Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Xenomorph on January 31, 2012, 03:59:09 PM
-
I cannot update some programs or download new ones the files are often corrupt is this a malware problem.
I am having similar problems on my laptop.
Here are my DDS logs
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Terry and Tracey at 22:31:19 on 2012-01-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1280 [GMT 0:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.orange.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZon0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZon0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZon0.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\terry and tracey\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\terrya~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{558797C7-2882-4B3E-AC48-2246A71EABD0} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\terry and tracey\application data\mozilla\firefox\profiles\ewiaxwx3.default\
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-14 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-21 327256]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-7 228208]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-22 525840]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-9-5 722616]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-5 2214504]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-7-25 36744]
S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-31 40776]
S1 RapportEI;RapportEI;\??\c:\program files\trusteer\rapport\bin\rapportei.sys --> c:\program files\trusteer\rapport\bin\RapportEI.sys [?]
S1 RapportPG;RapportPG;\??\c:\program files\trusteer\rapport\bin\rapportpg.sys --> c:\program files\trusteer\rapport\bin\RapportPG.sys [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\msi\live update 5\msibios32_100507.sys --> c:\program files\msi\live update 5\msibios32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\msi\live update 5\ntiolib.sys --> c:\program files\msi\live update 5\NTIOLib.sys [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-01-31 16:12:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-23 23:08:13 -------- d-----w- c:\documents and settings\terry and tracey\local settings\application data\Mozilla
2012-01-22 22:39:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-22 22:39:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-22 21:59:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 12:23:32 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-12-12 02:35:20 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-12-12 02:35:02 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-12-12 01:52:12 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2009-02-10 18:07:34 18734784 ----a-w- c:\program files\Realtek sound driver.exe
2009-01-16 17:35:59 17133432 ----a-w- c:\program files\SystemMechanic.exe
.
============= FINISH: 22:32:39.90 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 04/09/2011 17:28:45
System Uptime: 31/01/2012 13:17:49 (9 hours ago)
.
Motherboard: | | MS-7030
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2210/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 192.455 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_03001462&REV_A1\3&13C0B0C5&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_03001462&REV_A1\3&13C0B0C5&0&09
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Microsoft® LifeCam Show(TM)
Device ID: USB\VID_045E&PID_0729\5&1DF00124&0&8
Manufacturer:
Name: Microsoft® LifeCam Show(TM)
PNP Device ID: USB\VID_045E&PID_0729\5&1DF00124&0&8
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_00DF&SUBSYS_03001462&REV_A2\3&13C0B0C5&0&28
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_00DF&SUBSYS_03001462&REV_A2\3&13C0B0C5&0&28
Service:
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 536EP Modem
Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&3191A3E6&0&4070
Manufacturer: Intel Corporation
Name: Intel(R) 536EP Modem
PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&3191A3E6&0&4070
Service: Modem
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\66819310DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\66819310DC00
Service: NIC1394
.
==== System Restore Points ===================
.
RP62: 03/11/2011 12:59:49 - System Checkpoint
RP63: 04/11/2011 14:08:47 - System Checkpoint
RP64: 05/11/2011 14:11:07 - Installed Windows Media Player 11
RP65: 05/11/2011 14:13:12 - Software Distribution Service 3.0
RP66: 06/11/2011 03:00:17 - Software Distribution Service 3.0
RP67: 07/11/2011 01:10:26 - Software Distribution Service 3.0
RP68: 08/11/2011 10:59:48 - System Checkpoint
RP69: 09/11/2011 12:01:04 - System Checkpoint
RP70: 10/11/2011 03:00:26 - Software Distribution Service 3.0
RP71: 11/11/2011 14:32:58 - Software Distribution Service 3.0
RP72: 13/11/2011 01:57:53 - System Checkpoint
RP73: 14/11/2011 09:46:28 - System Checkpoint
RP74: 15/11/2011 11:13:54 - System Checkpoint
RP75: 16/11/2011 12:22:22 - System Checkpoint
RP76: 17/11/2011 18:08:23 - System Checkpoint
RP77: 18/11/2011 18:14:36 - System Checkpoint
RP78: 19/11/2011 18:45:06 - System Checkpoint
RP79: 20/11/2011 22:55:05 - System Checkpoint
RP80: 22/11/2011 13:05:09 - System Checkpoint
RP81: 23/11/2011 14:14:55 - System Checkpoint
RP82: 24/11/2011 16:02:15 - System Checkpoint
RP83: 25/11/2011 17:05:17 - System Checkpoint
RP84: 26/11/2011 18:23:06 - System Checkpoint
RP85: 27/11/2011 19:12:39 - System Checkpoint
RP86: 28/11/2011 20:50:26 - System Checkpoint
RP87: 29/11/2011 21:09:09 - System Checkpoint
RP88: 30/11/2011 22:02:45 - System Checkpoint
RP89: 01/12/2011 22:42:32 - System Checkpoint
RP90: 02/12/2011 22:59:53 - System Checkpoint
RP91: 03/12/2011 23:24:50 - System Checkpoint
RP92: 04/12/2011 22:34:23 - Installed Rapport
RP93: 05/12/2011 11:59:25 - Installed Rapport
RP94: 06/12/2011 12:24:18 - System Checkpoint
RP95: 07/12/2011 12:33:22 - System Checkpoint
RP96: 08/12/2011 14:11:23 - System Checkpoint
RP97: 09/12/2011 14:50:14 - System Checkpoint
RP98: 10/12/2011 15:37:27 - System Checkpoint
RP99: 11/12/2011 23:32:04 - System Checkpoint
RP100: 12/12/2011 23:39:55 - System Checkpoint
RP101: 14/12/2011 00:19:38 - System Checkpoint
RP102: 15/12/2011 01:26:32 - Software Distribution Service 3.0
RP103: 15/12/2011 04:57:56 - Installed Rapport
RP104: 15/12/2011 05:12:28 - Software Distribution Service 3.0
RP105: 16/12/2011 11:53:37 - System Checkpoint
RP106: 17/12/2011 13:15:19 - System Checkpoint
RP107: 18/12/2011 15:36:30 - System Checkpoint
RP108: 22/12/2011 14:18:26 - System Checkpoint
RP109: 23/12/2011 20:26:57 - Installed Windows Internet Explorer 8.
RP110: 24/12/2011 03:00:20 - Software Distribution Service 3.0
RP111: 25/12/2011 11:41:06 - System Checkpoint
RP112: 26/12/2011 12:01:18 - System Checkpoint
RP113: 27/12/2011 12:04:18 - System Checkpoint
RP114: 28/12/2011 12:14:15 - System Checkpoint
RP115: 29/12/2011 12:40:16 - System Checkpoint
RP116: 30/12/2011 13:10:26 - System Checkpoint
RP117: 31/12/2011 13:39:54 - System Checkpoint
RP118: 01/01/2012 13:49:43 - System Checkpoint
RP119: 02/01/2012 02:56:55 - Software Distribution Service 3.0
RP120: 03/01/2012 11:45:47 - System Checkpoint
RP121: 04/01/2012 03:00:22 - Software Distribution Service 3.0
RP122: 05/01/2012 10:56:32 - System Checkpoint
RP123: 06/01/2012 11:29:33 - System Checkpoint
RP124: 07/01/2012 12:35:28 - System Checkpoint
RP125: 08/01/2012 14:30:19 - System Checkpoint
RP126: 09/01/2012 14:40:08 - System Checkpoint
RP127: 10/01/2012 16:53:00 - System Checkpoint
RP128: 11/01/2012 15:31:09 - Software Distribution Service 3.0
RP129: 11/01/2012 19:40:55 - Software Distribution Service 3.0
RP130: 12/01/2012 02:08:51 - Software Distribution Service 3.0
RP131: 13/01/2012 09:32:07 - System Checkpoint
RP132: 14/01/2012 14:15:40 - System Checkpoint
RP133: 15/01/2012 14:35:01 - System Checkpoint
RP134: 16/01/2012 00:44:01 - Software Distribution Service 3.0
RP135: 17/01/2012 05:00:28 - Installed Rapport
RP136: 18/01/2012 12:28:43 - System Checkpoint
RP137: 19/01/2012 00:50:21 - Installed Rapport
RP138: 19/01/2012 22:48:49 - Installed Rapport
RP139: 20/01/2012 14:00:16 - Software Distribution Service 3.0
RP140: 21/01/2012 13:59:27 - Installed Rapport
RP141: 21/01/2012 14:40:41 - Installed Rapport
RP142: 22/01/2012 17:46:14 - Installed Rapport
RP143: 22/01/2012 22:38:22 - Installed Java(TM) 6 Update 30
RP144: 23/01/2012 21:18:01 - Removed Microsoft Office File Validation Add-In
RP145: 24/01/2012 23:08:38 - System Checkpoint
RP146: 25/01/2012 23:14:50 - System Checkpoint
RP147: 27/01/2012 13:05:53 - System Checkpoint
RP148: 28/01/2012 14:53:30 - System Checkpoint
RP149: 29/01/2012 15:20:36 - System Checkpoint
RP150: 30/01/2012 16:51:54 - System Checkpoint
RP151: 31/01/2012 21:17:10 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Bonjour
Canon CanoScan Toolbox 4.5
CopyFilenames 3.1
Everyday Bracelets
Google Chrome
Greeting Card Maker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
hp photosmart P1000 series
Intel(R) 536EP Modem
iolo technologies' System Mechanic
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.60.1.1000
Manual CanoScan 3200,3200F
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 7.0.1 (x86 en-US)
NETGEAR WG311v3 PCI Adapter
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA Update 1.3.5
NVIDIA Update Components
OmniPage SE 2.0
PENTAX USB DISK Device
QuickTime
Rapport
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 5.5
Spotify
SUPERAntiSpyware
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZoneAlarm Antivirus
ZoneAlarm DataLock
ZoneAlarm Extreme Security
ZoneAlarm Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
25/01/2012 03:19:19, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/01/2012 03:18:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Fips KLIF SASDIFSV SASKUTIL
.
==== End Of File ===========================
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Here are the requested logs.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/01/2012 at 01:37 AM
Application Version : 5.0.1142
Core Rules Database Version : 8186
Trace Rules Database Version: 5998
Scan type : Complete Scan
Total Scan Time : 01:07:28
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 24025
Registry threats detected : 0
File items scanned : 94717
File threats detected : 80
Adware.Tracking Cookie
C:\Documents and Settings\Terry and Tracey\Cookies\FTTDO42Z.txt [ /atdmt.com ]
C:\Documents and Settings\Terry and Tracey\Cookies\WHNMH2GO.txt [ /doubleclick.net ]
ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WYG4396L ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WYG4396L ]
ads.saymedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.essexdaysout.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.essexdaysout.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.essexdaysout.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.essexdaysout.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ukpubfinder.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ukpubfinder.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ukpubfinder.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\TERRY AND TRACEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.01.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Terry and Tracey :: MENACECAT [administrator]
01/02/2012 10:21:14
mbam-log-2012-02-01 (10-21-14).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 712775
Time elapsed: 2 hour(s), 34 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Extreme Security
ZoneAlarm DataLock
ZoneAlarm Security
iolo technologies' System Mechanic
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 30
Adobe Reader X (10.1.2)
Mozilla Firefox 7.0.1 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm MailFrontier mantispm.exe
iolo Common Lib ioloServiceManager.exe
``````````End of Log````````````
-
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
-
I am unable to run combofix, I am getting the error message
Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installerr's author to obtain a new copy.
More information at http//nsis.sf.net/NSIS_error.
I tried downloading on a different pc and renaming, it almost worked, then combofix offered an update which I said yes to then this error reappeared, now I can't get it to run at all.
-
Download a new version of ComboFix and run it from Safe Mode.
-
Before I saw your last reply I downloaded a copy on another pc and it is running now. It has been running for over 2 hours so far, it may be stuck on "completed stage 41".
-
Yep it stayed stuck on completed stage 41 for hours. So I restarted in safe mode, got this error message "CFScript Name Error Were you trying to run CFScript? The name CFScript appears to be incorrectly spelt" 2 or three times. Now it appears to be running OK.
-
Success at last
ComboFix 12-01-30.02 - Terry and Tracey 02/02/2012 22:43:33.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1765 [GMT 0:00]
Running from: G:\Link1.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-01 03:08 . 2012-02-01 03:09 -------- d-----w- c:\program files\CCleaner
2012-01-23 23:08 . 2012-01-23 23:08 -------- d-----w- c:\documents and settings\Terry and Tracey\Local Settings\Application Data\Mozilla
2012-01-22 22:39 . 2012-01-22 22:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-22 22:39 . 2012-01-22 22:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:12 . 2012-01-12 16:12 -------- d-----w- c:\documents and settings\Terry and Tracey\Application Data\ArcSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 21:59 . 2011-09-06 11:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 12:23 . 2011-12-14 12:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-12-12 02:35 . 2011-09-05 02:50 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-12-12 02:35 . 2011-09-05 02:50 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-12-12 01:52 . 2011-09-05 02:50 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-12-10 15:24 . 2011-09-05 21:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-08-29 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-08-29 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2002-08-29 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-08-29 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2009-02-10 18:07 . 2009-02-10 18:07 18734784 ----a-w- c:\program files\Realtek sound driver.exe
2009-01-16 17:35 . 2009-02-10 12:57 17133432 ----a-w- c:\program files\SystemMechanic.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
2011-05-09 09:49 176936 ----a-w- c:\program files\ZoneAlarm_Extreme_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-07-25 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Terry and Tracey\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Terry and Tracey\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [05/09/2011 02:50 722616]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [14/10/2010 16:08 11352]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [07/12/2011 17:01 228208]
S1 RapportEI;RapportEI;\??\c:\program files\Trusteer\Rapport\bin\RapportEI.sys --> c:\program files\Trusteer\Rapport\bin\RapportEI.sys [?]
S1 RapportPG;RapportPG;\??\c:\program files\Trusteer\Rapport\bin\RapportPG.sys --> c:\program files\Trusteer\Rapport\bin\RapportPG.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [25/07/2011 12:57 27016]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [25/07/2011 12:57 493184]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [05/09/2011 01:16 2214504]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [25/07/2011 12:57 36744]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\MSI\Live Update 5\msibios32_100507.sys --> c:\program files\MSI\Live Update 5\msibios32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1383384898-839522115-1004Core.job
- c:\documents and settings\Terry and Tracey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-05 02:36]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1383384898-839522115-1004UA.job
- c:\documents and settings\Terry and Tracey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-05 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.orange.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 22:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(200)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\l3codeca.acm
.
- - - - - - - > 'explorer.exe'(1584)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2012-02-02 22:52:43
ComboFix-quarantined-files.txt 2012-02-02 22:52
.
Pre-Run: 206,792,704,000 bytes free
Post-Run: 206,894,256,128 bytes free
.
- - End Of File - - BF6A340DE6CB7B3FF8B5ECB5012E2AE4
-
Let's run a few more scans to see what turns up.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
OK, this is the ansMBR log.
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-03 21:49:07
-----------------------------
21:49:07.671 OS Version: Windows 5.1.2600 Service Pack 3
21:49:07.671 Number of processors: 1 586 0x408
21:49:07.671 ComputerName: MENACECAT UserName:
21:49:09.062 Initialize success
21:49:50.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
21:49:50.703 Disk 0 Vendor: Hitachi_HDP725032GLA360 GM3OA52A Size: 305245MB BusType: 3
21:49:50.718 Disk 0 MBR read successfully
21:49:50.718 Disk 0 MBR scan
21:49:50.718 Disk 0 Windows XP default MBR code
21:49:50.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
21:49:50.718 Disk 0 scanning sectors +625121280
21:49:50.796 Disk 0 scanning C:\WINDOWS\system32\drivers
21:50:02.343 Service scanning
21:50:06.234 Modules scanning
21:50:15.375 Disk 0 trace - called modules:
21:50:15.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:50:15.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a56fab8]
21:50:15.406 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a51eeb0]
21:50:15.421 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a433940]
21:50:15.421 Scan finished successfully
21:51:05.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Terry and Tracey\Desktop\MBR.dat"
21:51:05.859 The log file has been saved successfully to "C:\Documents and Settings\Terry and Tracey\Desktop\aswMBR.txt"
-
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line: C:\Documents and Settings\Terry and Tracey\My Documents\Downloads\MBRCheck.exe
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d
Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB7F11000 fltmgr.sys
0xB7EFF000 sr.sys
0xB7EE8000 KSecDD.sys
0xB7E5B000 Ntfs.sys
0xB7E2E000 NDIS.sys
0xB7E14000 Mup.sys
0xB78F2000 kl1.sys
0xB8178000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xB8448000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB6B74000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xB8450000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB6785000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB6761000 \SystemRoot\system32\drivers\portcls.sys
0xB8188000 \SystemRoot\system32\drivers\drmk.sys
0xB673E000 \SystemRoot\system32\drivers\ks.sys
0xB8198000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB81A8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB81B8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB8458000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB5B14000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB5B00000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8460000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB81D8000 \SystemRoot\System32\DRIVERS\serial.sys
0xB8590000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB5AA7000 \SystemRoot\System32\DRIVERS\parport.sys
0xB81E8000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xB8468000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB86C0000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB81F8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB8594000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB5A90000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB8208000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB8218000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB8470000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB5A7F000 \SystemRoot\System32\DRIVERS\psched.sys
0xB8228000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB8478000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB8480000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8238000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB8488000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB8618000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB5A21000 \SystemRoot\System32\DRIVERS\update.sys
0xB76C9000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB8248000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8258000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xB861C000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB8490000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB8298000 \SystemRoot\system32\DRIVERS\hphid409.sys
0xB82A8000 \SystemRoot\System32\Drivers\hphs2k09.sys
0xB8530000 \SystemRoot\system32\DRIVERS\hphipr09.sys
0xB38D2000 \SystemRoot\system32\DRIVERS\klif.sys
0xB3874000 \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
0xB8620000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87B4000 \SystemRoot\System32\Drivers\Null.SYS
0xB8622000 \SystemRoot\System32\Drivers\Beep.SYS
0xB84A0000 \SystemRoot\System32\drivers\vga.sys
0xB8624000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8626000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB84A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB84B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6BBC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB8370000 \SystemRoot\system32\DRIVERS\kl2.sys
0xB8378000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xB3841000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB37E8000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB37C0000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB3741000 \SystemRoot\System32\vsdatant.sys
0xB371B000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB82B8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB6B9C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB6B98000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB36D1000 \SystemRoot\System32\drivers\afd.sys
0xB82D8000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB360F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB8380000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB35E4000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB3574000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB82F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8560000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB710A000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB8388000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xB8568000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB70DA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB355C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB864C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB38BA000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8390000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86F7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD413000 \SystemRoot\System32\ATMFD.DLL
0xB2981000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB26FD000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB8418000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB24A0000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB2463000 \SystemRoot\system32\drivers\wdmaud.sys
0xB264D000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8664000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB229D000 \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
0xB1F5B000 \SystemRoot\System32\DRIVERS\srv.sys
0xB1B0A000 \SystemRoot\System32\Drivers\HTTP.sys
0xB1902000 \??\C:\DOCUME~1\TERRYA~1\LOCALS~1\Temp\aswMBR.sys
0xB039D000 \SystemRoot\System32\DRIVERS\WG311v3XP.sys
0xB0372000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 47):
0 System Idle Process
4 System
548 C:\WINDOWS\system32\smss.exe
624 csrss.exe
648 C:\WINDOWS\system32\winlogon.exe
692 C:\WINDOWS\system32\services.exe
704 C:\WINDOWS\system32\lsass.exe
852 C:\WINDOWS\system32\svchost.exe
932 svchost.exe
972 C:\WINDOWS\system32\svchost.exe
1048 svchost.exe
1176 svchost.exe
1324 C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
1412 C:\WINDOWS\explorer.exe
1716 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1812 C:\WINDOWS\system32\spoolsv.exe
2008 svchost.exe
2020 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
204 C:\Program Files\SUPERAntiSpyware\SASCore.exe
216 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
884 C:\Program Files\Bonjour\mDNSResponder.exe
752 C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
1064 C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
1364 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
1964 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
292 C:\WINDOWS\system32\nvsvc32.exe
508 daemonu.exe
668 C:\WINDOWS\system32\svchost.exe
2408 alg.exe
2636 C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
2740 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2780 C:\WINDOWS\soundman.exe
2800 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
2844 C:\Program Files\Microsoft LifeCam\LifeExp.exe
2876 C:\Program Files\iTunes\iTunesHelper.exe
2920 C:\WINDOWS\system32\ctfmon.exe
2956 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
3068 C:\Program Files\iPod\bin\iPodService.exe
3340 C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
1620 C:\WINDOWS\system32\svchost.exe
1820 C:\Program Files\Outlook Express\msimn.exe
140 C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe
2480 C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3752 C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1624 C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3576 C:\Documents and Settings\Terry and Tracey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
OK, done
1428 C:\Documents and Settings\Terry and Tracey\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: HitachiHDP725032GLA360, Rev: GM3OA52A
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A
Done!
-
Save these instructions so you can have access to them while in Safe Mode.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- Accept the License agreement and click on next.
- It will, by default, install it to your desktop folder. Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
-
The Kaspersky scan found no viruses/malware. But I was unable to save the log as the program froze when I tried to copy it.
-
AVENGER
- Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Click the Execute button.
- You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log in your next reply.
-
Zone Alarm won't let it run because it says it is a malicious programme
-
Zone Alarm won't let it run because it says it is a malicious programme
All the tools I use are not malicious. Tell ZoneAlarm to let it run or disable ZoneAlarm.
-
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Completed script processing.
*******************
Finished! Terminate.
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Here is the ESET log
C:\Documents and Settings\All Users.WINDOWS\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\Program Files\VistaCodecPack\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\System Volume Information\_restore{CFDD00B7-AB3E-4DDA-8E30-F7C3C726A250}\RP142\A0391091.exe Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\System Volume Information\_restore{CFDD00B7-AB3E-4DDA-8E30-F7C3C726A250}\RP156\A0398464.msi Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\System Volume Information\_restore{CFDD00B7-AB3E-4DDA-8E30-F7C3C726A250}\RP156\A0398465.exe Win32/Packed.Autoit.C.Gen application deleted - quarantined
-
That looks good. How's your computer running now?
-
I have tried updating my System mechanic and viewing my imag subscription and they are having the same problem as before.
I tried the eset scanner on my laptop as well but I am getting an "unexpected error 3"
-
OK, got eset to run on the laptop.
How bad were those problems/infections
-
OK, got eset to run on the laptop.
How bad were those problems/infections
Could I see the log please?
-
Eset has found no problems on the laptop
-
Eset has found no problems on the laptop
Ok. How's the computer working now? Any other issues before we clean up?
-
I am still having problems with downloads and updates. The computer seems faster but these issues remain.
Is my pc now free from infection?
-
I am still having problems with downloads and updates.
Are you receiving any warnings when you try to get your updates?
•Please download Dial-A-Fix from one of the following mirrors:
Primary mirror (http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip)
Secondary mirror (http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip)
•Extract the zip file to your desktop.
•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
(http://i424.photobucket.com/albums/pp322/digistar/OK.jpg) to continue.
•Press the green double checkmark box (Looks like this:
(http://i424.photobucket.com/albums/pp322/digistar/checkmark.png)
UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:
(http://i424.photobucket.com/albums/pp322/digistar/ncheck.png)
(http://i424.photobucket.com/albums/pp322/digistar/Window.png)
•Click on Go
•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)
•Close Dial-A-Fix
-
Running Dial-a-fix, but it may be stuck on Empty System32\Catroot2
-
Please try running it again and see if it still hangs.
-
Yeah, its getting stuck on Empty System32\Catroot2-Stopping CRYPTSVC
-
Are you certain that ZoneAlarm is not blocking the updates?
-
I'm pretty sure, I have tried switching zone alarm off for several downloads/updates and it made no difference. The programmes have all permissions in ZoneAlarm and always updated no problem until a couple of weeks ago.
Also should I not get some kind of warning from ZoneAlarm if its blocking things?
Do you think ZoneAlarm is blocking Dial a Fix?
-
Do you think ZoneAlarm is blocking Dial a Fix?
If it's like my Firewall it will give you plenty of warnings.
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
-
This is the FarBar log, internet services was the only box ticked, is this correct?
Farbar Service Scanner Version: 08-02-2012
Ran by Terry and Tracey (administrator) on 09-02-2012 at 22:03:46
Running from "C:\Documents and Settings\Terry and Tracey\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) kl2(8) NetBT(6) PSched(7) Tcpip(4)
0x0800000008000000050000000100000002000 00003000000040000000600000007000000
**** End of log ****
-
Ok. Please run Dial-A-Fix again but this time leave "Empty System32\catroot2" unchecked and don't hit the "Flush SoftwareDistribution" button.
-
When opening Dial-a-fix I get this message.
Dial-a-Fix was unable to determine your version of internet explorer, certain DLL registrations will be skipped.
Then during registering iepeers.dll I get this
Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is :8.00.6001.18702. Please contact dial-a-fix so that an exeption can be made for your version of this file.
-
When opening Dial-a-fix I get this message.
Dial-a-Fix was unable to determine your version of internet explorer, certain DLL registrations will be skipped.
Then during registering iepeers.dll I get this
Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is :8.00.6001.18702. Please contact dial-a-fix so that an exeption can be made for your version of this file.
Please contact them to see if they can help with that file.
-
OK, email sent.
-
OK, email sent.
Please let me know the results?
-
Please let me know the results?
OK, no problem.
-
Dial a fix still not replied
-
Please delete Dial-A-Fix from your desktop and download a new one and try running it.
-
I tried it again, same problem. I can try downloading Dial a fix on another pc.
-
Please try running this tool (http://www.thewindowsclub.com/repair-fix-windows-updates-with-fix-wu-utility) to see if it will correct that update problem
-
Please try running this tool to see if it will correct that update problem
Uniblue says it has fixed 15 registry errors and left 199. I have to purchase the tool to correct the rest.
-
You must have downloaded the wrong program. Did you click the Download button in the upper right-hand corner? You need to download and run the "Repair Windows Update Errors" program.
-
You must have downloaded the wrong program. Did you click the Download button in the upper right-hand corner? You need to download and run the "Repair Windows Update Errors" program.
Ooops.
Running the correct program now.
-
This download is corrupting as well. But I just went to my neighbours to try their connection with my laptop & successfully downloaded & installed System Mechanic, this was one of the programmes I've been having trouble with. Does this mean most of my problems are down to my broadband connection/provider?
-
This download is corrupting as well. But I just went to my neighbours to try their connection with my laptop & successfully downloaded & installed System Mechanic, this was one of the programmes I've been having trouble with. Does this mean most of my problems are down to my broadband connection/provider?
It would appear that the only problem is getting your updates for Windows. I doubt that System Mechanic will do much to help this problem. Why not download Dial-A-Fix and the other utility on your friends computer and transfer them to your computer using a CD of memory stick? I tried that program and it ran A ok on my computer. While you're at your friend's place see if you can get your Windows updates on your laptop.
-
It would appear that the only problem is getting your updates for Windows. I doubt that System Mechanic will do much to help this problem. Why not download Dial-A-Fix and the other utility on your friends computer and transfer them to your computer using a CD of memory stick? I tried that program and it ran A ok on my computer. While you're at your friend's place see if you can get your Windows updates on your laptop.
I have kept my laptop connected to my neighbours network and have been receiving windows updates on it. I'll try dial a fix download again after the weekend (I'm away). Thanks for everything so far, be in touch again on monday.
-
Hi, I think I have established that most of my download/update problems have been caused by my wireless router. I plugged my laptop directly into the modem and everything worked/updated perfectly. I spoke to Virgin, my broadband provider and they are replacing my router. Unfortunately I am unable to plug my desktop into the modem as it doesn't seem to have a "local area connection" in network connections, so I'll have to wait till my new router arrives and is up and running to get the windows and other updates.
I am very grateful for all your help so far.
-
That's good news. We can do some cleanup.
Download this program and run it Uninstall ComboFix (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE) .It will remove ComboFix for you
******************************************
To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.
To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give you a new, clean Restore Point.
***************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
-
OK, done those.
-
OK, done those.
Ok. As soon as you get your new router you should be good to go. I'll leave this thread open in case you have more problems.
-
Yay, everything's working. Thanks for all your help Superdave.
-
Yay, everything's working. Thanks for all your help Superdave.
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.