1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Suspect Virus - Drivers failed to load

Discussion in 'Malware and Virus Removal Archive' started by shieldsr, 2009/07/08.

  1. 2009/07/08
    shieldsr

    shieldsr Inactive Thread Starter

    Joined:
    2009/07/08
    Messages:
    26
    Likes Received:
    0
    [Active] Suspect Virus - Drivers failed to load

    Hello,

    I was wondering if anybody on here could help me.

    Yesterday I started up my computer after it was switched off for a few days. After logging in my username, the computer froze and nothing would happen. This happened several times, until I logged into Safe Mode succesfully and began running my anti-virus, malware and spyware programs in an effort to fix the problem.

    After doing so, the problem has still not been fixed. When I look into Windows Error Reporting I see that when I'm trying to start my computer the following drivers are failing to load - Fips, intelppm, SAVRT, SYMTDIF.

    Is this a fixable problem? Any help would be greatly appreciated. :confused:

    DDS.txt

    DDS (Ver_09-06-26.01) - FAT32x86 NETWORK
    Run by Ryan at 13:39:36.50 on 08/07/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.164 [GMT 1:00]

    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ryan\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/ig
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uInternet Settings,ProxyOverride = 127.0.0.1;<local>
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
    uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [LaunchApp] Alaunch
    mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
    mRun: [<NO NAME>]
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    mRun: [SMSERIAL] sm56hlpr.exe
    mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [PC Suite for Smartphones] "c:\program files\sony ericsson\mobile4\application launcher\Application Launcher.exe" /startoptions
    mRun: [btbb_McciTrayApp] c:\program files\bt broadband desktop help\bin\BTHelpNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SiSRaid] c:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    IE: &Search
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193321178140
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ryan\applic~1\mozilla\firefox\profiles\pvsx1u2z.default\
    FF - prefs.js: browser.search.selectedEngine - Google.co.uk
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\documents and settings\ryan\application data\mozilla\firefox\profiles\pvsx1u2z.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
    FF - component: c:\documents and settings\ryan\application data\mozilla\firefox\profiles\pvsx1u2z.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPEyeCheck.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\drivers\zebrceb.sys [2007-10-3 63360]
    S0 sqgu;sqgu;c:\windows\system32\drivers\yipexai.sys --> c:\windows\system32\drivers\yipexai.sys [?]
    S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
    S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
    S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
    S2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
    S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-10-6 1275216]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-11-26 10976]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090703.004\naveng.sys [2009-7-3 89104]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090703.004\navex15.sys [2009-7-3 876144]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-10-6 173392]
    S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\drivers\zebrbus.sys [2007-10-3 83080]
    S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\drivers\zebrmdfl.sys [2007-10-3 15112]
    S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\drivers\zebrmdm.sys [2007-10-3 108296]
    S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\drivers\zebrmdmc.sys [2007-10-3 108424]
    S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\drivers\zebrsce.sys [2007-10-3 90888]

    =============== Created Last 30 ================

    2009-07-07 23:23 54,156 a---h--- c:\windows\QTFont.qfn
    2009-07-07 23:23 1,409 a------- c:\windows\QTFont.for
    2009-07-07 15:27 <DIR> --dsh--- C:\FOUND.019
    2009-07-07 15:21 <DIR> --dsh--- C:\FOUND.018
    2009-07-07 13:45 <DIR> --dsh--- C:\FOUND.017
    2009-07-07 13:33 <DIR> --dsh--- C:\FOUND.016
    2009-07-03 12:30 <DIR> --dsh--- c:\documents and settings\ryan\IETldCache
    2009-07-03 12:27 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
    2009-07-03 12:26 <DIR> --d----- c:\windows\ie8updates
    2009-07-03 12:26 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
    2009-07-03 12:26 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
    2009-07-03 12:24 <DIR> --d-h--- c:\windows\ie8
    2009-07-01 01:04 251,691,008 a------- c:\windows\TempFile
    2009-07-01 01:04 685,056 a------- c:\windows\system32\drivers\hardlock.sys
    2009-07-01 01:03 191,488 a------- c:\windows\system32\hlvdd.dll
    2009-07-01 00:42 468,084 a------- c:\windows\cluninst.exe
    2009-07-01 00:42 4,096 a------- c:\windows\system\LEXHDL5.DLL
    2009-07-01 00:41 98 a------- c:\windows\etkinst.ini
    2009-06-14 19:40 <DIR> --d----- c:\docume~1\ryan\applic~1\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    2009-06-14 19:40 <DIR> --d----- c:\program files\BBC iPlayer Desktop

    ==================== Find3M ====================

    2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
    2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
    2009-05-13 06:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
    2009-05-13 06:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
    2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-05-07 16:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
    2009-04-30 22:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
    2009-04-30 22:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
    2009-04-30 22:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
    2009-04-30 22:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
    2009-04-30 22:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
    2009-04-30 12:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-04-29 05:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
    2009-04-28 10:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
    2009-04-17 13:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
    2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
    2009-04-15 15:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
    2009-02-17 22:17 256 a------- c:\documents and settings\ryan\pool.bin
    2007-09-03 15:17 32 a----r-- c:\documents and settings\all users\hash.dat
    2007-01-19 14:29 5,632 a--sh--- c:\program files\Thumbs.db
    2004-10-18 15:01 1,052,672 a------- c:\documents and settings\ryan\GameMod.dll
    2004-10-18 11:25 2,146,304 a------- c:\documents and settings\ryan\StarCalibur.exe
    2004-10-18 11:23 3,190,784 a------- c:\documents and settings\ryan\Renderdx9b.dll
    2004-10-18 11:23 229,376 a------- c:\documents and settings\ryan\Sound.dll
    2004-09-07 12:04 53,248 a------- c:\documents and settings\ryan\SoundNULL.dll
    2004-07-30 15:45 3,584 a------- c:\documents and settings\ryan\font.bin
    2004-02-13 16:55 1,814,528 a------- c:\documents and settings\ryan\python22_d.dll
    2004-02-13 16:55 913,408 a------- c:\documents and settings\ryan\python22.dll
    2003-08-01 08:07 1,065,036 a------- c:\documents and settings\ryan\libmmdck.dll
    2003-08-01 08:07 1,032,267 a------- c:\documents and settings\ryan\libmmdd.dll
    2003-08-01 08:07 1,032,266 a------- c:\documents and settings\ryan\libmmd.dll
    2003-03-19 08:14 499,712 a------- c:\documents and settings\ryan\msvcp71.dll
    2003-03-19 07:04 765,952 a------- c:\documents and settings\ryan\msvcp71d.dll
    2003-03-19 07:03 544,768 a------- c:\documents and settings\ryan\msvcr71d.dll
    2003-02-21 16:42 348,160 a------- c:\documents and settings\ryan\msvcr71.dll
    2000-07-15 01:00 434,252 a------- c:\documents and settings\ryan\MSVCRTD.DLL
    1998-06-17 01:00 94,285 a------- c:\documents and settings\ryan\MSVCIRTD.DLL
    2008-07-30 03:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073020080731\index.dat

    ============= FINISH: 13:40:03.42 ===============

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-06-26.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28/09/2006 12:46:53
    System Uptime: 07/08/2009 12:36:47 (-719 hours ago)

    Motherboard: Acer | | E661GXM
    Processor: Intel(R) Celeron(R) CPU 2.80GHz | Socket 775 | 2800/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (FAT32) - 35 GiB total, 7.57 GiB free.
    D: is FIXED (FAT32) - 36 GiB total, 22.647 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP522: 15/04/2009 12:15:11 - Software Distribution Service 3.0
    RP523: 18/04/2009 17:18:47 - System Checkpoint
    RP524: 20/04/2009 17:22:33 - System Checkpoint
    RP525: 21/04/2009 23:44:24 - Software Distribution Service 3.0
    RP526: 23/04/2009 15:52:51 - System Checkpoint
    RP527: 24/04/2009 11:44:19 - Software Distribution Service 3.0
    RP528: 27/04/2009 14:42:48 - System Checkpoint
    RP529: 28/04/2009 11:29:31 - Software Distribution Service 3.0
    RP530: 30/04/2009 12:02:08 - System Checkpoint
    RP531: 01/05/2009 10:51:08 - Software Distribution Service 3.0
    RP532: 02/05/2009 13:26:19 - System Checkpoint
    RP533: 04/05/2009 13:44:57 - System Checkpoint
    RP534: 05/05/2009 23:50:26 - Software Distribution Service 3.0
    RP535: 07/05/2009 17:25:20 - Software Distribution Service 3.0
    RP536: 11/05/2009 23:15:24 - Software Distribution Service 3.0
    RP537: 13/05/2009 15:07:02 - Software Distribution Service 3.0
    RP538: 14/05/2009 16:07:42 - System Checkpoint
    RP539: 15/05/2009 12:18:14 - Software Distribution Service 3.0
    RP540: 16/05/2009 12:57:53 - System Checkpoint
    RP541: 18/05/2009 13:39:44 - System Checkpoint
    RP542: 19/05/2009 09:24:33 - Software Distribution Service 3.0
    RP543: 20/05/2009 15:43:37 - System Checkpoint
    RP544: 21/05/2009 18:42:07 - System Checkpoint
    RP545: 22/05/2009 12:00:59 - Software Distribution Service 3.0
    RP546: 23/05/2009 12:38:01 - System Checkpoint
    RP547: 24/05/2009 20:53:26 - System Checkpoint
    RP548: 25/05/2009 23:49:51 - Software Distribution Service 3.0
    RP549: 27/05/2009 15:19:37 - System Checkpoint
    RP550: 28/05/2009 18:01:34 - Software Distribution Service 3.0
    RP551: 29/05/2009 19:01:44 - System Checkpoint
    RP552: 01/06/2009 10:41:00 - System Checkpoint
    RP553: 02/06/2009 16:44:51 - Software Distribution Service 3.0
    RP554: 03/06/2009 17:14:36 - System Checkpoint
    RP555: 05/06/2009 09:26:28 - Software Distribution Service 3.0
    RP556: 08/06/2009 12:17:21 - System Checkpoint
    RP557: 08/06/2009 16:10:01 - Software Distribution Service 3.0
    RP558: 10/06/2009 09:46:05 - Installed Java(TM) 6 Update 14
    RP559: 10/06/2009 23:40:10 - Software Distribution Service 3.0
    RP560: 12/06/2009 10:24:32 - Software Distribution Service 3.0
    RP561: 14/06/2009 18:48:45 - System Checkpoint
    RP562: 15/06/2009 20:12:35 - System Checkpoint
    RP563: 16/06/2009 11:46:41 - Software Distribution Service 3.0
    RP564: 18/06/2009 12:34:18 - System Checkpoint
    RP565: 18/06/2009 22:48:05 - Software Distribution Service 3.0
    RP566: 20/06/2009 12:23:22 - System Checkpoint
    RP567: 22/06/2009 10:54:33 - System Checkpoint
    RP568: 22/06/2009 19:32:34 - Software Distribution Service 3.0
    RP569: 24/06/2009 12:59:36 - System Checkpoint
    RP570: 25/06/2009 17:48:00 - System Checkpoint
    RP571: 26/06/2009 10:37:55 - Software Distribution Service 3.0
    RP572: 29/06/2009 13:55:40 - System Checkpoint
    RP573: 29/06/2009 15:53:31 - Software Distribution Service 3.0
    RP574: 30/06/2009 18:41:48 - System Checkpoint
    RP575: 01/07/2009 23:03:50 - System Checkpoint
    RP576: 03/07/2009 01:47:31 - Software Distribution Service 3.0
    RP577: 03/07/2009 12:11:25 - Software Distribution Service 3.0

    ==== Installed Programs ======================


    µTorrent
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Reader 8.1.3
    Adobe Shockwave Player
    Advanced Office Password Recovery (remove only)
    AutoUpdate
    Avanquest update
    BBC iPlayer Desktop
    BlackBerry Desktop Software 4.7
    BlackBerry Device Software v4.5.0 for the BlackBerry 8110 smartphone
    Broken Sword
    Caprice32
    Cheat Engine 5.4
    CM4
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DriverAgent Plugin for Netscape by TouchStone Software
    Enhancer
    ETKA
    Google Earth
    Google Updater
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    iISystem Wiper 2.4.1
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 14
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Lexmark 640 Series
    LiveUpdate 2.0 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Money
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Professional
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Motorola SM56 Speakerphone Modem
    Mozilla Firefox (3.0.11)
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    NTI Backup NOW! 4
    NTI CD & DVD-Maker
    PowerDVD
    QuickTime
    Rainlendar2 (remove only)
    Realtek AC'97 Audio
    Roxio Media Manager
    Safari
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    SiS 900 PCI Fast Ethernet Adapter Driver
    SiS VGA Utilities
    SiSAGP driver
    SiSRaidPackage
    Sony Ericsson PC Suite 3.209.00
    Sony Ericsson PC Suite for Smartphones
    Sony Ericsson Symbian 9 Drivers
    Spybot - Search & Destroy
    Stellarium 0.8.2
    Symantec AntiVirus
    Titanic
    Ulead GIF Animator 5 Trial
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update Service
    VLC media player 0.9.2
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinRAR archiver
    Xiph QuickTime Components

    ==== Event Viewer Messages From Past Week ========

    07/07/2009 16:24:51, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    07/07/2009 13:46:13, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SAVRT SYMTDI
    07/07/2009 13:46:13, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    07/07/2009 13:46:13, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    01/07/2009 22:22:36, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

    ==== End Of File ===========================
     
    shieldsr,
    #1
  2. 2009/07/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure, if we're dealing here with any infection, but we can check it out.

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/07/09
    shieldsr

    shieldsr Inactive Thread Starter

    Joined:
    2009/07/08
    Messages:
    26
    Likes Received:
    0
    Hello, thank you for your help and assistance. I have ran Combofix and Hijackthis and here are the logs:

    Combofix.txt

    Hijackthis.txt

     
    shieldsr,
    #3
  5. 2009/07/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I doubt, your problems are caused by an infection, but let's finish cleaning process.
    I can see some fresh FOUND.*** files, which means, you, or the system ran chkdsk for whatever reason. You may have some HD issues.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\drivers\yipexai.sys

Folder::

Driver::
sqgu

Registry::

RegLockDel::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #4
  6. 2009/07/09
    shieldsr

    shieldsr Inactive Thread Starter

    Joined:
    2009/07/08
    Messages:
    26
    Likes Received:
    0
    Hello again,

    I ran Combofix and Hijackthis again as you instructed. I hope I have done this step correctly. Again, many thanks for your help.

    Combofix.txt

    Hijackthis.txt

     
    shieldsr,
    #5
  7. 2009/07/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I apologize for not replying. It looks like email notification missed me.

    Is your Symantec AntiVirus Corporate Edition paid for, and up to date?

    Uninstall Combofix:
    Go Start > Run
    Type in:
    combofix /u
    Note the space between the "combofix" and the "/u "
    Restart computer.


    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


    Post fresh HijackThis log as well.
     
    broni,
    #6
  8. 2009/07/19
    shieldsr

    shieldsr Inactive Thread Starter

    Joined:
    2009/07/08
    Messages:
    26
    Likes Received:
    0
    Hello again,

    Many thanks for taking the time to reply. My symantec is paid for and I update it regularly. I updated last when I started having problems.

    I've run Dr.Web and Hijackthis and here are the logs:

     
    shieldsr,
    #7
  9. 2009/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, go to Add\Remove, and uninstall following items:
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1

    ===============================================================

    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.

    ===============================================================

    Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.

    ===============================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    - O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    - O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    - O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    - O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    - O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    - O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #8
  10. 2009/07/20
    shieldsr

    shieldsr Inactive Thread Starter

    Joined:
    2009/07/08
    Messages:
    26
    Likes Received:
    0
    Having problems with the first set of instructions unfortunately. I'm trying to remove the Java Updates but I keep getting an error message telling me that Windows Installer could not be started because I'm in Safe Mode, or because it has not been installed correctly.

    I still can't start my computer normally so I'm stuck now, am I doing something wrong?

    :confused:
     
    shieldsr,
    #9
  11. 2009/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    By now, your computer is pretty much free of any malwares, but it looks like you have some Windows issues.
    I propose, you start new topic in Windows section, and you return here for final check, when your other issues are resolved.
     
    broni,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...