Saved Bookmarks
| 1. |
Solve : No virus but Combo log attached just in case? |
|
Answer» No panic. S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-03-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-1035525444-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . 2011-06-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-1035525444-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . 2011-06-15 c:\windows\Tasks\User_Feed_Synchronization-{12FB04A5-A76E-4C86-A1A2-0A1F5DA00FA1}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://portail.free.fr/ Trusted Zone: dailymail.co.uk\www Trusted Zone: telegraph.co.uk\puzzles TCP: DhcpNameServer = 212.27.40.240 212.27.40.241 . - - - - ORPHANS REMOVED - - - - . Notify-SDWinLogon - SDWinLogon.dll MSConfigStartUp-00PCTFW - c:\program files\PC Tools Firewall Plus\FirewallGUI.exe MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe MSConfigStartUp-Startup Manager - c:\program files\Advanced System Optimizer\startUp manager.exe MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-15 17:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @DACL=(02 0000) @="Microsoft Disk Quota" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=expand:"dskquota.dll" "ProcessGroupPolicy"="ProcessGroupPolicy" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] @DACL=(02 0000) @="Internet Explorer Zonemapping" "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll" "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap" "NoGPOListChanges"=dword:00000001 "RequiresSucessfulRegistry"=dword:00000001 "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}] @DACL=(02 0000) @="Internet Explorer User Accelerators" "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] @DACL=(02 0000) "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO" "GenerateGroupPolicy"="SceGenerateGroupPolicy" "ExtensionRsopPlanningDebugLevel"=dword:00000001 "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx" "ExtensionDebugLevel"=dword:00000001 "DllName"=expand:"scecli.dll" @="Security" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] @DACL=(02 0000) "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll" @="Internet Explorer Branding" "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoMachinePolicy"=dword:00000001 "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] @DACL=(02 0000) "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO" "DllName"=expand:"scecli.dll" @="EFS recovery" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] @DACL=(02 0000) @="802.3 Group Policy" "DisplayName"=expand:"@dot3gpclnt.dll,-100" "ProcessGroupPolicyEx"="ProcessLANPolicyEx" "GenerateGroupPolicy"="GenerateLANPolicy" "DllName"=expand:"dot3gpclnt.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] @DACL=(02 0000) @="Microsoft Offline Files" "DllName"=expand:"%SystemRoot%\\System32\\cscui.dll" "EnableAsynchronousProcessing"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000000 "NoUserPolicy"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="ProcessGroupPolicy" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] @DACL=(02 0000) @="Software Installation" "DllName"=expand:"appmgmts.dll" "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "NoBackgroundPolicy"=dword:00000000 "RequiresSucessfulRegistry"=dword:00000000 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] @DACL=(02 0000) @="Internet Explorer Machine Accelerators" "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] @DACL=(02 0000) "DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL" "Logon"="SABWINLOLogon" "Logoff"="SABWINLOLogoff" "Startup"="SABWINLOStartup" "Shutdown"="SABWINLOShutdown" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] @DACL=(02 0000) "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] @DACL=(02 0000) "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=expand:"crypt32.dll" "Logoff"="ChainWlxLogoffEvent" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] @DACL=(02 0000) "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=expand:"cryptnet.dll" "Logoff"="CryptnetWlxLogoffEvent" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] @DACL=(02 0000) "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] @DACL=(02 0000) "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] @DACL=(02 0000) "Asynchronous"=dword:00000000 "DllName"=expand:"wlnotify.dll" "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] @DACL=(02 0000) "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=expand:"sclgntfy.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] @DACL=(02 0000) "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] @DACL=(02 0000) "Asynchronous"=dword:00000000 "DllName"=expand:"wlnotify.dll" "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] @DACL=(02 0000) "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEven t" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList] @DACL=(02 0000) "HelpAssistant"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 . Completion time: 2011-06-15 17:47:46 ComboFix-quarantined-files.txt 2011-06-15 15:47 . Pre-Run: 36,801,867,776 bytes free Post-Run: 36,803,469,312 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 2FA1A556B7F7212176187E13F8EAD57DHello and welcome to Computer HOPE Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine. 2. The fixes are specific to your problem and should only be used for this issue on this machine. 3. If you don't know or understand something, PLEASE don't hesitate to ask. 4. Please DO NOT run any other tools or scans while I am helping you. 5. It is important that you reply to this thread. Do not start a new topic. 6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. 7. Absence of symptoms does not mean that everything is clear. If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. ****************************************************** First of all, you have two AV programs running on your computer which is a no-no. Either avast! Antivirus or AV: Microsoft Security Essentials will have to be disabled/uninstalled. I would stick with MSE, if I were you. Re-running ComboFix to remove infections:
SUPERAntiSpyware If you already have SUPERAntiSpyware be sure to check for updates before scanning! Download SuperAntispyware Free Edition (SAS) * Double-click the icon on your desktop to run the installer. * When asked to Update the program definitions, click Yes * If you encounter any problems while downloading the updates, manually download and unzip them from here * Next click the Preferences button. •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts * Click the Scanning Control tab. * Under Scanner Options make sure only the following are checked: •Close browsers before scanning •Scan for tracking cookies •Terminate memory threats before quarantining •Please leave the others unchecked •Click the Close button to leave the control center screen. * On the main screen click Scan your computer * On the left check the box for the drive you are scanning. * On the right choose Perform Complete Scan * Click Next to start the scan. Please be patient while it scans your computer. * After the scan is complete a summary box will appear. Click OK * Make sure everything in the white box has a check next to it, then click Next * It will quarantine what it found and if it asks if you want to reboot, click Yes •To retrieve the removal information please do the following: •After reboot, double-click the SUPERAntiSpyware icon on your desktop. •Click Preferences. Click the Statistics/Logs tab. •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. •It will open in your default text editor (preferably Notepad). •Save the notepad file to your desktop by clicking (in notepad) File > Save As... * Save the log somewhere you can easily find it. (normally the desktop) * Click close and close again to exit the program. *Copy and Paste the log in your post. ********************************************* Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ********************************************************* Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copying and pasting it into the reply.Thank you SD. Can l just point out that l did have MSE and AVG Firewall but these were both removed. They are no longer in msconfig, don't appear in task manager, and l have reoved all folders. Can't see why Combofix is still highlighting these?? Anyway, logs requested are as follows - SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/16/2011 at 03:29 PM Application Version : 4.54.1000 Core Rules Database Version : 7274 Trace Rules Database Version: 5086 Scan type : Complete Scan Total Scan Time : 00:17:21 Memory items scanned : 378 Memory threats detected : 0 Registry items scanned : 5460 Registry threats detected : 0 File items scanned : 36531 File threats detected : 32 Adware.Tracking Cookie C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt C:\Documents and Settings\briann\Cookies\[emailprotected][1].txt C:\Documents and Settings\briann\Cookies\[emailprotected][2].txt Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6870 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 16/06/2011 15:42:25 mbam-log-2011-06-16 (15-42-25).txt Scan type: Full scan (C:\|) Objects scanned: 182958 Time elapsed: 6 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by briann at 15:43:53 on 2011-06-16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3327.2582 [GMT 2:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: AVG Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://portail.free.fr/ mURLSearchHooks: H - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SunJavaUpdateSched] c:\program files\common files\java\java update\jusched.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 212.27.40.241 212.27.40.240 TCP: Interfaces\{381EBDF8-7D99-4A61-A37E-CDBB7702D333} : DhcpNameServer = 212.27.40.241 212.27.40.240 Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-5-8 752128] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-6 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-6 307928] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-5-8 3246040] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-6 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-6 42184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-6 366640] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-5-8 167968] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-6 22712] S1 MpKsl27aa9cbe;MpKsl27aa9cbe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cbe358e-fb9e-42b0-91c3-0ed11a46499b}\mpksl27aa9cbe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cbe358e-fb9e-42b0-91c3-0ed11a46499b}\MpKsl27aa9cbe.sys [?] S1 MpKsl4965f692;MpKsl4965f692;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b94c2a1f-2a70-45b2-8bdb-24a63750906f}\mpksl4965f692.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b94c2a1f-2a70-45b2-8bdb-24a63750906f}\MpKsl4965f692.sys [?] S1 MpKsl82abaab5;MpKsl82abaab5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f553cfb7-36b1-404e-8dc1-3f6e5d6a268a}\mpksl82abaab5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f553cfb7-36b1-404e-8dc1-3f6e5d6a268a}\MpKsl82abaab5.sys [?] S1 MpKsla6a28098;MpKsla6a28098;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e3544fd3-0e42-4b6d-875f-784ae3705a58}\MpKsla6a28098.sys [2011-3-30 28752] S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-11-21 8192] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-6 1684736] S3 appliandMP;appliandMP; S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?] . =============== Created Last 30 ================ . 2011-06-16 12:55:4098816----a-w-c:\windows\sed.exe 2011-06-16 12:55:40518144----a-w-c:\windows\SWREG.exe 2011-06-16 12:55:40256512----a-w-c:\windows\PEV.exe 2011-06-16 12:55:40208896----a-w-c:\windows\MBR.exe 2011-06-16 12:47:43--------d-----w-c:\documents and settings\briann\application data\SUPERAntiSpyware.com 2011-06-16 12:47:43--------d-----w-c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-06-16 12:47:38--------d-----w-c:\program files\SUPERAntiSpyware 2011-06-16 00:24:22--------d-----w-c:\windows\SxsCaPendDel 2011-06-15 15:40:33--------d-sha-r-C:\cmdcons 2011-06-12 22:56:56--------d-----w-c:\documents and settings\all users\application data\IObit 2011-06-12 22:55:18--------d-----w-c:\documents and settings\briann\application data\IObit 2011-06-11 06:05:25404640----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-07 17:44:03--------d-----w-c:\documents and settings\briann\application data\Rovio 2011-06-06 09:22:19441176----a-w-c:\windows\system32\drivers\aswSnx.sys 2011-06-06 09:22:1340112----a-w-c:\windows\avastSS.scr 2011-06-06 09:22:08--------d-----w-c:\program files\AVAST Software 2011-06-05 21:48:22--------d-----w-c:\documents and settings\briann\application data\A0261641-01B1-467E-9DE5-2FFFBF73C059 2011-06-02 19:00:56--------d--h--w-c:\documents and settings\all users\application data\Common Files 2011-06-02 18:48:00--------d-----w-c:\documents and settings\all users\application data\MFAData 2011-05-29 17:25:52--------d-----w-C:\DVDVideoSoft 2011-05-19 15:46:51--------d-----w-c:\windows\system32\wbem\repository\FS 2011-05-19 15:46:51--------d-----w-c:\windows\system32\wbem\Repository . ==================== Find3M ==================== . 2011-06-05 21:48:22167968----a-w-c:\windows\system32\drivers\afcdp.sys 2011-06-05 21:48:19752128----a-w-c:\windows\system32\drivers\tdrpm273.sys 2011-06-05 21:48:18600928----a-w-c:\windows\system32\drivers\timntr.sys 2011-05-29 07:11:3039984----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11:2022712----a-w-c:\windows\system32\drivers\mbam.sys 2011-05-08 21:19:24170528----a-w-c:\windows\system32\drivers\snapman.sys 2011-05-02 15:31:52692736----a-w-c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43456320----a-w-c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12916480----a-w-c:\windows\system32\wininet.dll 2011-04-25 16:11:1143520----a-w-c:\windows\system32\licmgr10.dll 2011-04-25 16:11:111469440------w-c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22385024----a-w-c:\windows\system32\html.iec 2011-04-21 13:37:43105472----a-w-c:\windows\system32\drivers\mup.sys . ============= FINISH: 15:45:53.62 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-12.02) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 07/10/2010 07:12:24 System Uptime: 16/06/2011 15:00:58 (0 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 760GM -E51 (MS-7596) Processor: AMD Sempron(tm) 140 Processor | CPU1 | 3105/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 49 GiB total, 33.387 GiB free. D: is FIXED (NTFS) - 466 GiB total, 441.431 GiB free. E: is CDROM () F: is FIXED (NTFS) - 416 GiB total, 310.061 GiB free. G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 16/06/2011 14:55:43 - System Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer AcronisTrueImageHome 2011 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Any Video Converter 3.2.3 ATI - Software Uninstall Utility ATI AVIVO Codecs ATI Catalyst Control Center ATI Display Driver Auslogics Registry Cleaner avast! Free Antivirus BufferChm Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Localization All ccc-core-preinstall ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner ConvertXtoDVD 3.4.7.121 Copy CustomerResearchQFolder DC++ 0.689 DeepBurner v1.9.0.228 Defraggler Destination Component Device drivers for Simple Backup DeviceDiscovery DeviceManagementQFolder DJ_AIO_03_F2200_ProductContext DJ_AIO_03_F2200_Software DJ_AIO_03_F2200_Software_Min DocProc DocProcQFolder EasyCleaner eSupportQFolder F2200 F2200_Help Foxit Reader Free Video Dub version 1.8 GPBaseService High Definition Audio Driver Package - KB835221 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) HP Customer Participation Program 10.0 HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 HP Imaging Device Functions 10.0 HP Smart Web Printing HP Solution Center 10.0 HPDiagnosticAlert HPPhotoSmartDiscLabelContent1 HPProductAssistant HPSSupply ImgBurn Java Auto Updater Java(TM) 6 Update 24 K-Lite Codec Pack 4.7.5 (Full) Malwarebytes' Anti-Malware version 1.51.0.1200 MarketResearch MFC RunTime files Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Office 97, Professional Edition Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MiPony 1.3.0 MozBackup 1.4.10 Mozilla Thunderbird (3.1.10) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OCR Software by I.R.I.S. 10.0 PartitionMagic PCI Audio Driver Picture Collage Maker PowerQuest PartitionMagic 8.0 PSSWCORE RealPlayer REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver RealUpgrade 1.0 Recuva Replay Media Catcher 4 Replay Music Scan Screen Capturer Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2183461) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shop for HP Supplies Skins SmartWebPrintingOC SolutionCenter Speccy Spotify SpywareBlaster 4.4 Status SUPERAntiSpyware SureThing CD Labeler Deluxe TeamViewer 6 Toolbox TrayApp Ultra Video Joiner 4.7.1127 Uninstall 1.0.0.1 UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2362765) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VideoToolkit01 WebFldrs XP WebReg Windows Internet Explorer 8 Windows PowerShell(TM) 1.0 WinRAR archiver WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 16/06/2011 14:56:56, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). 16/06/2011 14:56:56, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 15/06/2011 23:14:51, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 14/06/2011 23:21:05, error: Dhcp [1002] - The IP address lease 82.248.195.76 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.248.195.254 (The DHCP Server sent a DHCPNACK message). 13/06/2011 23:20:34, error: Dhcp [1002] - The IP address lease 83.159.15.236 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 83.159.15.254 (The DHCP Server sent a DHCPNACK message). 12/06/2011 23:20:51, error: Dhcp [1002] - The IP address lease 82.251.231.98 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.251.231.254 (The DHCP Server sent a DHCPNACK message). 12/06/2011 08:00:41, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 12/06/2011 01:14:11, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 12/06/2011 01:14:11, error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). 12/06/2011 00:13:16, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal. 12/06/2011 00:13:16, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal. 11/06/2011 23:20:27, error: Dhcp [1002] - The IP address lease 82.64.79.130 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.64.79.254 (The DHCP Server sent a DHCPNACK message). 10/06/2011 23:20:25, error: Dhcp [1002] - The IP address lease 82.253.220.111 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.253.220.254 (The DHCP Server sent a DHCPNACK message). 09/06/2011 23:20:01, error: Dhcp [1002] - The IP address lease 82.64.209.201 for the Network Card with network address 406186C9E263 has been denied by the DHCP server 82.64.209.254 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance. Auslogics Registry Cleaner There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry. For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great. Further reading: XP Fixes Myth #1: Registry Cleaners ****************************************************** Download Security Check by screen317 from one of the following links and save it to your desktop. Link 1 Link 2 * Unzip SecurityCheck.zip and a folder named Security Check should appear. * Open the Security Check folder and double-click Security Check.bat * Follow the on-screen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt * Post the contents of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so. ***************************************************** SysProt Antirootkit Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop.
Results of screen317's Security Check version 0.99.13 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Auslogics Registry Cleaner EasyCleaner Java(TM) 6 Update 24 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.1.102.64 Mozilla Thunderbird (3.1.10) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe ``````````End of Log```````````` SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: A8507000 Module End: A851F000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: BA644000 Module End: BA646000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwAddBootEntry Address: A8622202 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwAllocateVirtualMemory Address: A8688CB2 Driver Base: A867F000 Driver End: A86C9000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwClose Address: A86466C1 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwCreateEvent Address: A862481C Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwCreateEventPair Address: A8624874 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwCreateIoCompletion Address: A862498A Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwCreateKey Address: A8646075 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwCreateMutant Address: A8624772 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwCreateSection Address: A86248C4 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwCreateSemaphore Address: A86247C6 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwCreateTimer Address: A8624938 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwDeleteBootEntry Address: A8622226 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwDeleteKey Address: A8646D87 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwDeleteValueKey Address: A864703D Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwDuplicateObject Address: A8624C0E Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwEnumerateKey Address: A8646BF2 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwEnumerateValueKey Address: A8646A5D Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwFreeVirtualMemory Address: A8688D62 Driver Base: A867F000 Driver End: A86C9000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwLoadDriver Address: A8621FF0 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwModifyBootEntry Address: A862224A Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwNotifyChangeKey Address: A8624D82 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwNotifyChangeMultipleKeys Address: A8622CDA Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenEvent Address: A862484C Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenEventPair Address: A862489C Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenIoCompletion Address: A86249B4 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenKey Address: A86463D1 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenMutant Address: A862479E Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenProcess Address: A8624A46 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenSection Address: A8624904 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenSemaphore Address: A86247F4 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenThread Address: A8624B2A Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwOpenTimer Address: A8624962 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwProtectVirtualMemory Address: A8688DFA Driver Base: A867F000 Driver End: A86C9000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwQueryKey Address: A86468D8 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwQueryObject Address: A8622BA0 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwQueryValueKey Address: A864672A Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwRenameKey Address: A8691E48 Driver Base: A867F000 Driver End: A86C9000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwRestoreKey Address: A86456E8 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwSetBootEntryOrder Address: A862226E Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwSetBootOptions Address: A8622292 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwSetSystemInformation Address: A862204A Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwSetSystemPowerState Address: A8622186 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwSetValueKey Address: A8646E8E Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwShutdownSystem Address: A8622162 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwSystemDebugControl Address: A86221AA Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS Function Name: ZwVdmControl Address: A86222B6 Driver Base: A860F000 Driver End: A867F000 Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS ****************************************************************************************** ****************************************************************************************** Kernel Hooks: Hooked Function: ZwCreateProcessEx At Address: 805C74CC Jump To: A869E906 Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ZwClose At Address: 805B1DB4 Jump To: A869A2BE Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: PsCreateSystemThread At Address: 805C74CC Jump To: A869E906 Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ObMakeTemporaryObject At Address: 805B1DB4 Jump To: A869A2BE Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ObInsertObject At Address: 805B8C2C Jump To: A869BD5C Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ObCloseHandle At Address: 805B1DB4 Jump To: A869A2BE Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Qoobox\BackEnv\AppData.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Cache.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\History.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Music.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Personal.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Programs.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Recent.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SetPath.bat Status: Access denied Object: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SysPath.dat Status: Access denied Object: C:\Qoobox\BackEnv\Templates.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\VikPev00 Status: Access denied Update Your Java (JRE) Old versions of Java have vulnerabilities that malware can use to infect your system. First Verify your Java Version If there are any other version(s) installed then update now. Get the new version (if needed) If your version is out of date install the newest version of the Sun Java Runtime Environment. Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close ALL open web browsers before starting the installation. Remove any old versions 1. Download JavaRa and unzip the file to your Desktop. 2. Open JavaRA.exe and choose Remove Older Versions 3. Once complete exit JavaRA. Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer. ************************************************* Please download the newest version of Adobe Acrobat Reader from Adobe.com Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs. Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them. Once old versions are gone, please install the newest version. **************************************************** I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Sorry SD, GOT tied up. All programs now up to date and ESET log is as follows. [emailprotected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6526 # api_version=3.0.2 # EOSSerial=7e0d20dfcc64494e9c93b2f68bdcb13f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-18 01:16:55 # local_time=2011-06-18 03:16:55 (+0100, W. Europe Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 21872299 21872299 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=39631 # found=0 # cleaned=0 # scan_time=1473That looks good. If there are no other issues, let's do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. *********************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Have now followed all instructions. Thanks very much for all your help SD. RegardsYou're welcome. I will lock this thread. If you need it reopened, please send me a pm. |
|