Inactive Need help with virus, follwed 8 steps

Status
Not open for further replies.
S

smile2k1uk

Hi, yesterday i ended up with a virus on my computer. My daughter wanted to see how to do the smiley faces on facebook chat so i looked for a pic on google of them to show her. unbeknown to me ZoneAlarm had failed to load up properly and it just so happened that the picture i clicked on downloaded a virus.

The virus was one of those that is a fake windows security centre/ security tool and it started telling me i had hundreds of viruses/worms/trojan etc. It was when i saw this that i realised zone alarm wasnt on, i straight away loaded zone alarm up a set a scan running, it found nothing. I then downloaded spybot but the virus stopped it running and kept telling me it was a virus. I then tried to download AVG but again it stopped this telling me it also was a virus.

All the time every time i tried something the virus would pop up telling me about more viruses it had found and blocking programmes. I couldnt use Chrome anymore it just wouldnt load any pages up, firefox and ie still worked.

It also insalled 5 shortcuts on my desktop, 2 porn ones and 3 that said 'spam001' 2 & 3. The fake windows alert shields on the tool bar said 7751673 if you hovered the mouse over them and i came across a file called spcmdcom.sys when i got a BSOD and it said this was the problem?

After nothing would work i did a system restore. when everything came back on it looked ok then i started coming across a few things that were wrong. Zone Alarm installed ok as did Spybot, zonealarm didnt find anything but spybot found adviva, double click and web trends live. IE works fine as does firefox, Chrome however wont load anything up its just blank. Also the Windows Updater doesnt work, the one on microsofts website wont load either. Also when searching in google sometimes clicking on a link will bring up a random unrelated page that wasnt the page i clicked on or when on another web page it will randomly open a new tab with google.webhp?? also since the restore when windows comes on a box pops up telling me that Remind_XP.exe encountered a problem and had to close, dont know what this is, never seen it before. there has also been a couple of times generic host 32 thingy has failed aswell as a few other things i cant remember.

ive followed the 8 steps (well 6 lol) and will post replys to this with the logs. MBAM didnt find anything, ive update java and adobe but the windows update wont work although i managed to instal XP SP3 from microsofts website and update to IE8 but thats it.

Hope someone can help, thanks
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4963

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/10/2010 13:59:07
mbam-log-2010-10-27 (13-59-07).txt

Scan type: Quick scan
Objects scanned: 129402
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-27 14:28:24
Windows 5.1.2600 Service Pack 3
Running: p6xfkw2r.exe; Driver: C:\DOCUME~1\LEEFAM~1\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB27D3542]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwClose [0xB27D3DBA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB26A52EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent [0xB27D4DCC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB269E8CC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB26C00E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant [0xB27D4CA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB27D3148]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB26A5ABE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB26B9F82]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB26BA3AA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB26C483C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB27D4EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB27D6784]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateThread [0xB27D3A58]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB26A5C1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB27D6176]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB269F78E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB26C1B8E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB26C1484]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB27D4524]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB26B8D66]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey [0xB27D2E80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB27D2F2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile [0xB27D4330]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwLoadDriver [0xB27D6208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB26C2558]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB26C2796]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xB26C4BF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB27D3076]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent [0xB27D4E6E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB269F280]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenKey [0xB27D2592]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant [0xB27D4D3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB26BC49A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSection [0xB27D67AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB27D4FA0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB26BC088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryKey [0xB27D2FD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB27D2BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQuerySection [0xB27D6B50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey [0xB27D284C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread [0xB27D649E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB26C361E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB26C2F12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyPort [0xB27D532A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB27D51F0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB26A4E84]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB26C407E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwResumeThread [0xB27D7028]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSaveKey [0xB27D21FE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB26A55B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread [0xB27D3C76]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB269FB98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken [0xB27D586C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB26C3BA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB27D6C90]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB26C0BA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess [0xB27D6D74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread [0xB27D6E9C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB26BB0A6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB26BADD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread [0xB27D380E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB27D6A06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB27D3998]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9F90 5 Bytes JMP B27C89D4 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE86E 5 Bytes JMP B27C8DAE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 23F8 80501C20 4 Bytes CALL 5CAACE8E
.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C44 12 Bytes [BE, 5A, 6A, B2, 82, 9F, 6B, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 242C 80501C54 16 Bytes [3C, 48, 6C, B2, FE, 4E, 7D, ...] {CMP AL, 0x48; INSB ; MOV DL, 0xfe; DEC ESI; JGE 0xffffffffffffffba; TEST [EDI+0x7d], AH; MOV DL, 0x58; CMP BH, [EBP-0x4e]}
.text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D10 12 Bytes [08, 62, 7D, B2, 58, 25, 6C, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501E8C 16 Bytes [1E, 36, 6C, B2, 12, 2F, 6C, ...]
.text ...
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF2FE3300]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[948] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00D5000A
.text C:\WINDOWS\System32\svchost.exe[948] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00D3000C
.text C:\WINDOWS\System32\svchost.exe[948] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F1000A
.text C:\WINDOWS\System32\svchost.exe[948] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DF000A
.text C:\WINDOWS\Explorer.EXE[1436] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00CC000A
.text C:\WINDOWS\Explorer.EXE[1436] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[1436] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00C2000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B26AA50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B26AA364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B26AAB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B26A8ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B26A8ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B26AA50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B26AA364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B26AAB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B26AA50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B26A8ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B26AAB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B26AA364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B26AAB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B26AA364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B26AA50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B26A8ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B26AA50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B26AA364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B26AAB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B26AAB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B26AA364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B26A8ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B26AA50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B26AA50E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B26A8ABE] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B26AAB56] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B26AA364] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP5T1L0-1d 8335A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8335A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8335A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8335A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8335A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8335A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8335A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP5T0L0-15 8335A292
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskMAXTOR_STM3320613AS_____________________MX13____#5&1e35bb38&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-10-21.02) - NTFSx86
Run by Lee Family at 14:45:02.56 on 27/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.382.98 [GMT 1:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Lee Family\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.uk/
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\lee family\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [<NO NAME>]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288113416015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\leefam~1\applic~1\mozilla\firefox\profiles\44aoxwvq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\lee family\application data\mozilla\firefox\profiles\44aoxwvq.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\lee family\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-26 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-26 317072]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-26 528128]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-27 38224]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-9-6 14336]

=============== Created Last 30 ================

2010-10-27 12:50:42 -------- d-----w- c:\docume~1\leefam~1\applic~1\Malwarebytes
2010-10-27 12:50:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 12:50:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-27 12:50:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 12:50:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 08:39:04 -------- d-----w- c:\docume~1\leefam~1\locals~1\applic~1\Adobe
2010-10-27 00:16:16 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2010-10-27 00:16:14 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2010-10-27 00:16:13 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2010-10-27 00:14:54 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-10-27 00:14:54 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-10-27 00:14:52 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-10-27 00:11:57 -------- d-----r- C:\Program Files
2010-10-27 00:11:48 -------- d-----r- c:\documents and settings\all users\Documents
2010-10-27 00:11:33 -------- d-----r- c:\windows\Offline Web Pages
2010-10-27 00:09:42 -------- dcsh--r- c:\windows\system32\dllcache
2010-10-26 21:08:32 -------- d-----w- c:\windows\system32\Adobe
2010-10-26 20:45:56 35136 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2010-10-26 19:12:39 -------- d-----w- c:\program files\SonicWallES
2010-10-26 19:09:35 -------- d-----w- c:\docume~1\leefam~1\locals~1\applic~1\Identities
2010-10-26 19:00:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-26 19:00:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-26 18:35:39 -------- d-----w- c:\docume~1\leefam~1\locals~1\applic~1\Temp
2010-10-26 18:34:52 -------- d-sh--w- c:\documents and settings\lee family\PrivacIE
2010-10-26 18:31:50 -------- d-sh--w- c:\documents and settings\lee family\IETldCache
2010-10-26 18:27:34 -------- dc-h--w- c:\windows\ie8
2010-10-26 18:09:02 -------- d-----w- c:\windows\ServicePackFiles
2010-10-26 18:04:08 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-10-26 18:01:37 -------- d-----w- c:\windows\EHome
2010-10-26 17:15:55 -------- d-sh--w- c:\documents and settings\lee family\UserData
2010-10-26 17:00:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky SDK
2010-10-26 17:00:13 -------- d-----w- c:\docume~1\leefam~1\applic~1\MailFrontier
2010-10-26 16:55:20 72704 ----a-w- c:\windows\zllsputility.exe
2010-10-26 16:55:19 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-10-26 16:54:52 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-10-26 16:54:52 -------- d-----w- c:\windows\system32\ZoneLabs
2010-10-26 16:43:44 -------- d-----w- c:\program files\Zone Labs
2010-10-26 16:43:32 -------- d-----w- c:\windows\Internet Logs
2010-10-26 16:35:29 -------- d-----w- c:\docume~1\leefam~1\locals~1\applic~1\Google
2010-10-26 16:34:02 -------- d-----w- C:\temp
2010-10-26 16:25:40 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2010-10-26 16:25:40 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2010-10-26 16:25:37 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-26 16:25:11 -------- d-----w- c:\windows\RegisteredPackages
2010-10-26 16:24:16 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-10-26 16:24:15 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-10-26 16:24:13 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-10-26 16:24:09 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-10-26 16:24:08 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-10-26 16:24:07 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-10-26 16:24:06 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-10-26 16:24:04 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-10-26 16:24:01 46433 ----a-w- c:\windows\WBODA34I.DLL
2010-10-26 16:24:01 351526 ----a-w- c:\windows\WBDDA34I.DLL
2010-10-26 16:23:26 -------- d-----w- c:\program files\ATI Technologies
2010-10-26 16:21:26 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-10-26 16:21:13 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-10-26 16:21:13 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-10-26 16:21:09 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2010-10-26 16:21:09 2297664 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2010-10-26 16:21:09 156672 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-10-26 16:21:08 9319936 ----a-w- c:\windows\system32\RTLCPL.EXE
2010-10-26 16:21:08 40960 ------w- c:\windows\system32\ChCfg.exe
2010-10-26 16:21:07 208896 ------w- c:\windows\alcupd.exe
2010-10-26 16:21:07 16162816 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-10-26 16:21:07 139264 ------w- c:\windows\alcrmv.exe
2010-10-26 16:21:05 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2010-10-26 16:20:49 18000 ----a-w- c:\windows\BigFixClientOverride.dll
2010-10-26 16:20:49 -------- d-----w- c:\program files\BigFix
2010-10-26 16:20:40 57344 ----a-w- c:\windows\system32\NeroBurnRights.cpl
2010-10-26 16:20:40 53248 ----a-w- c:\windows\system32\NeroCo.dll
2010-10-26 16:20:40 1658880 ------w- c:\windows\UNNeroBurnRights.exe
2010-10-26 16:20:04 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-10-26 16:20:03 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-10-26 16:20:03 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-10-26 16:20:03 38912 ----a-w- c:\windows\system32\picn20.dll
2010-10-26 16:20:03 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-10-26 16:20:03 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-10-26 16:19:56 -------- d-----w- c:\program files\MSN Encarta Plus
2010-10-26 16:19:34 -------- d-----w- c:\program files\Microsoft Money 2005
2010-10-26 16:17:42 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys

==================== Find3M ====================

2010-10-26 16:17:41 24576 ----a-w- c:\windows\system32\prefscpl.cpl

============= FINISH: 14:47:09.93 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/26/2010 5:30:37 PM
System Uptime: 10/27/2010 1:45:35 PM (1 hours ago)

Motherboard: | | MS-7093
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2188/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 294 GiB total, 287.768 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.359 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/26/2010 5:30:41 PM - System Checkpoint
RP2: 10/26/2010 5:45:54 PM - Installed Windows XP KB943232.
RP3: 10/26/2010 7:04:22 PM - Installed Windows XP Service Pack 3.
RP4: 10/26/2010 7:28:36 PM - Installed Windows Internet Explorer 8.

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Adobe Shockwave Player 11.5
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Spyware Protection
AOL UK (Choose which version to remove)
AOL You've Got Pictures Screensaver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BigFix
Digital Media Reader
Google Chrome
Google Toolbar for Internet Explorer
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Money
Microsoft Works
Mozilla Firefox (3.6.11)
Multimedia Keyboard Driver
Nero BurnRights
Nero OEM
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Smart Link 56K Voice Modem
Spybot - Search & Destroy
VC 9.0 Runtime
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
ZoneAlarm Security Suite

==== Event Viewer Messages From Past Week ========

10/27/2010 8:45:34 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00110915DA04 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/27/2010 1:43:09 PM, error: Service Control Manager [7034] - The SmartLinkService service terminated unexpectedly. It has done this 1 time(s).
10/27/2010 1:43:07 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
10/27/2010 1:43:05 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
10/27/2010 1:42:51 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
10/26/2010 8:16:55 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
10/26/2010 7:49:09 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
10/26/2010 7:49:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\ZoneLabs\FFApi.dll. Reference error message: The operation completed successfully. .
10/26/2010 7:49:09 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
538
Mark Fuller
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
474
eriksnyman1
E
A
Please help: Intel Core i9-11900KF with a H510M H V2 motherboard
Replies
2
Views
290
HardReset
H

Latest posts

Back