1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active System Security Virus

Discussion in 'Malware and Virus Removal Archive' started by geoff pearson, 2009/08/07.

  1. 2009/08/07
    geoff pearson

    geoff pearson Inactive Thread Starter

    Joined:
    2009/07/22
    Messages:
    2
    Likes Received:
    0
    [Active] System Security Virus

    Hi Arie,
    Have run the DDS software and have attached the DDS log and the Attach log.
    Sorry for the time it took me as I have been off line due to a "Sky" problem ...
    Sent email to Peter Clark i.e PeteC.
    Regards
    Geoff


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Geoff P at 10:40:12.59 on 07/08/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.255.36 [GMT 1:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Geoff P\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bbc.co.uk/
    uSearch Page = hxxp://www.google.com
    uWindow Title = Internet Explorer Provided By Sky Broadband
    uDefault_Page_URL = hxxp://www.skybroadband.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [EPSON Stylus D92 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibze.exe /fu "c:\windows\temp\E_SBB.tmp" /EF "HKCU "
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
    mRun: [LWBMOUSE] c:\program files\browser mouse\browser mouse\1.0\lwbwheel.exe
    mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe "
    mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
    mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe
    mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
    mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\CPF.exe" /background
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [19112184] c:\documents and settings\all users\application data\19112184\19112184.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~2.lnk - c:\program files\finepixviewers\QuickDCF2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170783399031
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: {71D3CC46-8BFC-4247-B580-CEEE8B4A626D} = 208.67.220.220,208.67.222.222
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

    ============= SERVICES / DRIVERS ===============

    R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-5-19 22360]
    R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-5-19 45416]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-23 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-23 185089]
    R2 CmdAgent;Comodo Application Agent;c:\program files\comodo\firewall\cmdagent.exe [2007-7-31 361040]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-3-20 17149]
    S3 o1394bul;o1394bul;c:\docume~1\geoffp~1\locals~1\temp\o1394bul.sys [2001-2-14 15872]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

    =============== Created Last 30 ================

    2009-08-03 21:54 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
    2009-08-03 21:54 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
    2009-08-03 21:54 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
    2009-08-03 21:54 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll
    2009-08-03 21:54 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
    2009-08-03 21:54 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
    2009-08-03 21:54 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
    2009-08-03 21:54 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
    2009-08-03 21:54 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
    2009-08-03 21:31 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
    2009-08-03 21:30 <DIR> --d----- c:\windows\system32\en
    2009-08-03 21:30 <DIR> --d----- c:\windows\peernet
    2009-07-24 20:43 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
    2009-07-24 20:41 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2009-07-24 20:41 333,952 -c------ c:\windows\system32\dllcache\srv.sys
    2009-07-24 20:41 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
    2009-07-24 20:41 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
    2009-07-24 20:40 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
    2009-07-24 20:40 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
    2009-07-24 20:39 2,560 -------- c:\windows\system32\xpsp4res.dll
    2009-07-24 20:39 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
    2009-07-24 20:39 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
    2009-07-23 18:31 <DIR> --d----- c:\program files\Avira
    2009-07-23 14:38 126,976 a------- c:\windows\system32\eappcfg.dll
    2009-07-23 14:33 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
    2009-07-23 14:33 8,192 -c------ c:\windows\system32\dllcache\asferror.dll
    2009-07-23 14:33 695,808 -c------ c:\windows\system32\dllcache\drmv2clt.dll
    2009-07-23 14:33 498,742 -c------ c:\windows\system32\dllcache\dxmasf.dll
    2009-07-23 14:33 299,520 -c------ c:\windows\system32\dllcache\drmclien.dll
    2009-07-23 14:33 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
    2009-07-23 14:33 159,232 -c------ c:\windows\system32\dllcache\cewmdm.dll
    2009-07-23 14:33 87,040 -c------ c:\windows\system32\dllcache\drmstor.dll
    2009-07-23 14:30 <DIR> --d----- c:\windows\network diagnostic
    2009-07-23 14:27 19,569 a------- c:\windows\003265_.tmp
    2009-07-20 15:02 32,299,960 a------- c:\program files\Copy of avira_antivir_personal_en.exe
    2009-07-20 14:50 32,299,960 a------- c:\program files\avira_antivir_personal_en.exe
    2009-07-20 12:20 8,382,616 a------- c:\program files\trj678.exe
    2009-07-20 11:59 2,169,880 a------- c:\program files\spo3.exe
    2009-07-16 11:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\19112184

    ==================== Find3M ====================

    2009-08-01 15:30 64,880 a------- c:\docume~1\geoffp~1\applic~1\GDIPFONTCACHEV1.DAT
    2009-07-23 19:45 616 a------- c:\program files\Shortcut to avira_antivir_personal_en.lnk
    2009-07-23 14:43 80,007 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-06-29 17:12 827,392 a------- c:\windows\system32\wininet.dll
    2009-06-29 17:12 17,408 a------- c:\windows\system32\corpol.dll
    2009-06-29 17:12 78,336 -------- c:\windows\system32\ieencode.dll
    2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
    2007-01-13 19:03 1,120 a------- c:\program files\Global.sw
    2005-02-22 18:50 1,002 a------- c:\program files\DeskPub32.INI
    2004-12-15 20:48 83 a------- c:\program files\EVENT.DAT
    2004-12-08 23:10 10,956 a------- c:\program files\DeIsL1.isu
    2004-12-08 23:08 355 a------- c:\program files\_DEISREG.ISR
    2000-02-12 13:09 47,845 a------- c:\program files\3000cutom.pdf
    2000-01-28 15:31 614 a------- c:\program files\AREAD32.txt
    1999-08-05 02:35 1,824,256 a------- c:\program files\DeskPub32.exe
    1999-06-11 13:10 49,152 a------- c:\program files\_ISREG32.DLL
    1998-07-20 02:47 605,184 a------- c:\program files\LLI32.DLL
    1998-07-20 02:47 173,568 a------- c:\program files\LLO32.DLL
    1998-07-11 06:00 442,511 a------- c:\program files\English.DCT
    1998-03-10 15:25 1,578 a------- c:\program files\CUSTOM.DCT
    1997-08-20 17:46 32,768 a------- c:\program files\LABLIST.DB
    1997-08-20 17:46 4,096 a------- c:\program files\LABLIST.PX
    1997-07-23 06:01 314,880 a------- c:\program files\TX32.DLL
    1997-07-21 18:11 238,080 a------- c:\program files\TX4OLE.OCX
    1997-07-21 02:31 66,560 a------- c:\program files\TXTLS32.DLL
    1997-07-21 02:22 48,128 a------- c:\program files\WNDTLS32.DLL
    1996-10-10 16:43 2,736 a------- c:\program files\TEMPLATE.DAT
    1996-06-18 04:27 104,183 a------- c:\program files\Deskpub32.hlp
    1996-03-04 13:46 260,598 a------- c:\program files\SPELL.DCT
    1995-08-24 10:02 81,920 a------- c:\program files\BIVBX11.DLL
    1992-03-05 03:00 5,120 a------- c:\program files\MVAPI.DLL

    ============= FINISH: 10:41:25.21 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/04/2004 17:57:28
    System Uptime: 08/07/2009 08:06:59 (722 hours ago)

    Motherboard: MSI | | MS-6712
    Processor: AMD Athlon(tm) XP 2200+ | Socket-A | 1800/133mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 13.847 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP695: 09/05/2009 17:07:03 - System Checkpoint
    RP696: 10/05/2009 17:37:45 - System Checkpoint
    RP697: 11/05/2009 18:59:25 - Software Distribution Service 3.0
    RP698: 13/05/2009 08:09:24 - Software Distribution Service 3.0
    RP699: 14/05/2009 08:30:39 - Software Distribution Service 3.0
    RP700: 15/05/2009 08:42:41 - System Checkpoint
    RP701: 16/05/2009 13:24:09 - Software Distribution Service 3.0
    RP702: 17/05/2009 09:35:23 - Installed Windows XP WgaNotify.
    RP703: 18/05/2009 10:58:03 - System Checkpoint
    RP704: 19/05/2009 11:59:20 - System Checkpoint
    RP705: 19/05/2009 20:16:26 - Avira AntiVir Personal - 19/05/2009 20:15
    RP706: 19/05/2009 20:16:33 - Avira AntiVir Personal - 19/05/2009 20:16
    RP707: 19/05/2009 20:21:55 - Avira AntiVir Personal - 19/05/2009 20:21
    RP708: 21/05/2009 08:46:47 - System Checkpoint
    RP709: 22/05/2009 11:29:37 - System Checkpoint
    RP710: 24/05/2009 09:36:14 - System Checkpoint
    RP711: 25/05/2009 09:47:21 - System Checkpoint
    RP712: 26/05/2009 10:19:32 - System Checkpoint
    RP713: 27/05/2009 12:32:41 - System Checkpoint
    RP714: 28/05/2009 18:21:01 - System Checkpoint
    RP715: 01/06/2009 12:00:28 - System Checkpoint
    RP716: 02/06/2009 12:07:13 - System Checkpoint
    RP717: 04/06/2009 08:42:37 - System Checkpoint
    RP718: 05/06/2009 11:39:13 - System Checkpoint
    RP719: 06/06/2009 16:22:57 - System Checkpoint
    RP720: 07/06/2009 16:24:02 - System Checkpoint
    RP721: 08/06/2009 20:54:48 - System Checkpoint
    RP722: 10/06/2009 09:35:40 - System Checkpoint
    RP723: 11/06/2009 11:03:24 - System Checkpoint
    RP724: 12/06/2009 08:34:42 - Software Distribution Service 3.0
    RP725: 13/06/2009 16:10:06 - System Checkpoint
    RP726: 14/06/2009 16:41:38 - System Checkpoint
    RP727: 15/06/2009 21:37:29 - System Checkpoint
    RP728: 17/06/2009 09:43:03 - System Checkpoint
    RP729: 18/06/2009 11:05:12 - System Checkpoint
    RP730: 19/06/2009 11:16:38 - System Checkpoint
    RP731: 20/06/2009 15:31:45 - System Checkpoint
    RP732: 26/06/2009 17:03:05 - System Checkpoint
    RP733: 27/06/2009 18:15:24 - System Checkpoint
    RP734: 28/06/2009 20:21:06 - System Checkpoint
    RP735: 30/06/2009 11:39:09 - System Checkpoint
    RP736: 01/07/2009 13:09:11 - System Checkpoint
    RP737: 03/07/2009 08:36:07 - System Checkpoint
    RP738: 04/07/2009 13:16:15 - System Checkpoint
    RP739: 05/07/2009 18:49:12 - System Checkpoint
    RP740: 06/07/2009 19:06:52 - System Checkpoint
    RP741: 07/07/2009 20:10:51 - System Checkpoint
    RP742: 08/07/2009 20:25:39 - System Checkpoint
    RP743: 09/07/2009 20:32:30 - System Checkpoint
    RP744: 10/07/2009 20:37:56 - System Checkpoint
    RP745: 11/07/2009 20:50:14 - System Checkpoint
    RP746: 12/07/2009 20:56:34 - System Checkpoint
    RP747: 13/07/2009 21:07:35 - System Checkpoint
    RP748: 15/07/2009 11:44:50 - System Checkpoint
    RP749: 16/07/2009 14:00:41 - System Checkpoint
    RP750: 18/07/2009 09:08:51 - Software Distribution Service 3.0
    RP751: 18/07/2009 21:42:32 - Avira AntiVir Personal - 18/07/2009 21:42
    RP752: 18/07/2009 21:42:39 - Avira AntiVir Personal - 18/07/2009 21:42
    RP753: 18/07/2009 21:42:46 - Avira AntiVir Personal - 18/07/2009 21:42
    RP754: 18/07/2009 21:42:50 - Avira AntiVir Personal - 18/07/2009 21:42
    RP755: 18/07/2009 21:42:53 - Avira AntiVir Personal - 18/07/2009 21:42
    RP756: 20/07/2009 08:45:49 - Software Distribution Service 3.0
    RP757: 20/07/2009 09:08:09 - Avira AntiVir Personal - 20/07/2009 09:08
    RP758: 20/07/2009 09:08:13 - Avira AntiVir Personal - 20/07/2009 09:08
    RP759: 20/07/2009 09:08:25 - Avira AntiVir Personal - 20/07/2009 09:08
    RP760: 21/07/2009 09:27:46 - System Checkpoint
    RP761: 22/07/2009 08:05:47 - Software Distribution Service 3.0
    RP762: 23/07/2009 14:09:36 - System Checkpoint
    RP763: 23/07/2009 14:28:09 - Installed Windows XP Service Pack 3.
    RP764: 23/07/2009 15:00:50 - Avira AntiVir Personal - 23/07/2009 15:00
    RP765: 23/07/2009 18:30:21 - Avira AntiVir Personal - 23/07/2009 18:29
    RP766: 23/07/2009 20:26:22 - Software Distribution Service 3.0
    RP767: 24/07/2009 20:49:20 - Software Distribution Service 3.0
    RP768: 26/07/2009 15:51:32 - System Checkpoint
    RP769: 30/07/2009 10:38:19 - System Checkpoint
    RP770: 31/07/2009 10:44:18 - System Checkpoint
    RP771: 01/08/2009 12:11:33 - System Checkpoint
    RP772: 03/08/2009 12:48:18 - System Checkpoint
    RP773: 03/08/2009 21:35:37 - Restore Operation
    RP774: 03/08/2009 21:41:39 - Software Distribution Service 3.0
    RP775: 05/08/2009 08:15:02 - Software Distribution Service 3.0
    RP776: 06/08/2009 08:35:12 - System Checkpoint
    RP777: 07/08/2009 08:37:03 - System Checkpoint

    ==== Installed Programs ======================

    3D Dragon Castle
    3D Font Maker
    Adobe Acrobat 5.0
    Adobe Audition 1.5
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 6.0
    Ahead InCD EasyWrite Reader
    Ahead NeroMediaPlayer
    ArcSoft PhotoBase 3
    ArcSoft PhotoStudio 5
    Avira AntiVir Personal - Free Antivirus
    Black Thorn
    Board Games
    Brick Blaster 3D
    Browser MOUSE
    Browser Mouse Browser Mouse 1.0
    Camera RAW Plug-In for EPSON Creativity Suite
    Canon CanoScan Toolbox 4.1
    Canon Utilities Easy-PhotoPrint
    CanoScan LiDE20,30 Manual
    COMODO Firewall Pro
    Customatic 3000+ Clipart and DTP
    dvdSanta 3.45
    Easy-WebPrint
    EPSON Attach To Email
    EPSON Easy Photo Print
    EPSON File Manager
    EPSON Printer Software
    EPSON Scan Assistant
    EPSON Stylus C90_91_D92 Manual
    EPSON Web-To-Page
    Eyewitness Encyclopedia of Science 2.0
    FinePixViewer Resource
    FinePixViewer Ver.5.1
    FUJIFILM FinePixViewer S Ver.2.1
    FUJIFILM USB Driver
    Further Time
    GameSpy Arcade
    Gem Thief Demo
    Google Earth
    Google Toolbar for Internet Explorer
    Google Updater
    Hotfix for Windows XP (KB952287)
    ImageMixer VCD2 LE for FinePix
    InterActual Player
    Knight Mare Demo
    LiveUpdate BVRP Software
    Metal
    Microsoft Flight Simulator 98
    Microsoft IntelliType Pro 2.2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft Publisher 2002
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MicroStaff WINASPI
    mobile PhoneTools
    Nero - Burning Rom
    NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
    NVIDIA Display Driver
    OmniPage SE
    PicturesToExe
    PowerDVD
    QuickTime
    RAW FILE CONVERTER LE
    Scrabble® 2003 Edition
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB973346)
    Skateboard Crazy Demo
    Sky Broadband
    Sky Racer
    Spybot - Search & Destroy 1.4
    SupraExpress 56i Pro V CC V.92
    ubi.com
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VIA Rhine-Family Fast Ethernet Adapter
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Water in Fire 1.8
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    31/07/2009 20:45:10, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    31/07/2009 20:45:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    31/07/2009 15:00:00, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
    31/07/2009 15:00:00, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
    31/07/2009 14:00:00, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
    31/07/2009 14:00:00, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
    31/07/2009 11:00:00, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
    31/07/2009 11:00:00, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
    31/07/2009 09:00:00, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
    31/07/2009 09:00:00, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
    31/07/2009 08:00:00, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
    31/07/2009 08:00:00, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
    03/08/2009 22:00:00, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
    03/08/2009 22:00:00, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
    03/08/2009 21:00:00, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
    03/08/2009 21:00:00, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
    03/08/2009 20:00:00, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
    03/08/2009 20:00:00, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
    03/08/2009 19:00:00, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
    03/08/2009 19:00:00, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
    03/08/2009 13:00:00, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
    03/08/2009 13:00:00, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
    01/08/2009 18:00:00, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
    01/08/2009 18:00:00, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
    01/08/2009 17:00:00, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
    01/08/2009 17:00:00, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
    01/08/2009 16:00:00, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
    01/08/2009 16:00:00, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
    01/08/2009 12:00:00, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
    01/08/2009 12:00:00, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
    01/08/2009 11:53:06, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    01/08/2009 11:52:27, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
    01/08/2009 10:00:00, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
    01/08/2009 10:00:00, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402

    ==== End Of File ===========================
     
    geoff pearson,
    #1
  2. 2009/08/07
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/08/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...