Jump to content

Infected with antimalware doctor/ Mbam Keeps Crashing


Recommended Posts

Hello, some how recently got infected with this anti malware doctor

i recently read the instructions on mybleeping computer to download a program called rkill

however when trying to run this program, my computer restarted and now is in a reboot cycle every time i see the windows splash screen it restarts i have now fixed this by weriting the mbr, however now m,y computer is extremelly slow,

and malwarebytes keeps freezing/crashing at around 40 seconds into the scan, it does not freeze or crash my computer the program freezes and to end i have to use ctrl alt del

can anyone help as i no im still infected and need to remove this virus/malware

can anyone help please?

Link to post
Share on other sites

HERE ARE MY LOGS

DDS

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Craig at 3:25:17.09 on 22/03/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2248 [GMT 0:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\BinarySense\disksvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe

C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hard Disk Sentinel\HDSentinel.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Opera\Opera.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\dds.scr

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: GetRight IE Download Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot

mRun: [Hard Disk Sentinel] "c:\program files\hard disk sentinel\HDSentinel.exe" /AUTORUN

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuswi~1.lnk - c:\program files\asus wifi-ap solo\RtWLan.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: microsoft.com\www.update

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\common files\binarysense\hlAPP.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\craig\applic~1\mozilla\firefox\profiles\thqv6y6g.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll

FF - plugin: c:\documents and settings\craig\application data\mozilla\firefox\profiles\thqv6y6g.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\craig\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

============= SERVICES / DRIVERS ===============

.

R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [2009-3-4 77472]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-2-23 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-2-23 173104]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-1-19 911680]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-4 11448]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-2-23 501888]

R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [2009-3-4 155648]

R1 s32ait;s32ait;c:\windows\system32\drivers\s32ait.sys [2004-8-31 14208]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-2-23 116784]

R1 TSKNF900.SYS;TSKNF900.SYS;c:\windows\system32\drivers\Tsknf900.sys [2009-12-31 17672]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-11-29 17056]

R2 HDD & SSD access service;HDD & SSD access service;c:\program files\common files\binarysense\disksvc.exe [2010-6-22 165888]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-22 363344]

R2 MSSQL$BKUPEXEC;MSSQL$BKUPEXEC;c:\program files\microsoft sql server\mssql$bkupexec\binn\sqlservr.exe -sbkupexec --> c:\program files\microsoft sql server\mssql$bkupexec\binn\sqlservr.exe -sBKUPEXEC [?]

R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2011-2-23 126392]

R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [2009-12-31 1170304]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-23 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110317.005\IDSXpx86.sys [2011-3-22 341944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-22 20952]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110321.019\NAVENG.SYS [2011-3-21 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110321.019\NAVEX15.SYS [2011-3-21 1360760]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 27168]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-2-20 332928]

R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-2-20 13532]

S1 efbDisk;efbDisk; [x]

S1 SCSIChanger;SCSIChanger;c:\windows\system32\drivers\SCSICHNG.SYS [2003-9-18 16136]

S1 sonysdx-VRTS;sonysdx-VRTS;c:\windows\system32\drivers\sonysdx.sys [2009-11-1 36936]

S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-1-19 160288]

S3 CW100;CW100 Device;c:\windows\system32\drivers\CW100.sys [2009-9-16 24092]

S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo hdd control\DfSdkS.exe [2009-11-1 410976]

S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 27168]

S3 SQLAgent$BKUPEXEC;SQLAgent$BKUPEXEC;c:\program files\microsoft sql server\mssql$bkupexec\binn\sqlagent.exe -i bkupexec --> c:\program files\microsoft sql server\mssql$bkupexec\binn\sqlagent.EXE -i BKUPEXEC [?]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-1-19 2480048]

S4 Backup Scheduler;Backup Scheduler;c:\program files\novastor\novastor novabackup\dr\cbp\DCSchdlerSRVC.exe [2009-3-4 98304]

S4 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\matco\BuzzSawService.exe [2007-7-23 327680]

S4 EraserSvc10923;Symantec Eraser Service;"c:\program files\norton 360\engine\4.1.0.32\ccsvchst.exe" /h cccommon --> c:\program files\norton 360\engine\4.1.0.32\ccSvcHst.exe [?]

S4 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\common files\binarysense\hldasvc.exe [2008-2-15 832760]

S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-4 712048]

S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-4 712048]

S4 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2008-11-2 254024]

S4 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]

S4 Real time Backup Loader;Real time Backup Loader;c:\program files\novastor\novastor novabackup\dr\FsLoader.exe [2009-3-4 90112]

S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]

S4 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-5-22 598856]

.

=============== Created Last 30 ================

.

2011-03-22 03:25:13 625664 ----a-w- C:\dds.scr

2011-03-22 02:39:03 -------- d-----w- c:\program files\Ace Utilities

2011-03-22 02:37:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-22 02:37:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-22 02:37:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-21 17:28:07 -------- d-----w- c:\docume~1\craig\applic~1\SUPERAntiSpyware.com

2011-03-21 07:01:16 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}

2011-03-21 04:18:26 -------- d-----w- c:\docume~1\craig\applic~1\OfferBox

2011-03-21 01:51:13 -------- d-----w- c:\program files\coverXP

2011-03-21 01:48:00 -------- d-----w- c:\docume~1\craig\locals~1\applic~1\MicroVision Applications

2011-03-21 01:47:37 25088 ----a-w- c:\windows\system32\shfolder.dll

2011-03-21 01:47:09 -------- d-----w- c:\program files\common files\SureThing Shared

2011-03-21 01:46:56 -------- d-----w- c:\program files\SureThing CD Labeler 5

2011-03-09 04:29:55 270848 -c----w- c:\windows\system32\dllcache\sbe.dll

2011-03-09 04:29:55 186880 -c----w- c:\windows\system32\dllcache\encdec.dll

2011-03-09 04:29:54 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe

2011-03-09 04:29:54 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll

2011-03-01 04:20:27 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll

2011-02-25 18:46:53 -------- d-----w- c:\program files\Crypto Systems

2011-02-25 11:09:40 -------- d-----w- c:\windows\system32\drivers\n360\0402000.00C

2011-02-23 20:12:29 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys

2011-02-23 20:12:29 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys

2011-02-23 20:12:28 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys

2011-02-23 20:12:28 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys

2011-02-23 20:12:28 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys

2011-02-23 20:12:28 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys

2011-02-23 20:12:28 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys

2011-02-23 20:12:28 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys

2011-02-23 20:12:14 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005

.

==================== Find3M ====================

.

2011-03-21 07:01:18 0 ----a-w- c:\windows\Qpepup.bin

2011-02-16 20:06:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

.

============= FINISH: 3:25:39.70 ===============

attatch.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks so much for your reply screen mate, here are my logs

ComboFix Log

ComboFix 11-03-24.01 - Craig 24/03/2011 19:26:26.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2300 [GMT 0:00]

Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\audiograbber\audiograbber.exe

c:\documents and settings\Craig\Application Data\Adobe\plugs

c:\documents and settings\Craig\Application Data\OfferBox

c:\documents and settings\Craig\Application Data\OfferBox\config.xml

c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}

c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\chrome.manifest

c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\chrome\content\_cfg.js

c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\chrome\content\overlay.xul

c:\documents and settings\Craig\Local Settings\Application Data\{402DB7CF-560F-4EA7-92B7-85079C3D4D32}\install.rdf

c:\documents and settings\Craig\My Documents\iexplore.exe

c:\windows\system32\wbem\svchost.jxe

.

.

((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))

.

.

2011-03-24 19:01 . 2011-03-24 19:01 -------- d-----w- c:\windows\LastGood

2011-03-24 18:54 . 2011-03-24 18:54 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2011-03-24 18:54 . 2011-03-24 18:54 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2011-03-24 18:54 . 2011-03-24 18:54 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2011-03-24 18:54 . 2011-03-24 18:54 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2011-03-24 18:54 . 2011-03-24 18:54 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2011-03-24 18:54 . 2011-03-24 18:54 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2011-03-24 18:54 . 2011-03-24 18:54 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2011-03-24 18:54 . 2011-03-24 18:54 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2011-03-24 18:54 . 2011-03-24 18:54 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2011-03-24 18:53 . 2011-03-24 18:53 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2011-03-24 18:53 . 2011-03-24 18:53 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2011-03-24 18:53 . 2011-03-24 18:53 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2011-03-24 18:53 . 2011-03-24 18:53 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2011-03-24 18:53 . 2011-03-24 18:53 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2011-03-24 18:53 . 2011-03-24 18:53 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2011-03-24 18:53 . 2011-03-24 18:53 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2011-03-24 18:53 . 2011-03-24 18:53 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2011-03-22 03:25 . 2011-03-22 03:06 625664 ----a-w- C:\dds.scr

2011-03-22 02:39 . 2011-03-22 02:39 -------- d-----w- c:\program files\Ace Utilities

2011-03-22 02:37 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-22 02:37 . 2011-03-22 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-22 02:37 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-21 17:28 . 2011-03-21 17:28 -------- d-----w- c:\documents and settings\Craig\Application Data\SUPERAntiSpyware.com

2011-03-21 01:51 . 2011-03-21 01:51 -------- d-----w- c:\program files\coverXP

2011-03-21 01:48 . 2011-03-21 01:48 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\MicroVision Applications

2011-03-21 01:47 . 2008-04-14 00:12 25088 ----a-w- c:\windows\system32\shfolder.dll

2011-03-21 01:47 . 2011-03-21 01:47 -------- d-----w- c:\program files\Common Files\SureThing Shared

2011-03-21 01:46 . 2011-03-21 01:48 -------- d-----w- c:\program files\SureThing CD Labeler 5

2011-03-09 04:29 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll

2011-03-09 04:29 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll

2011-03-09 04:29 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll

2011-03-09 04:29 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe

2011-03-01 04:20 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll

2011-02-25 18:46 . 2011-02-25 18:46 -------- d-----w- c:\program files\Crypto Systems

2011-02-25 18:46 . 2011-02-25 18:46 -------- d-----w- c:\documents and settings\Craig\Application Data\InstallShield

2011-02-25 11:09 . 2011-02-25 11:09 -------- d-----w- c:\windows\system32\drivers\N360\0402000.00C

2011-02-23 20:12 . 2011-02-24 20:07 -------- d-----w- c:\windows\system32\drivers\N360\0403000.005

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-16 20:06 . 2011-02-16 20:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-02-16 20:06 . 2011-02-16 20:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-02-09 13:53 . 2004-08-03 23:56 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-03 23:56 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2009-02-20 01:08 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2009-02-20 01:08 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-03 23:56 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-03 23:56 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2007-09-20 04:49 1854976 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-21 2424560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]

"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]

"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-09-08 3850752]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-2-20 995328]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

"EPSON Stylus D92 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "c:\windows\TEMP\E_S1EC.tmp" /EF "HKCU"

"Window Washer"=c:\program files\Webroot\Washer\wwDisp.exe

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe"

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

"HDDHealth"=c:\program files\HDD Health\HDDHealth.exe -wl

"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent

"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -RESTART

"Eraser RiskMonitor"="c:\program files\East-Tec Eraser 2009\Launch.exe" "c:\program files\East-Tec Eraser 2009\etRiskMon.exe"

"East-Tec Backup 2009"="c:\program files\East-Tec Backup\etBackup.exe" /startup

"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

"HDDtemp4"=c:\program files\BinarySense\HDDTemp4\\hddtemp4 /minimized

"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

"Google Update"="c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

"Mega Manager"=c:\program files\Megaupload\Mega Manager\MegaManager.exe /Tray

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe"

"WinampAgent"="c:\program files\Winamp\winampa.exe"

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Ashampoo HDD Control Guard"=c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe

"VxTaskbarMgr"=c:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe

"CorelGadget"=Rundll32.exe "c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll",LaunchGadget

"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" -START

"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

"ASUS Update Checker"=c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

"ESDRWSTT"=c:\program files\wGXe SOFTWARE\wGXe Data Recovery Professional\esdrwstt.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\VERITAS\\Backup Exec\\NT\\beremote.exe"=

"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

.

R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [04/03/2009 14:31 77472]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/03/2009 23:28 721904]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [23/02/2011 20:12 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [23/02/2011 20:12 173104]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [19/01/2010 18:20 911680]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [04/01/2010 05:50 11448]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [10/03/2011 21:44 800376]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [23/02/2011 20:12 501888]

R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [04/03/2009 14:31 155648]

R1 s32ait;s32ait;c:\windows\system32\drivers\s32ait.sys [31/08/2004 11:58 14208]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [23/02/2011 20:12 116784]

R1 TSKNF900.SYS;TSKNF900.SYS;c:\windows\system32\drivers\Tsknf900.sys [31/12/2009 20:00 17672]

R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [22/06/2010 17:40 165888]

R2 MSSQL$BKUPEXEC;MSSQL$BKUPEXEC;c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC --> c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC [?]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [23/02/2011 20:12 126392]

R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [31/12/2009 20:55 1170304]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/03/2011 14:54 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSXpx86.sys [22/03/2011 00:55 341944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/03/2011 02:37 20952]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [21/12/2009 14:34 27168]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [20/02/2009 02:00 332928]

R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [20/02/2009 03:47 13532]

S1 efbDisk;efbDisk; [x]

S1 SCSIChanger;SCSIChanger;c:\windows\system32\drivers\SCSICHNG.SYS [18/09/2003 20:23 16136]

S1 sonysdx-VRTS;sonysdx-VRTS;c:\windows\system32\drivers\sonysdx.sys [01/11/2009 03:17 36936]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/03/2011 02:37 363344]

S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [19/01/2010 18:21 160288]

S3 CW100;CW100 Device;c:\windows\system32\drivers\CW100.sys [16/09/2009 15:11 24092]

S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [01/11/2009 01:05 410976]

S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [21/12/2009 14:34 27168]

S3 SQLAgent$BKUPEXEC;SQLAgent$BKUPEXEC;c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC --> c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC [?]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]

S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [19/01/2010 18:21 2480048]

S4 Backup Scheduler;Backup Scheduler;c:\program files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe [04/03/2009 14:31 98304]

S4 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\MATCO\BuzzSawService.exe [23/07/2007 11:27 327680]

S4 EraserSvc10923;Symantec Eraser Service;"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe" /h ccCommon --> c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [?]

S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [04/03/2009 15:15 712048]

S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [04/03/2009 15:15 712048]

S4 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [02/11/2008 21:05 254024]

S4 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 14:05 14904]

S4 Real time Backup Loader;Real time Backup Loader;c:\program files\NovaStor\NovaStor NovaBACKUP\DR\FsLoader.exe [04/03/2009 14:31 90112]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 14:41 92008]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:28 1021256]

S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [22/05/2009 04:23 598856]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - SJYPKT

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2009-11-29 c:\windows\Tasks\Automatic troubleshooting.job

- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 15:35]

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003Core.job

- c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 18:57]

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003UA.job

- c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 18:57]

.

2011-03-14 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]

.

2011-03-15 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-06 17:08]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: microsoft.com\www.update

FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\thqv6y6g.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-24 19:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Hi screen sorry about the delay i came out opf hospityal yesterdaY

i am still unable to boot into safemode i recently tried tdss killer kapersky, and it found a locked suspisious file sptd.sys, i rmeoved the file, but then realsied it was installed with alcohol 120% burning program so i reinstaled sptd driver

when i try and load into safemode, its loads up you see the files (white text) ands it gets to dcsnap.sys and hangs and (undernetath, it says press space to cancel loadin sptd driver)

by pressing space bart or not i simply cannot boot into safemode, my safemode was working fine before the virus

I have done the eset log here are the results

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=f8d7b4000c52cb4487d0e6555388fde5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-04-29 09:11:23

# local_time=2011-04-29 10:11:23 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=3589 16777189 100 86 20698 67469309 0 0

# compatibility_mode=8192 67108863 100 0 3073766 3073766 0 0

# scanned=563361

# found=4

# cleaned=4

# scan_time=10469

C:\Documents and Settings\Craig\Desktop\Karaoke Software + plugins\BEST_KARAOKE_PROGRAMS_+CRACKS\Latshaw Systems Song List Generator v3.5..2\Crack\Song List Generator.exe Win32/TrojanDownloader.Agent.QCL trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Craig\Desktop\Karaoke Software + plugins\BEST_KARAOKE_PROGRAMS_+CRACKS\Latshaw.Systems.Karma.v2010.1.28.0-Lz0\Karma.exe Win32/TrojanDownloader.Agent.QCL trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Craig\Desktop\Karaoke Software + plugins\BEST_KARAOKE_PROGRAMS_+CRACKS\Latshaw.Systems.Karma.v2010.1.28.0-Lz0\Crack\Karma.exe Win32/TrojanDownloader.Agent.QCL trojan (deleted - quarantined) 00000000000000000000000000000000 C

Q:\FROM D DRIVE (QUADCORE 19.01.09)\Veritas Backup Exec v10\Veritas.Backup.Exec.v10.keygen\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Securit Check Report

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Norton 360

iolo technologies' Search and Recover

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

TuneUp Utilities 2011

CCleaner

Duplicate Cleaner 1.4.3

Duplicate File Cleaner v2.6

Java 6 Update 24

Adobe Flash Player 10.2.152.32

Adobe Reader 9.4.3

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.12) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Thanks again screen, really appreciate your help mate!

Link to post
Share on other sites

  • Staff

Hi,

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Link to post
Share on other sites

Hi screen here is the new log, Thankyou again for your help

Combofix

COMBO FIXLOG

ComboFix 11-05-09.02 - Craig 10/05/2011 5:44.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1821 [GMT 1:00]

Running from: c:\documents and settings\Craig\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\stu2.exe

c:\windows\system32\winlogon.bak

.

.

((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))

.

.

2011-05-10 03:52 . 2011-05-10 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaAccount

2011-05-09 20:47 . 2011-05-09 20:47 -------- d-----w- c:\program files\PC Connectivity Solution

2011-05-06 17:36 . 2011-05-06 17:55 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-04 05:56 . 2011-05-04 05:56 -------- d-----w- C:\temp

2011-05-04 05:15 . 2011-05-06 17:17 -------- d-----w- c:\program files\JDownloader

2011-05-02 03:14 . 2011-05-03 19:20 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\NPE

2011-05-02 01:24 . 2011-05-02 09:53 -------- d-----w- C:\NBRT

2011-04-30 01:53 . 2011-04-30 01:53 -------- d-----w- c:\documents and settings\Craig\Application Data\Uniblue

2011-04-30 01:52 . 2011-04-30 01:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-04-30 01:52 . 2011-04-30 01:52 -------- d-----w- c:\program files\Uniblue

2011-04-30 01:52 . 2011-04-30 01:52 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\PackageAware

2011-04-30 00:40 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-04-30 00:40 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-04-30 00:40 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-04-30 00:40 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-04-30 00:40 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-04-30 00:40 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-04-30 00:40 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-04-30 00:40 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-04-29 10:45 . 2011-04-29 10:45 -------- d-----w- c:\documents and settings\Craig\Application Data\Canneverbe Limited

2011-04-29 10:45 . 2011-04-29 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2011-04-27 19:25 . 2008-04-13 17:40 96512 ----a-w- c:\windows\system32\drivers\atapi_TM.sys

2011-04-27 19:21 . 2011-04-27 19:21 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-04-21 17:40 . 2011-04-21 17:40 -------- d-----w- c:\program files\Sophos

2011-04-21 06:35 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-04-21 06:35 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-04-21 06:35 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-04-21 06:35 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-04-21 06:35 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-04-21 06:35 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2011-04-21 06:35 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-04-21 06:35 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-04-21 06:35 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-04-21 06:35 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2011-04-21 06:33 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-04-21 06:32 . 2001-08-17 21:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll

2011-04-21 06:31 . 2004-08-03 21:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2011-04-21 06:30 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-04-21 06:29 . 2001-08-17 21:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll

2011-04-21 06:28 . 2008-04-13 17:40 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys

2011-04-21 06:27 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-04-21 06:26 . 2008-04-13 17:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys

2011-04-21 06:26 . 2008-04-13 17:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys

2011-04-21 06:26 . 2001-08-17 13:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll

2011-04-21 06:26 . 2001-08-17 11:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys

2011-04-21 06:26 . 2001-08-17 13:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys

2011-04-21 06:26 . 2001-08-17 12:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys

2011-04-21 06:26 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-04-20 11:00 . 2011-03-04 16:32 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-04-20 11:00 . 2011-03-04 16:28 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2011-04-20 11:00 . 2011-04-20 11:05 -------- d-----w- c:\program files\TuneUp Utilities 2011

2011-04-20 10:59 . 2011-04-20 10:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-04-18 19:52 . 2011-02-23 15:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-04-18 19:52 . 2011-02-23 16:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-04-18 03:47 . 2011-04-18 03:47 -------- d-----w- c:\program files\Common Files\Java

2011-04-18 03:46 . 2011-02-02 20:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-04-18 03:46 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 00:49 . 2011-04-13 00:49 -------- d-----w- c:\documents and settings\Craig\Application Data\JAM Software

2011-04-13 00:48 . 2011-04-13 00:48 -------- d-----w- c:\program files\JAM Software

2011-04-12 21:25 . 2011-04-12 21:25 -------- d-----w- c:\windows\system32\winrm

2011-04-12 21:25 . 2011-04-12 21:25 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-04-12 21:24 . 2011-04-12 21:24 -------- d-----w- c:\windows\system32\DRM

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-26 22:34 . 2010-11-09 00:19 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-03-07 05:33 . 2009-02-20 01:10 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2007-09-20 04:59 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2007-09-20 04:49 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:27 . 2007-09-20 04:59 919552 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:27 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:27 . 2007-09-20 04:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-18 12:08 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2007-09-20 04:33 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2007-09-20 04:34 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-04-21 13:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-16 20:06 . 2011-02-16 20:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-02-16 20:06 . 2011-02-16 20:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-02-15 12:56 . 2004-08-03 23:56 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2004-08-03 23:56 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-03 23:56 186880 ----a-w- c:\windows\system32\encdec.dll

2011-04-14 16:26 . 2011-04-30 00:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-09 2423752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]

"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]

"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-09-08 3850752]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-2-20 995328]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

"Window Washer"=c:\program files\Webroot\Washer\wwDisp.exe

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe"

"HDDHealth"=c:\program files\HDD Health\HDDHealth.exe -wl

"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent

"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -RESTART

"Eraser RiskMonitor"="c:\program files\East-Tec Eraser 2009\Launch.exe" "c:\program files\East-Tec Eraser 2009\etRiskMon.exe"

"East-Tec Backup 2009"="c:\program files\East-Tec Backup\etBackup.exe" /startup

"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

"Google Update"="c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

"Mega Manager"=c:\program files\Megaupload\Mega Manager\MegaManager.exe /Tray

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe"

"WinampAgent"="c:\program files\Winamp\winampa.exe"

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Ashampoo HDD Control Guard"=c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe

"VxTaskbarMgr"=c:\program files\VERITAS\VxUpdate\VxTaskbarMgr.exe

"CorelGadget"=Rundll32.exe "c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll",LaunchGadget

"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" -START

"USBToolTip"=c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

"ASUS Update Checker"=c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

"ESDRWSTT"=c:\program files\wGXe SOFTWARE\wGXe Data Recovery Professional\esdrwstt.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\VERITAS\\Backup Exec\\NT\\beremote.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [18/04/2011 20:52 13496]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [23/02/2011 21:12 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [23/02/2011 21:12 173104]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [19/01/2010 19:20 911680]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [04/01/2010 06:50 11448]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [30/04/2011 01:44 802936]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [23/02/2011 21:12 501888]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]

R1 sonysdx-VRTS;sonysdx-VRTS;c:\windows\system32\drivers\sonysdx.sys [01/11/2009 04:17 36936]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [23/02/2011 21:12 116784]

R1 TSKNF900.SYS;TSKNF900.SYS;c:\windows\system32\drivers\Tsknf900.sys [31/12/2009 21:00 17672]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/03/2011 03:37 363344]

R2 MSSQL$BKUPEXEC;MSSQL$BKUPEXEC;c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC --> c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -sBKUPEXEC [?]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [23/02/2011 21:12 126392]

R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [31/12/2009 21:55 1170304]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [04/05/2011 10:01 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110506.001\IDSXpx86.sys [07/05/2011 01:26 341944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/03/2011 03:37 20952]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [21/12/2009 15:34 27168]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [20/02/2009 03:00 332928]

R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [20/02/2009 04:47 13532]

S1 efbDisk;efbDisk; [x]

S1 s32ait;s32ait;c:\windows\system32\drivers\s32ait.sys [31/08/2004 12:58 14208]

S1 SCSIChanger;SCSIChanger;c:\windows\system32\drivers\SCSICHNG.SYS [18/09/2003 20:23 16136]

S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [19/01/2010 19:21 160288]

S3 CW100;CW100 Device;c:\windows\system32\drivers\CW100.sys [16/09/2009 16:11 24092]

S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [01/11/2009 02:05 410976]

S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [21/12/2009 15:34 27168]

S3 SQLAgent$BKUPEXEC;SQLAgent$BKUPEXEC;c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC --> c:\program files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -i BKUPEXEC [?]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/02/2011 10:22 10064]

S3 W;W; [x]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 00:56 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [19/01/2010 19:21 2480048]

S4 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\MATCO\BuzzSawService.exe [23/07/2007 12:27 327680]

S4 EraserSvc10923;Symantec Eraser Service; [x]

S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [04/03/2009 16:15 712048]

S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [04/03/2009 16:15 712048]

S4 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904]

S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [04/03/2011 17:30 1523008]

S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [22/05/2009 05:23 598856]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - SJYPKT

*Deregistered* - klmd25

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

WINRM REG_MULTI_SZ WINRM

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003Core.job

- c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 18:57]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-1801674531-1003UA.job

- c:\documents and settings\Craig\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 18:57]

.

2011-04-20 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]

.

2011-05-10 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]

.

2011-04-05 c:\windows\Tasks\SmartDefrag_Startup.job

- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-24 16:29]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: microsoft.com\www.update

FF - ProfilePath - c:\documents and settings\Craig\Application Data\Mozilla\Firefox\Profiles\thqv6y6g.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-10 05:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi mate

here are the results

SECURITY CHECK LOG

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Norton 360

iolo technologies' Search and Recover

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

TuneUp Utilities 2011

CCleaner

Duplicate Cleaner 1.4.3

Duplicate File Cleaner v2.6

Java

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the extended delay.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

Hi screen i have done as requested thankyou

however i still cannot boot into safe mode it haults at jgogo.sys

i can not get past that point when trying to boot into safe mode, however windows boots normally

Howerver, i have just had another explorer.exe crash

Here is the log

AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: unknown

ModVer: 0.0.0.0 Offset: 09a89cf4

Any help would be appreciated mate

Link to post
Share on other sites

  • Staff

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    jgogo.sys
    :regfind
    jgogo


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.