*Infected* rootkit.0access Trogens:Win32:Kryptik-KEG/zeroaccess/.FakeMS/.Delf/enchanim.gePUM.Hijack

Inactive
By herewegoagain
Oct 16, 2012
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next scan....

    • Please download VEW by Vino Rosso from here and save it to your desktop
    • Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.
    • Click the check boxes next to Application and System located under Select log to query on the upper left
    • Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
    • Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
    • Once it finishes it will display a log file in notepad
    • Please copy and paste its entire contents into your next reply
  2. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    Will not run. States:
    Run-time error '430':
    Class does not support Automation or does not support expected interface
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How to capture an event log and upload it to the forum:
    • First, open Event Viewer by clicking Start -> Run -> type eventvwr.msc and press ENTER.
    • In the Event Viewer please right click the requested event log (I.e. Application, system, etc...) and click Save Log File As.
    • Please save the logfile to your desktop and give it a recognizable name.
    • Do this for each log that has been requested.
    • When you are finished saving the necessary logs, close Event Viewer.
    • On your desktop find the saved log files. Hold the CTRL key and click to select each event log.
    • When all event logs are selected, right-click one of them, click Send to -> Compressed Zip Folder.
    • A new .ZIP file will have been created on your desktop. Please attach that file to this forum in your next reply.
  4. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    It doesnt give option to save log ...save/save as etc
    also how many did you need if we get there?
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Press start, then run and enter cmd - then hit OK.

    In the command prompt window, press in the following code exactly:


    netsh winsock reset catalog

    Then, exit out.
    ==

    Do you have Internet after performing the above process?
  6. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    Ta Da! yes that did work, thanks :)
    Sorry for the slow reply, had to go to work.
    Let me know any other suggestions/instructions .... much appreciated
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great, let's check for remnants of infection... :D

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  8. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    Here is the ESET scan results, three infections-
    Note also ...Windows Firewall is back but Windows Security Center still shows
    alerts & does not recognize my PC TOOLS 2012 Security Suite or its firewall.


    C:\Documents and Settings\All Users\Application Data\ctfmon.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Owner\My Documents\7af3996f.exe Win32/Sirefef.EV trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP376\A0070952.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good...and this please:

    Please run Panda ActiveScan online scan.
    • Choose Quick Scan then click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply
  10. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    The trojens from other scan arent showing with this one jut some cookies:

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2012-10-23 15:41:53
    PROTECTIONS: 0
    MALWARE: 3
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\n0slzcec.txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\b0oug4lo.txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\v1ka82vr.txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    What other issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  12. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    On computer restart, PC tools Firewall shuts itself off immediately after service start (has to be manually enabled)

    Windows Security System does not recognize PC Tools antivirus or firewall ...tray icon always shows red alert shield with 'x' although both are on.

    Computer running extremely slow page loading, startup, shutdown with frequent freezes.

    Regularly now, a pop-up states something as ..."no internet connection, page cannot display, click to work offline or retry" but connection shows as good.

    On most/all pages, System tray displays yellow alert with exclamtion mark stating "Done, but with errors on page"

    Some previously disabled services have re-enabled themselves, eg- PC Tools Browser Guard, Google Update Svs, Malwarebytes scheduler etc.

    These are some of what Ive encountered. Haven't tried changing service startup options or using/checking anything beyond basic use yet (no sys restore tried etc). Wanted to get the all clear for fear of spreading/enabling viruses.
    Thanks for your input.
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Cannot do anything about Windows Security Center recognizing antivirus or firewall software.

    New log from ComboFix

    We would like to see a ☆new log☆ from ComboFix. Please find the ComboFix icon on your Desktop and delete it. Download a new one, and run it. Once it finishes running, post the new log.
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.
  15. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    Hi again Jay, Sorry I didnt receive the usual email notification of new response.

    I mention the Security Center not recognizing antivirus/firewall because it probably needs to be
    addressed for some sort of file damage due to the infection.
    This is a new problem occuring only after the service reappeared following one of the fixes
    (if you remember Windows Security Ctr went missing along w/ Windows firewall & Update)

    Still receiving frequent connection error ...Page needs internet connection to display ...given options
    Work Offline or Retry to connect (must select one)
    When I check the page settings the "Work Offline" option is always selected? I must uncheck it.
    ........maybe related?? -
    In Network Connections / TP-link Wireless Connection Properties, Advanced Options there is an error message:
    Windows cannot display the properties of this connection.
    The Windows Management Instrumentation (WMI) information might be corrupted.
    To correct this, use System Restore to restore Windows to an earlier time ... etc
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  17. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    ANOTHER NEW DEVELOPMENT... after combofix, PC tools full scan found 52 infections.
    Some had the 'catchme' phrase some not, Needed to reboot but couldnt complete t
    Went to 'E' page (e-machine) with startup choices (bios, f12 etc) then froze & had to
    manually unplug to shut it off. Tried several times with same result then finally went through.
    Keyboard typing is delayed also

    Sorry, Forgot to attach the new combofix log last post ...said rootkit activity found? rebooted & scanned
    Then above probs happened. I'll run the new tool & post back
    Here's the combofix log

    ComboFix 12-10-31.03 - Owner 31/10/2012 11:39:55.3.1 - x86
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-23 18:37 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2012-10-23 18:37 . 2012-10-23 18:37 -------- d-----w- c:\program files\Panda Security
    2012-10-22 22:11 . 2012-10-22 22:11 -------- d-----w- c:\program files\ESET
    2012-10-22 14:04 . 2012-10-22 14:06 -------- d-----w- c:\windows\system32\NtmsData
    2012-10-16 22:13 . 2012-10-16 22:13 -------- d-----w- C:\FRST
    2012-10-16 06:59 . 2012-10-16 06:59 177496 ----a-w- c:\windows\system32\drivers\07292517.sys
    2012-10-16 06:59 . 2012-10-16 06:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-15 08:26 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-15 06:02 . 2012-10-15 06:02 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-10-15 00:31 . 2012-10-15 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-14 20:13 . 2012-10-14 20:13 -------- d-----w- c:\program files\Enigma Software Group
    2012-10-14 20:09 . 2012-10-14 20:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2012-10-14 19:55 . 2012-10-14 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
    2012-10-14 19:54 . 2012-10-14 19:54 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedyPC Software
    2012-10-14 08:21 . 2012-10-14 08:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2012-10-14 08:20 . 2012-10-14 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-10-09 09:04 . 2012-10-09 09:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2012-10-02 05:36 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2012-10-02 05:36 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2012-10-02 05:36 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2012-10-02 05:36 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-16 07:25 . 2004-08-26 16:12 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-08-28 15:14 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-24 13:53 . 2004-08-26 16:12 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:29 . 2004-08-26 16:12 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58 . 2004-08-04 05:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-15 348160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
    "nwiz"="nwiz.exe" [2004-07-12 843776]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
    "ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled
    backup=c:\windows\pss\Secunia PSI Tray.lnk.disabledCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2010-05-12 22:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2004-07-12 04:50 4112384 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    2004-06-04 04:51 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2004-07-12 04:50 843776 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
    2009-10-22 08:43 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Browser Defender Update Service"=2 (0x2)
    "wuauserv"=2 (0x2)
    "Secunia Update Agent"=3 (0x3)
    "JavaQuickStarterService"=3 (0x3)
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=3 (0x3)
    "AudioSrv"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "RSVP"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunKistEM"=c:\program files\Digital Media Reader\shwiconem.exe
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "nwiz"=nwiz.exe /install
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    "<NO NAME>"=
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" /startup
    "ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
    "SetDefPrt"=c:\program files\Brother\Brmfl04a\BrStDvPt.exe
    "Path"="c:\program files\ZOOM\ZFX Tools\ZFX Tools startup.exe"
    "SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R3 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
    R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
    R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [x]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 QslFsFltr;QslFsFltr;c:\windows\system32\DRIVERS\QslFsFltr.sys [x]
    R3 QuikSync;QuikSync;c:\program files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [x]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
    R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
    R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [x]
    R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    R4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]
    S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [x]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
    S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [x]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]
    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
    S2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [x]
    S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [x]
    S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [x]
    S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [x]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - PCTSDInjDriver32
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 06:43]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 06:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
    uInternet Settings,ProxyOverride = *.local
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    Trusted Zone: pb.com\ibdswebp8-ext
    Trusted Zone: usps.com\carrierpickup
    Trusted Zone: usps.com\tools
    TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-31 12:03
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1000)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    Completion time: 2012-10-31 12:12:21
    ComboFix-quarantined-files.txt 2012-10-31 16:12
    ComboFix2.txt 2012-10-20 05:51
    ComboFix3.txt 2012-10-19 08:53
    .
    Pre-Run: 34,928,304,128 bytes free
    Post-Run: 35,047,735,296 bytes free
    .
    - - End Of File - - 5525E1197204049AA569E6CF310B7143
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download this tool > System Repair Engineer
    1. Extract it to it's own folder & double click SREng.exe to run it
    2. Select 'Smart Scan' & tick "Verify Digital Signatures"
    3. Click on the [Scan] button
    4. When finished, click on the [Save Reports] button & save the log to Desktop
    5. Attach the log in your next reply. Dont post it

    Note: You may have to rename SREngLog.log to SREngLog.txt before attaching
  19. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    Sorry for the wait, Im on Long Island NY & were having a very tough time with everything...
    electricity, internet ...basically life as we knew it :)

    I did some reasearch on WMI & wound up rebuilding the repository which seems to have
    cleared up many of the issues. Security center is detecting antivirus/firewall now, connectivity
    popup is gone & slow loading start/shut etc is better.

    I did still run the scan ,,,but then lost power :) The log is attached

    Attached Files:

  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yeah, from the looks of the log, there is nothing serious wrong with the system.

    What other problems are there, if any?
  21. herewegoagain

    herewegoagain Newcomer, in training Topic Starter Posts: 50

    Thats good news. Loading is still not where it was but better since the WMI fix as
    well as the typing /keyboard to screen issue
    ...I'll type a word then have to wait quite a bit for it to show up, spacebar /backspacing /delete
    /enter are all very slow to repond
    I havent been able to use the cp much lately so will let you know as things are evident but
    none of the major probs of previous. Let me know what you think might be the cause for
    these issues? VERY annoying :)

    ...just a note- With the 'Complete Internet Fix tool' I didnt know which specific resets/restores
    to use (not knowing where the problem) was so was wary to try most.
    Did use the resets for Internet Protocol, Windows firewall.
    Should have ticked all the boxes?
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.