1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Unknown malware pc almost unresponsive, DDS run as instructed

Discussion in 'Malware and Virus Removal Archive' started by wyattspoppa, 2010/08/19.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. 2010/08/19
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    [Inactive] Unknown malware pc almost unresponsive, DDS run as instructed

    Hi Gents
    Please forgive any errors, I've been at this all night. I read all the rules and hopefully followed to the letter. My PC is almost unresponsive, getting worse quickly. I'm on disability and use my internet for business, caring for my toddler full time so no PC, no bills paid so I'll appreciate your help more than I can say. I have a Gateway GT5012 XP Media Center Dual Core 2.8ghz 2 gigs of ram, (it didn't "notice" one of the memory cards I installed, I should have 3 gigs)
    When I try to type anything in windows or email my keyboard strokes go unnoticed until I click my mouse about 20 times (not mouse related 100% sure) I have paid versions of spysweeper and Norton which never catch anything during scans...not possible as I do visit movie sites. What I've tried, I ran spybot, ccleaner, ran a hijackthis I will post as instructed and malwarebytes log as well. I have about 85% free systems resources. I spend 95% of my time on aol to access Ebay. I'm getting kicked off the net often, whether on aol or just IE, not so much when I use Firefox.
    The logs requested:
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Tommy at 9:08:29.68 on Thu 08/19/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1200 [GMT -7:00]

    AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

    ============== Running Processes ===============

    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
    svchost.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\AOL\1277259041\ee\aolsoftware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\AOL 9.5\waol.exe
    C:\Program Files\AOL 9.5\shellmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\Documents and Settings\Tommy\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
    mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:\progra~1\fvdtoo~1\FVDToolbar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.7.0.12\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:\progra~1\fvdtoo~1\FVDToolbar.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe "
    uRun: [AOL Fast Start] "c:\program files\aol 9.5\AOL.EXE" -b
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [HostManager] "c:\program files\common files\aol\1264679517\ee\AOLSoftware.exe "
    mRun: [POINTER] point32.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
    mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe "
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe "
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
    IE: FVDToolbar Add Page - c:\progra~1\fvdtoo~1\FVDToolbar.dll/IECONTEXT.DLL.HTM
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262514434093
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\tommy\applic~1\mozilla\firefox\profiles\pgx43klz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\documents and settings\tommy\application data\mozilla\firefox\profiles\pgx43klz.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\tommy\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\tommy\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: protocol-handler.warn-external.dnUpdate - false
    FF - user.js: ui.submenuDelay - 0
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1107000.00c\symds.sys [2010-5-24 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1107000.00c\symefa.sys [2010-5-24 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-9 692272]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1107000.00c\cchpx86.sys [2010-5-24 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1107000.00c\ironx86.sys [2010-5-24 116784]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.7.0.12\ccsvchst.exe [2010-5-24 126392]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-1-3 1201640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\ipsdefs\20100816.001\IDSXpx86.sys [2010-8-17 331640]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\virusdefs\20100818.049\NAVENG.SYS [2010-8-18 85424]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\virusdefs\20100818.049\NAVEX15.SYS [2010-8-18 1362608]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 cpuz132;cpuz132;\??\c:\docume~1\tommy\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\tommy\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

    =============== Created Last 30 ================

    2010-08-11 10:33:42 629 ----a-w- c:\windows\system32\mapisvc.inf
    2010-08-04 03:00:34 77824 ----a-w- c:\windows\system32\xvid.ax
    2010-08-04 03:00:33 0 d-----w- c:\program files\Xvid
    2010-07-29 06:56:39 0 d-----w- c:\program files\BitPim
    2010-07-25 16:51:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-25 16:51:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-25 16:51:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-21 18:04:20 0 d-----w- c:\documents and settings\tommy\.thumbnails
    2010-07-21 17:47:43 0 d-----w- c:\documents and settings\tommy\.gimp-2.6

    ==================== Find3M ====================

    2010-07-02 11:41:18 203776 ----a-w- c:\windows\system32\clrviddc.dll
    2010-06-30 15:28:50 87608 ----a-w- c:\docume~1\tommy\applic~1\inst.exe
    2010-06-30 15:28:50 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-06-30 15:28:50 47360 ----a-w- c:\docume~1\tommy\applic~1\pcouffin.sys
    2010-06-30 15:01:15 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2010-06-30 15:01:15 45200 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
    2010-06-30 15:01:14 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-06-30 15:01:04 59888 ------w- c:\windows\system32\pxwma.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2008-10-12 00:30:16 10511712 ----a-w- c:\program files\winzip120.exe

    ============= FINISH: 9:09:11.83 ===============
    Please advise if I need to zip the other file or any other tasks required and again, thank you from the bottom of my heart
    Wyattspoppa
     
    wyattspoppa,
    #1
  2. 2010/08/19
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)
    No - just copy/paste the contents of the Attach.txt into your next post here.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2010/08/19
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Thanks Petey (everyone needs a cool nickname)

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/3/2010 1:17:00 AM
    System Uptime: 8/17/2010 9:39:14 AM (48 hours ago)

    Motherboard: Intel Corporation | | D945GCZ
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | J3E1 | 2799/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 193.735 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    Z: is NetworkDisk (NTFS) - 287 GiB total, 144.541 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP243: 5/21/2010 6:01:47 AM - System Checkpoint
    RP244: 5/22/2010 8:34:06 AM - System Checkpoint
    RP245: 5/23/2010 9:17:19 AM - System Checkpoint
    RP246: 5/24/2010 10:36:02 AM - System Checkpoint
    RP247: 5/25/2010 12:39:22 PM - System Checkpoint
    RP248: 5/26/2010 7:00:17 AM - Software Distribution Service 3.0
    RP249: 5/27/2010 7:22:01 AM - System Checkpoint
    RP250: 5/28/2010 7:53:25 AM - System Checkpoint
    RP251: 5/29/2010 9:16:25 AM - System Checkpoint
    RP252: 5/30/2010 1:39:06 PM - System Checkpoint
    RP253: 5/31/2010 2:59:09 PM - System Checkpoint
    RP254: 6/1/2010 4:17:59 PM - System Checkpoint
    RP255: 6/2/2010 4:42:54 PM - System Checkpoint
    RP256: 6/3/2010 5:40:41 PM - System Checkpoint
    RP257: 6/4/2010 6:27:10 PM - System Checkpoint
    RP258: 6/5/2010 9:10:23 PM - System Checkpoint
    RP259: 6/7/2010 6:30:50 AM - System Checkpoint
    RP260: 6/8/2010 7:13:00 AM - System Checkpoint
    RP261: 6/9/2010 12:44:52 AM - Installed Microsoft Visual C++ 2005 Redistributable
    RP262: 6/9/2010 1:17:06 AM - drivers 6-8-10
    RP263: 6/9/2010 3:00:58 AM - Software Distribution Service 3.0
    RP264: 6/10/2010 3:58:50 AM - System Checkpoint
    RP265: 6/11/2010 6:08:00 AM - System Checkpoint
    RP266: 6/12/2010 6:35:25 AM - System Checkpoint
    RP267: 6/13/2010 6:48:19 PM - System Checkpoint
    RP268: 6/14/2010 7:26:02 PM - System Checkpoint
    RP269: 6/16/2010 2:03:30 AM - System Checkpoint
    RP270: 6/17/2010 3:45:08 AM - System Checkpoint
    RP271: 6/18/2010 3:50:55 AM - System Checkpoint
    RP272: 6/18/2010 7:16:08 AM - Installed EZ Label Xpress Lite
    RP273: 6/19/2010 2:42:22 PM - System Checkpoint
    RP274: 6/20/2010 4:28:53 PM - System Checkpoint
    RP275: 6/21/2010 5:17:51 PM - System Checkpoint
    RP276: 6/22/2010 6:51:33 PM - Revo Uninstaller's restore point - AOL Coach Version 2.0(Build:20041026.5 en)
    RP277: 6/22/2010 6:52:48 PM - Revo Uninstaller's restore point - AOL Deskbar
    RP278: 6/22/2010 6:54:57 PM - Revo Uninstaller's restore point - AOL Toolbar
    RP279: 6/22/2010 6:58:17 PM - Revo Uninstaller's restore point - AOL You've Got Pictures Screensaver
    RP280: 6/23/2010 7:48:01 PM - System Checkpoint
    RP281: 6/24/2010 7:00:37 AM - Software Distribution Service 3.0
    RP282: 6/25/2010 7:40:06 AM - System Checkpoint
    RP283: 6/26/2010 5:46:54 AM - Installed FacebookAgentSetup
    RP284: 6/26/2010 5:48:59 AM - Removed FacebookAgentSetup
    RP285: 6/27/2010 1:48:07 PM - System Checkpoint
    RP286: 6/28/2010 4:21:58 AM - Revo Uninstaller's restore point - DVD-CLONER V3.20 Build 896
    RP287: 6/29/2010 4:42:26 AM - System Checkpoint
    RP288: 6/30/2010 5:25:53 AM - System Checkpoint
    RP289: 7/1/2010 4:48:55 PM - System Checkpoint
    RP290: 7/1/2010 10:32:44 PM - before ccleaner registry
    RP291: 7/2/2010 11:58:28 PM - System Checkpoint
    RP292: 7/4/2010 1:36:20 AM - System Checkpoint
    RP293: 7/4/2010 1:06:13 PM - Installed Driver Mender.
    RP294: 7/5/2010 1:18:12 AM - Installed Driver Detective.
    RP295: 7/5/2010 1:26:34 AM - before drivers
    RP296: 7/5/2010 1:37:09 AM - Unsigned driver install
    RP297: 7/5/2010 6:49:36 AM - Software Distribution Service 3.0
    RP298: 7/6/2010 12:25:57 PM - System Checkpoint
    RP299: 7/7/2010 2:16:52 PM - System Checkpoint
    RP300: 7/8/2010 1:55:44 AM - Revo Uninstaller's restore point - Belarc Advisor 8.1
    RP301: 7/8/2010 1:57:22 AM - Revo Uninstaller's restore point - Driver Checker v2.7.4
    RP302: 7/8/2010 1:58:29 AM - Revo Uninstaller's restore point - Driver Mender
    RP303: 7/8/2010 1:58:38 AM - Removed Driver Mender.
    RP304: 7/8/2010 2:00:22 AM - Revo Uninstaller's restore point - Driver Detective
    RP305: 7/8/2010 2:00:30 AM - Removed Driver Detective.
    RP306: 7/8/2010 2:01:41 AM - Revo Uninstaller's restore point - Free Image Converter
    RP307: 7/8/2010 2:01:53 AM - Removed Free Image Converter
    RP308: 7/8/2010 7:00:16 AM - Software Distribution Service 3.0
    RP309: 7/9/2010 12:41:47 AM - b4 imgburn 7-8-10
    RP310: 7/10/2010 1:13:11 AM - System Checkpoint
    RP311: 7/11/2010 1:41:30 AM - System Checkpoint
    RP312: 7/12/2010 2:03:20 AM - System Checkpoint
    RP313: 7/13/2010 2:49:58 AM - System Checkpoint
    RP314: 7/14/2010 3:17:10 AM - System Checkpoint
    RP315: 7/14/2010 7:00:16 AM - Software Distribution Service 3.0
    RP316: 7/15/2010 7:38:41 AM - System Checkpoint
    RP317: 7/16/2010 8:16:48 AM - System Checkpoint
    RP318: 7/17/2010 8:16:55 AM - System Checkpoint
    RP319: 7/18/2010 2:48:45 PM - System Checkpoint
    RP320: 7/19/2010 4:59:44 PM - System Checkpoint
    RP321: 7/20/2010 6:05:42 PM - System Checkpoint
    RP322: 7/21/2010 8:13:59 PM - System Checkpoint
    RP323: 7/22/2010 10:05:16 PM - System Checkpoint
    RP324: 7/23/2010 10:57:21 PM - System Checkpoint
    RP325: 7/24/2010 11:43:52 PM - System Checkpoint
    RP326: 7/25/2010 9:02:52 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
    RP327: 7/25/2010 9:22:41 AM - before removing winpcap etc
    RP328: 7/25/2010 9:25:24 AM - Revo Uninstaller's restore point - WinPcap 4.1.2
    RP329: 7/25/2010 9:27:25 AM - Revo Uninstaller's restore point - GIMP 2.6.10
    RP330: 7/25/2010 9:31:28 AM - Revo Uninstaller's restore point - PC Matic 1.0.0.16
    RP331: 7/25/2010 9:36:59 AM - Revo Uninstaller's restore point - Web Photo Album 1.1
    RP332: 7/25/2010 9:39:13 AM - Revo Uninstaller's restore point - VisiPics V1.30
    RP333: 7/26/2010 12:04:43 PM - System Checkpoint
    RP334: 7/27/2010 1:49:32 PM - System Checkpoint
    RP335: 7/28/2010 4:14:20 PM - System Checkpoint
    RP336: 7/29/2010 4:41:09 PM - System Checkpoint
    RP337: 7/30/2010 4:55:48 PM - System Checkpoint
    RP338: 7/31/2010 5:32:53 PM - System Checkpoint
    RP339: 8/1/2010 6:36:04 PM - System Checkpoint
    RP340: 8/2/2010 7:51:40 PM - System Checkpoint
    RP341: 8/3/2010 7:00:17 AM - Software Distribution Service 3.0
    RP342: 8/4/2010 7:34:24 AM - System Checkpoint
    RP343: 8/4/2010 8:03:06 AM - Revo Uninstaller's restore point - ClickPotato
    RP344: 8/5/2010 8:13:26 AM - System Checkpoint
    RP345: 8/6/2010 9:02:31 AM - System Checkpoint
    RP346: 8/7/2010 1:14:13 PM - System Checkpoint
    RP347: 8/8/2010 1:55:00 PM - System Checkpoint
    RP348: 8/9/2010 3:47:57 PM - System Checkpoint
    RP349: 8/10/2010 3:54:54 PM - System Checkpoint
    RP350: 8/11/2010 4:22:52 PM - System Checkpoint
    RP351: 8/12/2010 4:49:19 PM - System Checkpoint
    RP352: 8/13/2010 7:00:21 AM - Software Distribution Service 3.0
    RP353: 8/14/2010 9:58:13 AM - System Checkpoint
    RP354: 8/15/2010 10:11:43 AM - System Checkpoint
    RP355: 8/16/2010 10:19:28 AM - System Checkpoint
    RP356: 8/17/2010 12:20:36 PM - System Checkpoint
    RP357: 8/18/2010 2:21:57 PM - System Checkpoint
    RP358: 8/19/2010 7:24:53 AM - before uninstalling $ntuninstall files 8/19/10

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.3
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BitPim 1.0.7
    Bonjour
    CCleaner
    ConvertXtoDVD 4.0.12.327
    Download Updater (AOL LLC)
    EZ Label Xpress Lite
    Facebook Plug-In
    FVD Suite 2.4.5
    FVDToolbar
    Gateway Drivers and Applications Recovery
    Graboid Video 1.71
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Driver Diagnostics
    HP Photo and Imaging 2.0 - Photosmart Printer Series
    Image Transfer
    ImageMixer for Sony
    ImgBurn
    Intel Audio Studio
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Software v10.0.26.0
    Intel(R) PROSafe for Wired Connections
    iPod for Windows 2005-10-12
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    Java Auto Updater
    Java(TM) 6 Update 20
    K-Lite Mega Codec Pack 5.6.1
    LG USB Modem driver
    Logitech Desktop Messenger
    Logitech Harmony Remote Client
    Malwarebytes' Anti-Malware
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft IntelliPoint 5.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Small Business
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MicroStaff WINASPI
    MobileMe Control Panel
    Mozilla Firefox (3.6.8)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    Multimedia Transcoding Tool
    Norton AntiVirus
    Photosmart 130,230,7150,7345,7350,7550 (Remove only)
    QuickTime
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealPlayer
    RealUpgrade 1.0
    Red Eye Remover 2.0
    Revo Uninstaller 1.89
    Safari
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SigmaTel Audio
    Soft Data Fax Modem with SmartCP
    Sony USB Driver
    Spy Sweeper
    Spy Sweeper Core
    Spybot - Search & Destroy
    System Requirements Lab for Intel
    Uninstall AOL Emergency Connect Utility 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    V CAST Music with Rhapsody
    Viewpoint Media Player
    VLC media player 1.0.1
    WebFldrs XP
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format Runtime
    Windows PowerShell(TM) 1.0
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 12.0
    Xvid 1.2.1 final uninstall
    Yahoo! Toolbar
    YouTube Downloader 2.5.6

    ==== End Of File ===========================
    ============= FINISH: 9:09:11.83 ===============
     
    Last edited: 2010/08/19
    wyattspoppa,
    #3
  5. 2010/08/19
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Would you like the hijackthis report as well Petey?
    Personally I think it's the 9th Fetzer Valve, it's all ball bearings nowadays
    (this is funny stuff if you've seen "Fletch ")
     
    wyattspoppa,
    #4
  6. 2010/08/19
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.

    If an HJT log is required our Malware Analyst will request it. DDS includes a pesedo HJT report.
     
    PeteC,
    #5
  7. 2010/08/19
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Thanks Petey,
    Am I a mess if you don't mind my asking, might need to get an external HD today if you think the "R" word is pending (reformat). Along with my work, every baby picture I own of my little boy is here. only about half on a 16 gig cruzer
    Wyattspoppa
     
    wyattspoppa,
    #6
  8. 2010/08/19
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    It is always wise, I would say essential, to have a backup of your important data. As I am not a Malware Analyst I cannot predict what action will be recommended, but a reformat is way down the list.

    Nevertheless - make that backup :)
     
    PeteC,
    #7
  9. 2010/08/19
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    You are very kind, hate to overextend your hosptitality, but if I back up the contents of my C drive now (95% family photos), won't I be uploading the problem back to my newly cleaned PC if reformat becomes a possibility? I can tell you I just ran malwarebytes and Spybot and did, in fact come up with 3 "baddies ", not the zero I'd mentioned earlier today. Removed them but I'm still running like a narcoleptic turtle in a vat of molasses.
    Your opinion will more than suffice Petey C
     
    wyattspoppa,
    #8
  10. 2010/08/19
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    You cannot back up the entire contents of your C:\ drive by a simple copy process as the drive includes the Operating System in addition to your own data.

    It is this data you should back up, especially your family photos. Pure data is rarely, if ever infected by malware so you would have no issues reloading your photos if the situation arises.
     
    PeteC,
    #9
  11. 2010/08/19
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Thanks PeteC
     
    wyattspoppa,
    #10
  12. 2010/08/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #11
  13. 2010/08/19
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Hey Broni,
    How nice of you to give your valuable time away so freely, I'm most grateful.
    Here's the Malwarebytes scan, did find a baddie this time...
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4409

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/19/2010 1:36:11 PM
    mbam-log-2010-08-19 (13-36-11).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 236386
    Time elapsed: 1 hour(s), 1 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\RECYCLER\S-1-5-21-2651013176-1454336582-3667337762-1006\Dc11\wmiprvse.exe (Worm.Autorun.B) -> No action taken.
    C:\RECYCLER\S-1-5-21-2651013176-1454336582-3667337762-1006\Dc12\wmiprvse.exe (Worm.Autorun.B) -> No action taken.

    I'll get going on the next step immediately. When you guys say "make no changes to your PC till it's clean ", does throwing it out my 3rd story window qualify? he he
    Wyattspoppa
     
    wyattspoppa,
    #12
  14. 2010/08/19
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Hey B,
    Where it says file infected, no action taken, I swear I deleted it when that step came up
    Cheers
     
    wyattspoppa,
    #13
  15. 2010/08/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Haha....

    MBAM log says "No action taken" after each line.
    Please, re-run it and make sure to FIX all issues this time around.
     
    broni,
    #14
  16. 2010/08/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Simply re-run MBAM and post fresh log.
     
    broni,
    #15
  17. 2010/08/20
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    What's up B
    I may cry, I ran (appeared successfully I might add) the Gmer and it ran for well over 2 hours, appeared to be near the end and then it shut down my PC and re-booted. I see no files called Gmer, nothing on the desktop but a DDS file I didn't recognize
    Did I make a mistake? Should I have logged off the internet, shut down my security...I'm clueless, I had every box checked on the right side as it was by defaut and left the "not show all" as instructed. Is it supposed to reboot, if so, where's the report my friend?
    Tommy
     
    wyattspoppa,
    #16
  18. 2010/08/20
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Will do, can't take nearly as long as the Gmer. I only have like 40 gb on my PC and 230gb free, didn't think it would run so long...anyway, I'm on it B
     
    wyattspoppa,
    #17
  19. 2010/08/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Post fresh MBAM log, skip GMER for now and run MBRCheck.

    Bed time for me though :)
     
    broni,
    #18
  20. 2010/08/20
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Thanks B
    Nite
     
    wyattspoppa,
    #19
  21. 2010/08/20
    wyattspoppa

    wyattspoppa Inactive Thread Starter

    Joined:
    2010/08/19
    Messages:
    20
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4409

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/19/2010 10:42:05 PM
    mbam-log-2010-08-19 (22-42-05).txt

    Scan type: Quick scan
    Objects scanned: 163360
    Time elapsed: 10 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    wyattspoppa,
    #20
Page 1 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...