TechSpot

Hotmail Freezing : 6 Steps Done

By ravisunny2
Mar 18, 2011
  1. Hi,

    Hotmail has been freezing for the last few days.

    First I thought it might be a temporary issue with the net or Hotmail.

    Todays I carried out the 8/6 steps.

    Can you please check these ?

    ---------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6094

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/18/2011 10:55:15 PM
    mbam-log-2011-03-18 (22-55-15).txt

    Scan type: Quick scan
    Objects scanned: 152978
    Time elapsed: 1 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -------------------------------------------------------

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-18 23:06:26
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJS-22PSA0 rev.05.06H05
    Running: e4pk90ih.exe; Driver: C:\DOCUME~1\RAVIND~1.BAN\LOCALS~1\Temp\kwroakod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB48EB026]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB48EAE91]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
    ------------------------------------------------------------------------------------------
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Ravindra K. Banthia at 23:13:43.12 on Fri 03/18/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1486 [GMT 5.5:30]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\CPUMon\CPUMon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\BySoft StayAlive Pro\StayAlive.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\FreeClip\FreeClip.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\wscntfy.exe
    F:\Work\A_Forums\Techspot\8 Steps\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [BySoft StayAlive Pro] c:\program files\bysoft stayalive pro\StayAlive.exe
    uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
    uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
    mRun: [SkyTel] SkyTel.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [CPUMon] c:\program files\cpumon\CPUMon.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\ravind~1.ban\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\ravind~1.ban\startm~1\programs\startup\tracker.lnk - c:\program files\tracker\Tracker.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\freeclip.lnk - c:\program files\freeclip\FreeClip.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1285265603890
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282763002298
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282766286734
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-24 301528]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-24 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-24 42184]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-8-5 100496]
    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2011-03-17 20:46:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-17 19:27:38 -------- d-----w- c:\windows\system32\Adobe
    2011-03-12 19:22:34 -------- d-----w- c:\docume~1\ravind~1.ban\applic~1\HpUpdate
    2011-03-12 19:22:31 -------- d-----w- c:\windows\Hewlett-Packard
    2011-03-12 07:07:01 -------- d-----w- c:\program files\common files\Hewlett-Packard
    2011-03-08 13:08:16 -------- d-----w- c:\docume~1\ravind~1.ban\applic~1\com.elance.tracker
    2011-03-07 12:27:33 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2011-03-07 12:27:33 344064 ----a-w- c:\windows\system32\msvcr70.dll
    2011-03-06 23:21:19 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2011-03-01 15:14:25 13 ----a-w- C:\here.cmd
    2011-03-01 15:07:27 -------- d-----w- C:\UTIL_CMD
    2011-03-01 15:07:27 -------- d-----w- C:\MY_TEMP
    2011-03-01 15:07:27 -------- d-----w- C:\MY_LOG
    2011-03-01 15:07:27 -------- d-----w- C:\INST_CMD
    2011-03-01 15:06:44 6703 ----a-w- C:\My_Start.cmd
    2011-03-01 10:54:09 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-25 07:51:18 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
    .
    ==================== Find3M ====================
    .
    2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-11 11:37:52 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 16:10:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 19:56:25 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-01-21 19:56:25 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-01-21 19:52:07 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-19 01:33:02 23 ----a-w- c:\program files\unames.cmd
    2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-01-08 03:27:00 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-01-08 03:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-08 03:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-08 03:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-08 03:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
    2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-08 03:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-01-08 03:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-01-08 03:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-01-07 14:26:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-01-07 14:26:50 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-07 14:26:48 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-01-07 14:26:48 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-01-07 14:26:48 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-01-07 14:26:48 13880424 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-07 14:26:48 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 20:12:04 285480 ----a-w- c:\windows\system32\guard32.dll
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 23:15:00.79 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/26/2010 11:57:34 AM
    System Uptime: 3/18/2011 10:51:15 PM (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | 945GCMX-S2
    Processor: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz | Socket 775 | 2009/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 30 GiB total, 17.331 GiB free.
    D: is FIXED (NTFS) - 25 GiB total, 11.511 GiB free.
    E: is FIXED (NTFS) - 25 GiB total, 13.226 GiB free.
    F: is FIXED (NTFS) - 15 GiB total, 11.745 GiB free.
    G: is FIXED (NTFS) - 54 GiB total, 53.292 GiB free.
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    1888 Notepad 1.0
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    7-Zip 9.20
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Auslogics Duplicate File Finder
    AutoIt v3.3.6.1
    avast! Free Antivirus
    Belarc Advisor 8.1
    BySoft StayAlive Pro 3.0
    Calculator Powertoy for Windows XP
    CCleaner
    CMenu
    COMODO Internet Security
    CPUMon
    DocProc
    Duplicate Cleaner 1.4.6
    Enable S3 for USB Device
    FastStone Capture 5.0
    Free Download Manager 3.0
    Free PDF to Word Doc Converter v1.1
    FreeCommander 2009.02a
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP LaserJet P1000 series
    hpg2410
    hpg2410QFolder
    HPSSupply
    Java Auto Updater
    Java(TM) 6 Update 24
    M8 Free Multi Clipboard
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    MD5 Checksum Verifier 3.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Virtual PC 2007 SP1
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Keyboard
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB927977)
    MyDefrag v4.3.1
    Nero OEM
    NetMeter 1.1.4 BETA
    Notepad++
    NVIDIA Control Panel 266.58
    NVIDIA Graphics Driver 266.58
    NVIDIA Install Application
    NVIDIA nView 135.50
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    OCR Software by I.R.I.S. 13.0
    OGA Notifier 2.0.0048.0
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.90
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Some PDF to Txt Converter 1.5
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    Tweak UI
    Ubuntu
    Unlocker 1.9.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WD Diagnostics
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows Support Tools
    Windows XP Service Pack 3
    Wise Registry Cleaner 5.9.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/18/2011 10:50:17 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/18/2011 10:50:17 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    3/18/2011 10:50:16 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    3/18/2011 10:50:16 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
    3/18/2011 10:36:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.
    3/16/2011 7:52:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
    3/16/2011 7:51:28 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    3/16/2011 7:51:28 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    3/16/2011 3:29:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    3/16/2011 2:59:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    3/16/2011 2:44:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Since Htmail is a web based email, it's not likely we'll find anything in your system. But I will be glad to check.

    So far, 2 drivers are being questioned. One of them appears it may be related to Ubuntu:
    VirtualBox Host Interface Networking Driver
    Do you still have Ubintu on the system?
    ===============================================
    We will check further: Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ============================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Keep this in mind:
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. ravisunny2

    ravisunny2 TS Ambassador Topic Starter Posts: 1,980   +11

    I thought I had killed Ubuntu completely.

    Here are the logs of Eset NOD32 Online AntiVirus scan and Combofix.

    C:\Documents and Settings\Ravindra K. Banthia\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application
    C:\Documents and Settings\Ravindra K. Banthia\Start Menu\eBay.lnk Win32/Adware.ADON application
    D:\General_Main\A_General\A_Internet Usage Monitors\Bysoft\FinitySoftNetworkMonitor.exe probably a variant of Win32/Agent.NHFFDVE trojan
    D:\General_Main\A_General\Cloning and Imaging\UBCD4win\UBCD4WinV360.exe Win32/PrcView application
    D:\General_Main\A_General\Deleter & Unlocker\Unlocker 1.9.0\unlocker1.9.0.exe Win32/Adware.ADON application
    D:\General_Main\A_General\File Utilities\Unlocker 1.9.0\unlocker1.9.0.exe Win32/Adware.ADON application
    D:\General_Main\A_General\Icon Makers\Free Icon InDepth - 1.4.0.1\icid1401.exe multiple threats
    D:\General_Main\A_General\Monitoring Sw\Volume Control\Audio Control 4.236\Audio Control version 4 Setup.msi probably a variant of Win32/Genetik trojan
    D:\General_Main\A_General\Utitilies for UI\cmdow.zip Win32/CMDOW.143 application
    D:\General_Main\A_General\WordProcessors\WordStar Downloads\WS7 from brothersoft\WS7.zip probably a variant of Qres.316 virus
    D:\General_Main\A_General\WordProcessors\WordStar Downloads\WS7 from brothersoft\WS7\WS\A2WSA.EXE probably a variant of Qres.316 virus
    D:\General_Main\A_General\WS7 from brothersoft\WS7.zip probably a variant of Qres.316 virus
    D:\General_Main\A_General\WS7 from brothersoft\WS7\WS\A2WSA.EXE probably a variant of Qres.316 virus
    D:\General_Main\Unattended\Utilities\cmdow.zip Win32/CMDOW.143 application
    D:\Nero_Ndidia_VM_Java_Adobe_HP\Nero_Drivers\Nero7\Nero7.11.10.0\Nero-7.11.10.0_all_update.exe Win32/Toolbar.AskSBar application
    D:\Win 98 Related\Z For Xfer to PIII\Common\Volume Control\Audio Control 4.236\Audio Control version 4 Setup.msi probably a variant of Win32/Genetik trojan
    E:\$OEM$\$1\Install\8_App_UI\unlocker1.9.0.exe Win32/Adware.ADON application
    E:\System_SW\Utility for UI\cmdow.zip Win32/CMDOW.143 application
    E:\Unattended_Test\Bysoft\FinitySoftNetworkMonitor.exe probably a variant of Win32/Agent.NHFFDVE trojan
    F:\Work\A3_OS\A Windows\A Slipstr\MSFN\Office Integrator v 1.1\Office_Integrator.rar Win32/Packed.Autoit.C.Gen application
    F:\Work\A3_OS\A Windows\A Slipstr\Siginet\Office Integrator v1.1 Build 16\Downloaded ZIp Files\Office_Integrator.rar Win32/Packed.Autoit.C.Gen application
    F:\Work\A3_OS\A Windows\A Slipstr\Siginet\Office Integrator v1.1 Build 16\Office Integrator.exe Win32/Packed.Autoit.C.Gen application
    F:\Work\A3_OS\A Windows\A Slipstr\Z Unattended Latest\Post Proc\cmdow.zip Win32/CMDOW.143 application
    F:\Work\A3_OS\A Windows\A Slipstr\Z Unattended Latest\Post Proc\cmdow\cmdow.exe Win32/CMDOW.143 application
    F:\Work\A3_OS\WordStar Modification\WS7\WS\A2WSA.EXE probably a variant of Qres.316 virus
    F:\Work\A_Forums\Techspot\Errors 12 August 2010\ZCREW.BRemovalTool.exe probably unknown NewHeur_PE virus

    -------------------------------------------------------------------------------------------------

    ComboFix 11-03-18.03 - Ravindra K. Banthia 03/19/2011 18:35:26.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1358 [GMT 5.5:30]
    Running from: f:\work\A_Forums\Techspot\8 Steps\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Ravindra K. Banthia\Start Menu\Programs\Uninstall.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-19 09:15 . 2011-03-19 09:15 -------- d-----w- c:\program files\ESET
    2011-03-17 20:56 . 2011-03-17 20:56 -------- d-----w- c:\program files\Common Files\Java
    2011-03-17 20:56 . 2011-03-17 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-03-17 20:46 . 2011-02-02 13:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-17 20:46 . 2011-03-17 20:56 -------- d-----w- c:\program files\Java
    2011-03-17 19:27 . 2011-03-17 19:27 -------- d-----w- c:\windows\system32\Adobe
    2011-03-12 19:22 . 2011-03-12 19:22 -------- d-----w- c:\documents and settings\Ravindra K. Banthia\Application Data\HpUpdate
    2011-03-12 19:22 . 2011-03-12 19:22 -------- d-----w- c:\windows\Hewlett-Packard
    2011-03-12 07:07 . 2011-03-12 09:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2011-03-12 07:07 . 2011-03-12 07:07 -------- d-----w- c:\program files\Hewlett-Packard
    2011-03-08 13:08 . 2011-03-08 13:08 -------- d-----w- c:\documents and settings\Ravindra K. Banthia\Application Data\com.elance.tracker
    2011-03-07 12:27 . 2002-01-05 08:10 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2011-03-07 12:27 . 2002-01-04 22:07 344064 ----a-w- c:\windows\system32\msvcr70.dll
    2011-03-06 23:21 . 2008-08-02 06:28 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2011-03-01 15:14 . 2010-09-01 10:56 13 ----a-w- C:\here.cmd
    2011-03-01 15:07 . 2011-03-14 15:46 -------- d-----w- C:\INST_CMD
    2011-03-01 15:07 . 2011-03-14 14:55 -------- d-----w- C:\UTIL_CMD
    2011-03-01 15:07 . 2011-03-04 05:48 -------- d-----w- C:\MY_TEMP
    2011-03-01 15:07 . 2011-03-04 05:48 -------- d-----w- C:\MY_LOG
    2011-03-01 15:06 . 2011-03-04 05:43 6703 ----a-w- C:\My_Start.cmd
    2011-03-01 10:54 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-25 07:51 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-27 14:27 . 2010-08-26 15:33 164880 ---ha-w- c:\documents and settings\Ravindra K. Banthia\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
    2011-02-23 15:04 . 2011-01-24 08:39 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-23 15:04 . 2011-01-24 08:39 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-23 14:56 . 2011-01-24 08:39 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-23 14:55 . 2011-01-24 08:39 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-23 14:55 . 2011-01-24 08:39 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-02-23 14:55 . 2011-01-24 08:39 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-02-23 14:55 . 2011-01-24 08:39 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-23 14:54 . 2011-01-24 08:39 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-02-23 14:54 . 2011-01-24 08:39 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-11 11:37 . 2010-08-26 13:40 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
    2011-02-09 13:53 . 2004-08-04 00:56 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-04 00:56 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 16:10 . 2010-08-26 12:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 07:58 . 2010-08-26 06:21 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2010-08-26 06:21 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-26 00:41 . 2011-01-26 00:24 594208 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-01-21 14:44 . 2004-08-04 00:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-19 01:33 . 2011-01-19 01:33 23 ----a-w- c:\program files\unames.cmd
    2011-01-10 22:51 . 2011-01-10 22:51 40960 ----a-r- c:\documents and settings\Ravindra K. Banthia\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
    2011-01-08 03:27 . 2011-01-21 19:51 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-01-08 03:27 . 2011-01-21 19:51 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-01-08 03:27 . 2010-10-20 10:20 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-08 03:27 . 2010-10-20 10:20 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-01-08 03:27 . 2010-10-20 10:20 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-08 03:27 . 2010-10-20 10:20 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-08 03:27 . 2010-10-20 10:20 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-08 03:27 . 2010-10-20 10:20 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-01-08 03:27 . 2010-10-20 10:20 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-01-08 03:27 . 2010-08-26 06:40 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-01-08 03:27 . 2010-08-26 06:40 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-01-07 14:26 . 2011-01-07 14:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-01-07 14:26 . 2011-01-07 14:26 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-07 14:26 . 2011-01-07 14:26 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-01-07 14:26 . 2011-01-07 14:26 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-01-07 14:26 . 2011-01-07 14:26 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-01-07 14:26 . 2011-01-07 14:26 13880424 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-07 14:26 . 2011-01-07 14:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 14:09 . 2004-08-04 00:56 290048 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-06 12:07 . 2011-01-06 12:07 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-06 12:07 . 2011-01-06 12:07 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-06 12:07 . 2011-01-06 12:07 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-06 12:07 . 2011-01-06 12:07 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2010-12-31 13:10 . 2004-08-03 23:17 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 20:12 . 2010-12-28 20:12 285480 ----a-w- c:\windows\system32\guard32.dll
    2010-12-22 12:34 . 2004-08-04 00:56 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:59 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 17:26 . 2004-08-04 00:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-20 12:39 . 2011-01-21 20:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 12:38 . 2011-01-21 20:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BySoft StayAlive Pro"="c:\program files\BySoft StayAlive Pro\StayAlive.exe" [2005-04-22 329728]
    "c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2009-08-09 293888]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "CPUMon"="c:\program files\CPUMon\CPUMon.exe" [2007-10-09 1105408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Ravindra K. Banthia\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    Tracker.lnk - c:\program files\Tracker\Tracker.exe [N/A]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    FreeClip.lnk - c:\program files\FreeClip\FreeClip.exe [2010-8-26 724992]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\NetMeter
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/1/2011 4:24 PM 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/24/2011 2:09 PM 301528]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/24/2011 2:09 PM 19544]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 2:08 PM 100496]
    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:26 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-19 c:\windows\Tasks\User_Feed_Synchronization-{A648C50A-968E-4C2A-9B6B-011D4CAD5FF9}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-07 23:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {25DE50FC-6834-4EA6-B64D-4584FEBD9840} = 218.248.255.196 218.248.255.194
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-NetMeter - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-19 18:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose, ZwOpenFile
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1957994488-1644491937-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(992)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'lsass.exe'(1048)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2011-03-19 18:44:33
    ComboFix-quarantined-files.txt 2011-03-19 13:14
    .
    Pre-Run: 18,463,170,560 bytes free
    Post-Run: 18,413,547,520 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - D9E8457135D795F39E3E68E903A44585
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Three infected drives! That's impressive.

    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org free on-line scan service
    • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:

      c:\windows\system32\userinit.exe

      c:\windows\explorer.exe

      c:\window\system32\svchost.exe


    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.

    Whenever I see this much infection along with the word Heur I ask for a check for [v]Virut[/b] I'm not going to move the Eset files until I get the results of this scan.

    Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
    It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker
     
  5. ravisunny2

    ravisunny2 TS Ambassador Topic Starter Posts: 1,980   +11

    Thank you, Bobbye.

    I certainly am not an expert on Virus or Malware, but many of the items flagged down by ESET are known bones of contention. Please do not be offended.

    The D partition is just a repository of software.

    Of the ones flagged down by ESET, the following are almost certainly false positives:

    WS7.zip, unlocker1.9.0.exe, Nero-7.11.10.0_all_update.exe

    The rest of the flagged software, is lying unused, and it is best to trim down the repository, anyway.

    The other items flagged down by ESET, on multiple partitions, shows the poor state of my disk management, i.e., the same software scattered in more than one location.

    So it is time to fire up Duplicate Cleaner.

    In fact, all items flagged by ESET other than WS7.zip, unlocker1.9.0.exe and Nero-7.11.10.0_all_update.exe, are a dead weight, and best consigned to the scrap heap.

    On the C drive, the two occurrences of eBay.lnk can probably be simply deleted.

    I did have second thoughts about downloading ZCREW.BRemovalTool.exe, and had clean forgotten about it. Thanks to ESET, it too can be disposed of.

    I have uploaded/tried to upload the files below to VirSCAN.org

    c:\windows\system32\userinit.exe
    c:\windows\explorer.exe
    c:\window\system32\svchost.exe

    For some reason, multiple attempts have failed for c:\windows\system32\userinit.exe.

    Sometimes it uploads, and says Preparing VIRUS scan, and then jumps out with Rescan & Scan Result.

    On selecting Rescan, I get the a pop-up: Error : Can’t upload Files.

    So here is what I have so far:

    c:\windows\system32\userinit.exe=>

    Failed, but File Size, MD5 and SHA1 are okay.

    ----------------------------------------------------------------------------------------------------

    c:\windows\explorer.exe =>

    VirSCAN.org Scanned Report :
    Scanned time : 2011/03/22 13:26:52 (IST)
    Scanner results: Scanners did not find malware!
    File Name : explorer.exe
    File Size : 1033728 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 12896823fb95bfb3dc9b46bcaedc9923
    SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
    Online report : http://virscan.org/report/1b38b07c64848248a3593771c3a6b029.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110322060919 2011-03-22 0.08 -
    AhnLab V3 2011.03.21.00 2011.03.21 2011-03-21 0.12 -
    AntiVir 8.2.4.188 7.11.5.21 2011-03-22 0.28 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
    Arcavir 2010 201103221355 2011-03-22 0.01 -
    Authentium 5.1.1 201103220040 2011-03-22 2.56 -
    AVAST! 4.7.4 110321-2 2011-03-22 0.10 -
    AVG 8.5.850 271.1.1/3516 2011-03-19 0.28 -
    BitDefender 7.90123.6936506 7.36722 2011-03-22 6.96 -
    ClamAV 0.96.5 12875 2011-03-22 0.26 -
    Comodo 4.0 8062 2011-03-22 0.08 -
    CP Secure 1.3.0.5 2011.03.21 2011-03-21 0.11 -
    Dr.Web 5.0.2.3300 2011.03.22 2011-03-22 11.48 -
    F-Prot 4.4.4.56 20110322 2011-03-22 2.48 -
    F-Secure 7.02.73807 2011.03.22.01 2011-03-22 4.44 -
    Fortinet 4.2.254 13.25 2011-03-21 0.08 -
    GData 21.2100/21.762 20110322 2011-03-22 0.08 -
    ViRobot 20110321 2011.03.21 2011-03-21 0.08 -
    Ikarus T3.1.32.20.0 2011.03.22.77991 2011-03-22 4.71 -
    JiangMin 13.0.900 2011.03.22 2011-03-22 0.08 -
    Kaspersky 5.5.10 2011.03.22 2011-03-22 0.11 -
    KingSoft 2009.2.5.15 2011.3.22.9 2011-03-22 0.08 -
    McAfee 5400.1158 6292 2011-03-21 8.07 -
    Microsoft 1.6603 2011.03.22 2011-03-22 0.10 -
    NOD32 3.0.21 5972 2011-03-21 0.01 -
    Norman 6.07.03 6.07.00 2011-03-20 18.02 -
    Panda 9.05.01 2011.03.21 2011-03-21 0.08 -
    Trend Micro 9.200-1012 7.918.02 2011-03-21 0.04 -
    Quick Heal 11.00 2011.03.22 2011-03-22 0.08 -
    Rising 20.0 23.50.00.05 2011-03-21 0.08 -
    Sophos 3.16.1 4.62 2011-03-22 3.09 -
    Sunbelt 3.9.2483.2 8776 2011-03-21 0.08 -
    Symantec 1.3.0.24 20110321.002 2011-03-21 0.09 -
    nProtect 20110321.01 3268669 2011-03-21 0.08 -
    The Hacker 6.7.0.1 v00154 2011-03-21 0.08 -
    VBA32 3.12.14.3 20110321.1214 2011-03-21 3.90 -
    VirusBuster 5.2.0.28 13.6.261.0/48154302011-03-21 0.00 -
    ----------------------------------------------------------------------------------------------------

    c:\window\system32\svchost.exe =>

    VirSCAN.org Scanned Report :
    Scanned time : 2011/03/22 13:32:00 (IST)
    Scanner results: Scanners did not find malware!
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, here's what you need to do- and this is almost verbatim to what I just typed to another member:

    1. Uninstall all the programs and apps you don't use.
    2. Update anything that needs updating.
    3. Run TFC and empty the Recycle Bin.
    4. Run Error check, disc cleanup, defrag and your security scans.
    5. Clean any movable drives.

    Like you, he did scans on multiple drives. But when I out the Eset entries in OTM, some weren't removed because the drives weren't available and some were mirrors or backups.

    When that has been done, come back here and we'll start over.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...