N.exn strikes again

Inactive
By Martin C
Feb 13, 2011
Topic Status:
Not open for further replies.
  1. Hey guys... as per the rules, I am starting a new thread asking for help specific to my individual case, and not using the help offered to others on the basis of their particular needs.

    Started having the usual malware/trojan problems of severely slow system, did everything I could to eradicate it. SuperantiSpyware detected it, malwarebytes found it too, but it keeps coming back. I find n.exn files in both my prefetch folders, windows\temp folders, and my recycle bin also won't show empty, prompts me to "do you really want to delete 'windows'?" unless I log on as admin in safe mode and delete the unseen files from there... I have heard of things hiding in your recycler folder and launching from there, but I don't know what I have. All I know is, I keep getting warning from Rising Antivirus and I keep finding positives from the SAS and malwarebytes, and even in safe mode I am experiencing HORRIBLY slow operation and crashes.

    I am running Win XP, s.p. 2.
    Please advise the next step... thanks in advance.

    PS- I am considering a clean install of windows 7 anyway, so let me know if that would help before we kill ourselves here.
    Martin
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    [​IMG]
    (Image courtesy animationplayhouse.com)

    Welcome to TechSpot!
    I will attempt to help you but need information first:
    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    =======================================
    Reformatting/reinstall is always the members choice. I can help you remove the rootkit by running a program is more specific, if you would like. But I first need to see the logs from the scans in the thread above.

    We can give it a try, but if the R/R is pretty firm in your mind, then cleaning would be a waste of time>> your choice,
  3. Martin C

    Martin C Newcomer, in training Topic Starter

    Thanks Bobbye... I have made the decision to install Windows 7, on my 64 bit system...

    What are you recommending is my first step?
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

  5. Martin C

    Martin C Newcomer, in training Topic Starter

    Okay... well before I do anything further, here are the results/logs of my scans:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5727

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    2/15/2011 3:58:06 PM
    mbam-log-2011-02-15 (15-58-06).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 269323
    Time elapsed: 1 hour(s), 10 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    _________________________________________________________

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-15 14:47:35
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 Maxtor_6L200P0 rev.BAH41G10
    Running: snmn4hqg.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kftyqfow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\WINDOWS\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryDirectoryFile [0xBA3E4894]
    SSDT \??\C:\WINDOWS\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQuerySystemInformation [0xBA3E4939]

    Code \??\C:\WINDOWS\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ObReferenceObjectByHandle

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

    AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

    Device \FileSystem\Fastfat \Fat HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip HookTdi.sys (hooktdi.sys/Beijing Rising Information Technology Co., Ltd.)
    AttachedDevice \Driver\Tcpip \Device\Ip rfwtdi.sys (rfwtdi.sys/Beijing Rising Information Technology Co., Ltd.)
    AttachedDevice \Driver\Tcpip \Device\Tcp HookTdi.sys (hooktdi.sys/Beijing Rising Information Technology Co., Ltd.)
    AttachedDevice \Driver\Tcpip \Device\Tcp rfwtdi.sys (rfwtdi.sys/Beijing Rising Information Technology Co., Ltd.)
    AttachedDevice \Driver\Tcpip \Device\Udp HookTdi.sys (hooktdi.sys/Beijing Rising Information Technology Co., Ltd.)
    AttachedDevice \Driver\Tcpip \Device\Udp rfwtdi.sys (rfwtdi.sys/Beijing Rising Information Technology Co., Ltd.)
    AttachedDevice \Driver\Tcpip \Device\RawIp HookTdi.sys (hooktdi.sys/Beijing Rising Information Technology Co., Ltd.)
    AttachedDevice \Driver\Tcpip \Device\RawIp rfwtdi.sys (rfwtdi.sys/Beijing Rising Information Technology Co., Ltd.)

    ---- EOF - GMER 1.0.15 ----




    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Compaq_Owner at 16:42:20.15 on Tue 02/15/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1470.969 [GMT -5:00]

    AV: Rising Antivirus *Enabled/Updated* {234E4A88-48FA-4220-A994-5323706FF524}
    FW: Rising Personal Firewall *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Rising\RSD\RsMgrSvc.exe
    C:\Program Files\Rising\Rav\RavMonD.exe
    C:\Program Files\Rising\RFW\RavMonD.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Rising\RFW\RSTRAY.EXE
    C:\Program Files\Rising\Rav\RSTRAY.EXE
    C:\WINDOWS\system32\ICO.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\Pelmiced.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.com/
    uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [PCDrProfiler]
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=022511 serial=DR12WUX-0606275-REX lang=EN
    mRun: [RFWTRAY] "c:\program files\rising\rfw\RSTRAY.EXE" -system
    mRun: [RavTRAY] "c:\program files\rising\rav\RSTRAY.EXE" -system
    mRun: [Mouse Suite 98 Daemon] ICO.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SMSERIAL] sm56hlpr.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 192.168.2.6 HP000D9D071653
    Hosts: 69.63.189.16 static.ak.fbcdn.net
    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\itkk5cx6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-11 64288]
    R1 hooksys;hooksys;c:\windows\system32\drivers\Hooksys.sys [2010-12-1 165912]
    R1 HookTdi;HookTdi;c:\windows\system32\drivers\HookTdi.sys [2010-12-1 23576]
    R1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [2010-12-1 31896]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 RFWARP;Rising RfwARP Driver;c:\windows\system32\drivers\rfwarp.sys [2010-12-1 27672]
    R2 rfwtdi;rfwtdi;c:\program files\rising\rfw\rfwtdi.sys [2010-12-1 25624]
    R2 rsfwdrv;rsfwdrv;c:\program files\rising\rfw\rsfwdrv.sys [2010-12-1 57880]
    R2 RsMgrSvc;Rsd Service;c:\program files\rising\rsd\RsMgrSvc.exe [2010-12-1 88728]
    R2 RsRavMon;Rav Service;c:\program files\rising\rav\RavMonD.exe [2010-12-1 167544]
    R2 RsRFWMon;RFW Service;c:\program files\rising\rfw\RavMonD.exe [2010-12-1 167544]
    R3 RFWNDIS;Rising RfwNdis Driver;c:\windows\system32\drivers\rfwndis.sys [2010-12-1 20248]
    S3 ATICDSDr;ATICDSDr;c:\program files\ati technologies\ati control panel\atiicdxx.sys [2005-8-3 6144]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

    =============== Created Last 30 ================

    2011-02-15 08:46:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
    2011-02-15 08:46:22 -------- d-----w- c:\program files\McAfee Security Scan
    2011-02-15 02:48:47 -------- d-----w- c:\windows\Performance
    2011-02-15 02:48:29 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Microsoft Corporation
    2011-02-15 02:47:39 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-02-15 00:31:21 -------- dc-h--w- c:\windows\ie8
    2011-02-14 05:12:59 -------- d-----w- c:\windows\system32\XPSViewer
    2011-02-14 05:11:58 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-02-14 05:11:37 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-02-14 05:11:37 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-02-14 05:11:36 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-02-14 05:11:36 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-02-14 05:11:36 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-02-14 05:11:36 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-02-14 05:11:35 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-02-14 05:11:35 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-02-14 05:11:34 -------- d-----w- C:\af8b021c70bc72bd3b5735795c4b8981
    2011-02-13 22:12:38 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2011-02-13 22:12:38 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-02-13 22:12:38 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-13 22:12:37 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-13 22:12:37 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-13 22:12:37 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2011-02-13 22:12:35 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
    2011-02-13 21:45:50 -------- d-----w- c:\program files\MSXML 6.0
    2011-02-13 21:40:08 -------- d-----w- c:\windows\ServicePackFiles
    2011-02-13 20:44:38 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-02-13 20:43:22 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-02-13 20:43:20 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-02-13 20:43:17 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-02-13 20:43:15 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2011-02-13 20:40:56 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-02-13 20:40:56 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2011-02-13 19:14:10 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-02-13 19:12:29 -------- d-----w- c:\windows\system32\PreInstall
    2011-02-13 16:58:19 -------- d-----w- C:\VundoFix Backups
    2011-02-12 18:13:30 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-02-12 16:36:20 -------- d-----w- c:\windows\Temp1
    2011-02-11 17:41:08 -------- d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
    2011-02-11 17:41:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-02-11 17:39:53 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-02-11 17:01:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-02-11 16:53:08 917504 ----a-w- c:\windows\system32\FLASH.OCX
    2011-02-11 11:16:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-02-11 11:03:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-10 06:44:33 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
    2011-02-10 06:44:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-10 06:44:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-02-10 06:44:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-10 06:44:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-09 01:27:04 -------- d-----w- c:\program files\PIXELA
    2011-02-07 23:10:57 327904 ----a-w- c:\program files\mozilla firefox\plugins\np32asw.dll
    2011-02-07 23:10:57 327904 ----a-w- c:\program files\mozilla firefox\components\np32asw.dll
    2011-02-05 15:40:49 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Temp
    2011-02-05 07:22:32 912344 ----a-w- c:\program files\mozilla firefox\firefox.exe
    2011-02-05 07:22:32 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2011-02-05 07:22:32 107480 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
    2011-01-30 15:45:12 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-01-26 18:37:53 -------- d-----w- c:\docume~1\compaq~1\applic~1\WinBatch
    2011-01-26 05:23:34 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-01-26 05:23:34 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-01-26 05:22:44 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2011-01-26 05:22:44 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys

    ==================== Find3M ====================

    2011-02-11 11:02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-26 04:36:12 256 ----a-w- c:\windows\system32\pool.bin
    2010-12-22 23:12:38 6656 ----a-w- c:\windows\system32\haspvdd.dll
    2010-12-22 23:12:38 383 ----a-w- c:\windows\system32\haspdos.sys
    2010-12-22 22:18:10 8192 ----a-w- c:\windows\system32\GTCGLMON.DLL
    2010-12-01 08:20:40 146072 ------w- c:\windows\system32\ravext.dll
    2010-12-01 08:15:32 239768 ------w- c:\windows\system32\bsmain.exe

    ============= FINISH: 16:43:02.87 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/29/2010 11:43:19 AM
    System Uptime: 2/15/2011 2:34:41 PM (2 hours ago)

    Motherboard: ASUSTek Computer INC. | | Amberine M
    Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 180 GiB total, 130.382 GiB free.
    D: is FIXED (FAT32) - 6 GiB total, 1.188 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP280: 2/10/2011 12:31:04 PM - Printer Driver Microsoft Office Document Image Writer Installed
    RP281: 2/11/2011 3:15:24 AM - Removed J2SE Runtime Environment 5.0
    RP282: 2/11/2011 3:17:07 AM - Removed Java(TM) 6 Update 20
    RP283: 2/11/2011 6:02:46 AM - Installed Java(TM) 6 Update 23
    RP284: 2/11/2011 12:21:38 PM - Configured easy Internet sign-up
    RP285: 2/12/2011 1:52:46 PM - System Checkpoint
    RP286: 2/13/2011 12:14:24 PM - Software Distribution Service 3.0
    RP287: 2/13/2011 2:10:11 PM - Software Distribution Service 3.0
    RP288: 2/13/2011 4:34:37 PM - Software Distribution Service 3.0
    RP289: 2/13/2011 5:16:01 PM - Installed Windows Internet Explorer 8.
    RP290: 2/13/2011 5:16:50 PM - Software Distribution Service 3.0
    RP291: 2/14/2011 12:05:20 AM - Software Distribution Service 3.0
    RP292: 2/14/2011 12:38:26 AM - Installed Windows Internet Explorer 8.
    RP293: 2/14/2011 12:39:18 AM - Software Distribution Service 3.0
    RP294: 2/14/2011 12:44:21 AM - Software Distribution Service 3.0
    RP295: 2/14/2011 12:28:44 PM - Software Distribution Service 3.0
    RP296: 2/14/2011 2:23:06 PM - Software Distribution Service 3.0
    RP297: 2/14/2011 7:32:36 PM - Installed Windows Internet Explorer 8.
    RP298: 2/14/2011 7:33:41 PM - Software Distribution Service 3.0
    RP299: 2/14/2011 9:47:37 PM - Installed Windows 7 Upgrade Advisor
    RP300: 2/15/2011 2:40:24 AM - Software Distribution Service 3.0
    RP301: 2/15/2011 3:48:20 AM - Removed Adobe Reader 7.0
    RP302: 2/15/2011 3:48:42 AM - Installed Adobe Reader X (10.0.1).

    ==== Installed Programs ======================

    7300
    7300_Help
    7300Trb
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Reader X (10.0.1)
    AiO_Scan
    AiOSoftware
    Apple Application Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    Barnyard Invasion from Compaq (remove only)
    Bejeweled 2 Deluxe from Compaq (remove only)
    Big Kahuna Reef from Compaq (remove only)
    Blackhawk Striker 2 from Compaq (remove only)
    Blasterball 2 from Compaq (remove only)
    Blasterball 2 Holidays from Compaq (remove only)
    Boggle Supreme from Compaq (remove only)
    Bounce Symphony from Compaq (remove only)
    BufferChm
    Compaq Connections (remove only)
    Compaq Game Console and games
    Compaq Multimedia Keyboard Software
    Compaq Organize
    Compatibility Pack for the 2007 Office system
    CorelDRAW Graphics Suite 12
    Crystal Maze from Compaq (remove only)
    Destinations
    Digby's Donuts from Compaq (remove only)
    Director
    FATE Demo from Compaq (remove only)
    Fax
    Flip Words from Compaq (remove only)
    Google Toolbar for Internet Explorer
    HASP4 Device Drivers
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Diagnostic Assistant
    HP Image Zone 4.2
    HP Photosmart Essential
    HP PSC & OfficeJet 4.2
    HP Software Update
    HpSdpAppCoreApp
    HPSystemDiagnostics
    Insaniquarium Deluxe from Compaq (remove only)
    InterVideo WinDVD Player
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Jewel Quest from Compaq (remove only)
    LightScribe 1.4.31.1
    Mah Jong Quest from Compaq (remove only)
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Money 2005
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Dancer LE
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Works
    Motorola SM56 Speakerphone Modem
    Mouse Suite
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    NetMos Multi-IO Controller
    Office 2003 Tour
    Overland
    PC-Doctor 5 for Windows
    Polar Bowler from Compaq (remove only)
    Polar Golfer from Compaq (remove only)
    ProductContext
    PS2
    Puzzle Express from Compaq (remove only)
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    QFolder
    Quicken 2005
    QuickTime
    Readme
    RealPlayer
    Remove WeatherBug Installer
    Ricochet Lost Worlds from Compaq (remove only)
    Rising Antivirus
    Rising Personal Firewall
    Rising Software Deployment System
    Scan
    SCRABBLE Blast from Compaq (remove only)
    SCRABBLE from Compaq (remove only)
    SCRABBLE Rack Attack from Compaq (remove only)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Shrek 2 Ogre Bowler from Compaq (remove only)
    SignLab ES2 (C:\CADlink\SignLab ES2)
    Slingo Deluxe from Compaq (remove only)
    Slyder from Compaq (remove only)
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Super Granny from Compaq (remove only)
    SUPERAntiSpyware
    Swarm from Compaq (remove only)
    Tradewinds from Compaq (remove only)
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WebReg
    Windows 7 Upgrade Advisor
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066

    ==== Event Viewer Messages From Past Week ========

    2/14/2011 3:20:38 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPodService with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}
    2/13/2011 5:07:25 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
    2/13/2011 11:56:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
    2/13/2011 11:56:58 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/13/2011 11:56:53 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    2/13/2011 11:56:53 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    2/13/2011 11:56:53 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2/13/2011 11:56:53 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    2/13/2011 11:56:53 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    2/13/2011 11:56:41 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    2/13/2011 11:56:41 PM, error: Service Control Manager [7031] - The Rsd Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    2/13/2011 11:56:41 PM, error: Service Control Manager [7031] - The RFW Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    2/13/2011 11:50:25 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SHANNON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AACFE542-540F-410. The master browser is stopping or an election is being forced.
    2/13/2011 11:43:25 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    2/12/2011 12:36:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2/12/2011 12:15:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips HookTdi IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    2/12/2011 12:15:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2/12/2011 12:15:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/12/2011 1:09:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/12/2011 1:07:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    ==== End Of File ===========================
  6. Martin C

    Martin C Newcomer, in training Topic Starter

    Bump... anyone see anything funky in my logs?
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Six days ago>>>

    So why are we doing the scans??
  8. Martin C

    Martin C Newcomer, in training Topic Starter

    Just on general principle, I guess? I posted here originally because I have no idea if I have the dreaded n.exn trojan poised to steal my banking info at any moment, and I still don't know if it's gone...

    That, and I am not sure if laying out the cash for win7 to install on an otherwise stable xp system is necessary... Things have been working smooth since I did the 8 steps, most notably after running the TFC cleaner, thanks for that! But I just wanted to make double sure nothing was out of the norm with my scans before I commit to formatting and installing, for posterity.

    Thanks again.
    Regards,
    Marty
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Comments:
    1.
    In order to have a 'severely slow system' caused by malware, you would have to have a 'severely infected system with malware.'
    2.
    The Recycler Folder is a hidden system file. It is where the Recycle Bin sends deleted items. Malware in this folder will show up in the scans and directions for removal can be given.
    3.
    It is possible that neither of these has to do with malware.
    4.
    Is there any reason why you can't do the reformat/reinstall with Windows XP?

    If there is any doubt at all, especially if you use a system for banking purposes, the only sure way is to do the R/R No one can guarantee that the system hasn't been compromised and additional personal information gotten or transmitted.

    Please tell me how much RAM is installed > Click on Control Panel> System> Look on System Properties tab.

    Are you aware that you are also running security from McAfee as well as Rising Software? This makes a system more vulnerable and also slows it down:
    Uninstall:
    McAfee Removal
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.