 00:44:02

AECORE.DLL : 8.1.12.3 188789 Bytes 3/20/2010 15:55:07

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 9/10/2009 04:17:44

AVREP.DLL : 8.0.0.7 159784 Bytes 2/17/2010 21:19:11

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 22:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 22:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 1/7/2010 18:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: delete

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Monday, March 22, 2010 06:38

Starting search for hidden objects.

'38341' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'SansaDispatch.exe' - '1' Module(s) have been scanned

Scan process 'bxExpHelper.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned

Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned

Scan process 'openwide.exe' - '1' Module(s) have been scanned

Scan process 'BTTray.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'schedhlp.exe' - '1' Module(s) have been scanned

Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned

Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'nhc.exe' - '1' Module(s) have been scanned

Scan process 'TpShocks.exe' - '1' Module(s) have been scanned

Scan process 'pdservice.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'WinPatrol.exe' - '1' Module(s) have been scanned

Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'TPHDEXLG.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SMAgent.exe' - '1' Module(s) have been scanned

Scan process 'fsp.exe' - '1' Module(s) have been scanned

Module is OK -> 'C:\Program Files\Folder Shield\fsp.exe'

[WARNING] The file could not be opened!

Scan process 'FSService.exe' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'schedul2.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

52 processes with 52 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '73' files ).

Starting the file scan:

Begin scan in 'C:\' <BootDrive32GB>

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <DATA80GB>

D:\ARCHIVED S O F T W A R E\MICROSOFT XP+OFFICE\Autostreamer +Installerpacks\odyn1982_AudioUtilities_Addon_v2.7.cab.part

[0] Archive type: CAB (Microsoft)

--> AEncoder.in_

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

D:\My Pictures\Foxit PDF Editor Setup.exe

[0] Archive type: NSIS

--> [PluginsDir]/Apps.exe

[DETECTION] Is the TR/Dldr.Agent.ciqh.7 Trojan

[NOTE] A backup was created as '4c1f7e96.qua' ( QUARANTINE )

[NOTE] The file was deleted!

End of the scan: Monday, March 22, 2010 08:34

Used time: 1:55:43 Hour(s)

The scan has been done completely.

15700 Scanned directories

542846 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

1 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

4 Files cannot be scanned

542841 Files not concerned

28739 Archives were scanned

6 Warnings

3 Notes

38341 Objects were scanned with rootkit scan

0 Hidden objects were found

Link to post
Share on other sites

  • Staff

Hi,

Your problem doesn't appear to be malware related here, but rather an issue with other 3rd party software installed.

First of all, can you test if malwarebytes runs in Windows safe mode?

Also, for your networking connections issue, any reason that your "Folder Shield" may be interfering here and causing issues? Because I can also see that Folder shield *may* interfere with malwarebytes scan though.

Also, you say you're having the same issue with superantispyware, so it's clear here that it's not an issue with malwarebytes itself, but with some 3rd party software installed.

In either way, try in Windows safe mode first. If it works OK there, then it will be a matter of testing what other software you have installed is causing your issues. Main culprits are extra security tools (which would need extra configuaration), but the only way to find out is to uninstall first and see if the rest works again. Once the culprit is found, then we know where to search/modify further.

Link to post
Share on other sites

Hi. I appreciate your help and am happy to hear that this one is not appearing to be infected. I still have not been able to track down my network connections / connection properites problem, but if that's just the OS, I'm ok.

I could not start safe mode on this machine (safe mode seems to fail a lot in XP), but I did uninstall foldershield and now MWBAM and SAS will run and both showed me clean.

Funny, I've had foldershield installed for years and never had a problem with it.

Thanks for your help and I suppose that I should move over to a different forum for my OS problems. As long as it's not infection all is well !

The odd thing is that my clone notebook is now so clogged up it's worthless, and it's problems started showing up the same way; lockups when scanning with anything but Avira. At this point, it starts up and then svchost and WinPatrol immediately start battling for 100% CPU. Various things have been found and it's definitely infected. It took out my keyboard completely the other day, but I got that back with a reg fix.

But if I can get this one tuned up, I'll just re-clone and forget about the details ! These infections are getting nasty !

Again, thank you, :) and let me know if I should post any more logs to be sure.

Cheers,

Steve

Link to post
Share on other sites

  • Staff

Hi,

but I did uninstall foldershield and now MWBAM and SAS will run and both showed me clean.
Well, it looks like we found the culprit already. Foldershield was basically my first suspicion - otherwise I wouldn't have mentioned it. I can see such programs causing a lot of problems for scanners if not correctly configured.

Probably a wrong setting or where foldershield didn't "behave" as it should behave because of an incompatibilty issue with other software and/or hardware.

But if I can get this one tuned up, I'll just re-clone and forget about the details ! These infections are getting nasty !
Well that's actually a good idea.

So basically, it's now only your network connection/properties that still won't open?

In either way, what I first suggest is to take a clone of your XP already, this to be on the safe side, and then UPDATE your Windows, because you're still on service pack 2. Updating Windows may already solve a lot of problems.

Extra note, before updating, I would uninstall any extra security programs/tools - this so the update can go without any problems, because some security tools *may* interfere with that. This also includes safeguard privatedisk you have installed here + Winpatrol and Avira. I understand that you want all these extra security guards, but keep in mind that an overload of security tools may rather cause problems than anything else + it requires a lot extra from your cpu as well. So don't exaggerate here. I would stick with avira and Winpatrol + mbam and/or SAS afterwards, but no need for the extra folder guards etc etc. After all, you have Acronis here, so if something happens, you always have your Acronis backups to restore. A good backup manager is what everyone should have. I recommend it more than an overload of security tools. Btw, I'm actually wondering if Safeguard Private disk and Foldershield work well with Acronis backup (if incredimental backups are created), because if certain folders are locked/encrypted, I always wonder how Acronis deals with them either... this especially since other scanners/tools also freeze/lock up because of folder shield.

Once you have installed Service Pack 3, then you can reinstall those tools/programs again, but make sure you install the latest versions of them as well (and not older versions). This also applies for Acronis if you're still using an older version.

Link to post
Share on other sites

Probably a wrong setting or where foldershield didn't "behave" as it should behave because of an incompatibilty issue with other software and/or hardware.

So basically, it's now only your network connection/properties that still won't open?

In either way, what I first suggest is to take a clone of your XP already, this to be on the safe side, and then UPDATE your Windows, because you're still on service pack 2. Updating Windows may already solve a lot of problems.

Extra note, before updating, I would uninstall any extra security programs/tools - this so the update can go without any problems,

I'm actually wondering if Safeguard Private disk and Foldershield work well with Acronis backup

Once you have installed Service Pack 3, then you can reinstall those tools/programs again,

Yes, no access to TCP/IP is my basic problem now. Also no safe mode, but that's idiosyncracy of windows, I suppose. Sure could use it at times.

Great advice, "clone a safety backup, then uninstall security , update, then re-clone a working updated system" , thanks.

Funny, I thought that I was already on SP3 until I checked. Due to a succesion of stupid errors and Murphy's laws, I have lost my original updated system, then found that the newish exterior hard disk with the clone and backups was bad, then finally went to my backup pc with it's SP2 clone of my currnet system. That became the current (out of date) system that I cloned from. A mess, but at least 2 belts and 2 suspenders somehow kept my pants up in the worst case.

Foldershield is simple and has few settings that could make a difference other than running as a service, but fine, it's gone. Safeguard private disk is a small (5GB) safe where I keep sensitive files. Not my C drive or anything. It needs to stay. It's a weird one though, unistalling it just strands those partitions. So far, Acronis has dealt with it fine on clones but I have only made backups, never restored them.

Nice to hear that you think I'm exaggerating on security ! Actually, I only run Avira and WinPatrol realtime. I use MWBAM and SAS as backup scanners. That's it. I'm now thinking of running Comodo firewall +, to protect the outgoing, but have been happy so far with Windows firewall.

I surely appreciate your help and apologize for taking up valuble infection response resources (YOU) with an OS problem.

You folks are some of the heroes of our day, really. The whitehats. Thanks for your service to all, and thanks to MWBAM for supporting this !

Cheers,

Steve

Link to post
Share on other sites

  • Staff

The current security programs you have installed are fine. I'm just mentioning this, because some people really exaggerate with them and install every extra security scanners/tools they can find with as a result that their system just locks up frequently and a lot of extra problems arise.

Anyway, let's see if an update to service pack 3 will fix some of your other issues as well. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.