Windows cannot access the specified device path or file

Solved
By Batrico
Feb 3, 2012
  1. Hi ive been working on a xp laptop trying to solve this issue for a couple of days now.I just installed firefox 10 and when i clicked on the exe it says Windows Cannot Access the Specified Device Path or File etc.Also when i look at the properties of the set up file it says this program has come from another computer etc.Ive tried the unblock button but that doesnt help.Ive tried a full scan with avast av and found no viruses.Iv done a system restore and it goes away but comes back again on second opening.So im thinking must be malware.

    So far done mbr check and combofix. will paste reports next.
  2. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 140):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D1000 \WINDOWS\system32\hal.dll
    0xF799E000 \WINDOWS\system32\KDCOM.DLL
    0xF78AE000 \WINDOWS\system32\BOOTVID.dll
    0xF736F000 ACPI.sys
    0xF79A0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF735E000 pci.sys
    0xF749E000 isapnp.sys
    0xF78B2000 compbatt.sys
    0xF78B6000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A66000 pciide.sys
    0xF771E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF74AE000 MountMgr.sys
    0xF733F000 ftdisk.sys
    0xF7726000 PartMgr.sys
    0xF78BA000 ACPIEC.sys
    0xF7A67000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF74BE000 VolSnap.sys
    0xF7327000 atapi.sys
    0xF74CE000 disk.sys
    0xF74DE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7307000 fltmgr.sys
    0xF72F5000 sr.sys
    0xF72DF000 DRVMCDB.SYS
    0xF74EE000 PxHelp20.sys
    0xF72C8000 KSecDD.sys
    0xF723B000 Ntfs.sys
    0xF7225000 inspect.sys
    0xF71F8000 \WINDOWS\System32\DRIVERS\NDIS.SYS
    0xF772E000 \WINDOWS\System32\DRIVERS\TDI.SYS
    0xF71DE000 Mup.sys
    0xF753E000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xF68D7000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF68C3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF682F000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF77CE000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF680B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF77D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF754E000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF79D4000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xF755E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF756E000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF67E8000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF77DE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF67C0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF757E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF77E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6791000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF79D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF77EE000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF677D000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF77F6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0xF798A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7AFA000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF758E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF798E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6766000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF759E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF75AE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF6755000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF75BE000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77FE000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7806000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF75DE000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79D8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF66F7000 \SystemRoot\system32\DRIVERS\update.sys
    0xF799A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF75EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF761E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF2612000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0xF251B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0xF2465000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0xF7816000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF2352000 \SystemRoot\system32\drivers\sthda.sys
    0xF232E000 \SystemRoot\system32\drivers\portcls.sys
    0xF762E000 \SystemRoot\system32\drivers\drmk.sys
    0xF6A99000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF2217000 \SystemRoot\System32\DRIVERS\cmdguard.sys
    0xF79EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7B94000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79EC000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF782E000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xF7836000 \SystemRoot\System32\drivers\vga.sys
    0xF79EE000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF783E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7846000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF6A89000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF21BC000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF2163000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF784E000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
    0xF763E000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xF213B000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF7856000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xF2119000 \SystemRoot\System32\drivers\afd.sys
    0xF764E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF20EE000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF2056000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF767E000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF2030000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF768E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF1FE6000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF1F76000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0xF66D6000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xF7876000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xF770E000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF1276000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79E4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF21FF000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF785E000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7B4F000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF055000 \SystemRoot\System32\ati2cqag.dll
    0xBF09B000 \SystemRoot\System32\atikvmag.dll
    0xBF0DF000 \SystemRoot\System32\ati3duag.dll
    0xBF323000 \SystemRoot\System32\ativvaxx.dll
    0xBF562000 \SystemRoot\System32\ATMFD.DLL
    0xF1252000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xF228E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xF7A8E000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xEF0A0000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xF21FB000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xF7A3E000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xF786E000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xEF088000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xEF072000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xEF04A000 \SystemRoot\system32\DRIVERS\packet.sys
    0xEF0F2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xEED3B000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xEE6CE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xEE6B9000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEE89B000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEE483000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xEE42B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xEE4FB000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0xEDF8A000 \SystemRoot\System32\Drivers\HTTP.sys
    0xEDBEC000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 50):
    0 System Idle Process
    4 System
    648 C:\WINDOWS\system32\smss.exe
    696 csrss.exe
    736 C:\WINDOWS\system32\winlogon.exe
    780 C:\WINDOWS\system32\services.exe
    792 C:\WINDOWS\system32\lsass.exe
    956 C:\WINDOWS\system32\ati2evxx.exe
    972 C:\WINDOWS\system32\svchost.exe
    1052 svchost.exe
    1088 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    1120 C:\WINDOWS\system32\svchost.exe
    1276 svchost.exe
    1296 C:\WINDOWS\system32\ati2evxx.exe
    1408 svchost.exe
    1528 C:\WINDOWS\system32\WLTRYSVC.EXE
    1648 C:\WINDOWS\system32\BCMWLTRY.EXE
    1696 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1768 C:\WINDOWS\explorer.exe
    136 C:\WINDOWS\stsystra.exe
    180 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    192 C:\WINDOWS\system32\WLTRAY.EXE
    200 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    188 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    224 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    232 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    244 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    324 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    488 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    544 C:\Program Files\Messenger\msmsgs.exe
    408 C:\WINDOWS\system32\ctfmon.exe
    672 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2088 C:\WINDOWS\system32\spoolsv.exe
    2180 svchost.exe
    2308 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2328 C:\Program Files\Bonjour\mDNSResponder.exe
    2428 C:\Program Files\Dell Network Assistant\hnm_svc.exe
    2480 C:\Program Files\Java\jre6\bin\jqs.exe
    2548 C:\WINDOWS\system32\svchost.exe
    3632 alg.exe
    3816 C:\WINDOWS\system32\svchost.exe
    328 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    2156 C:\Program Files\OpenOffice.org 3\program\swriter.exe
    2212 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    3272 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    2720 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    2764 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    1580 C:\Program Files\Internet Explorer\iexplore.exe
    3768 C:\Program Files\Internet Explorer\iexplore.exe
    1140 C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\A8G86ADZ\MBRCheck[1].exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06dd1c00 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHV2060BH, Rev: 0085002A

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Dell MBR code detected
    SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


    Done!
  3. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    ComboFix 12-02-03.02 - Shel 02/03/2012 20:02:32.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.164 [GMT 0:00]
    Running from: c:\documents and settings\Shel\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Shel\WINDOWS
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
    c:\windows\Downloaded Installations\BMP
    c:\windows\Downloaded Installations\BMP\{1010925C-CEA9-49ED-AB1F-BDA72379C99B}\1033.MST
    c:\windows\Downloaded Installations\BMP\{1010925C-CEA9-49ED-AB1F-BDA72379C99B}\BACS.msi
    c:\windows\EventSystem.log
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\MSMAsk32.ocx
    c:\windows\system32\rightonadz-uninst.exe
    c:\windows\system32\SET10E.tmp
    c:\windows\system32\SET112.tmp
    c:\windows\system32\SET11A.tmp
    c:\windows\system32\SET1C.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-02 23:41 . 2012-02-02 23:41 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-02-02 23:20 . 2012-02-02 23:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
    2012-02-02 22:41 . 2012-02-02 22:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2012-02-02 19:13 . 2012-02-03 20:16 -------- d-----w- c:\documents and settings\Shel
    2012-02-02 18:11 . 2012-02-02 23:40 -------- d-s---w- c:\documents and settings\Peter
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-17 21:00 . 2010-06-04 10:55 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-12-19 18:59 . 2010-06-01 18:00 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-12-19 18:59 . 2010-06-01 18:00 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 18:59 . 2010-06-01 18:00 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 18:58 . 2011-11-03 23:34 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 18:58 . 2010-06-01 18:00 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-11-25 21:57 . 2004-08-10 12:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-10 12:51 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-10 12:51 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-10 12:51 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-10 12:51 152064 ----a-w- c:\windows\system32\schannel.dll
    2012-01-29 15:55 . 2012-02-03 19:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-16 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\documents and settings\Shel\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
    backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Shel^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Shel\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2006-08-23 16:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-12-09 20:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2006-12-09 08:36 236544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-03-30 09:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-11-16 17:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:SingleClick ICC
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/14/2011 11:12 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/5/2009 4:31 PM 309848]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 10:55 AM 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 6:00 PM 31704]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/5/2009 4:31 PM 19544]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:26 PM 135664]
    S3 cpuz;cpuz;\??\e:\aaaaa\tests\cpuz\cpuz.sys --> e:\aaaaa\tests\cpuz\cpuz.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:26 PM 135664]
    S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
    .
    2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
    .
    2008-02-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
    .
    2012-02-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
    .
    2010-05-18 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\XoftSpySE\XoftSpy.exe [2006-06-19 15:35]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-378836b8-d739-32f3-d592-acc9e15e766c - c:\windows\system32\378836b8-d739-32f3-d592-acc9e15e766c.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-03 20:40
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'lsass.exe'(784)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'explorer.exe'(2288)
    c:\windows\system32\WININET.dll
    c:\windows\system32\guard32.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    - - - - - - - > 'csrss.exe'(696)
    c:\windows\system32\cmdcsr.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\stsystra.exe
    c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Dell Network Assistant\hnm_svc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\ATI Technologies\ATI.ACE\cli.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\System32\logon.scr
    c:\program files\Alwil Software\Avast5\defs\12020301\Sf.bin
    .
    **************************************************************************
    .
    Completion time: 2012-02-03 21:00:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-03 20:59
    .
    Pre-Run: 24,589,582,336 bytes free
    Post-Run: 24,525,971,456 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - CB209827940ED510FEF7C4A203A728D2
  4. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Never run Combofix on your own!
  5. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    Hi thanks for replying
    ive actually found out reading though your instructions after disabling my firewall it was the latest update of comodo that caused the problem.I uninstalled and reinstalled comodo and hey presto the laptop is working fine.Firefox loads again.Just restarte it for the final test and it :works
  6. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    I can see that Combofix found some trojans so I'd suggest we run some checks.
    Up to you of course.
  7. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    Wont be able to work on the laptop till tomorrow evening.It wont be on the internet till then so should be ok for the moment.Thanks for your reply.
  8. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    No problem :)
  9. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    where shall i start.
  10. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Re-read my reply #4.
  11. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.05.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Shel :: MICHELLE [administrator]

    2/5/2012 8:39:17 PM
    mbam-log-2012-02-05 (20-39-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220826
    Time elapsed: 12 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 4
    HKCR\AppID\{8D71EEB8-A1A7-4733-8FA2-1CAC015C967D} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\Typelib\{B4094603-DDA9-4CAF-9B13-0AD1034C9C53} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\Interface\{48DC6FFB-64D7-42E8-949D-8EF2641EB73A} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\AppID\Sidebar.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\WINDOWS\system32\WhoisCL.exe (Trojan.BHO) -> Quarantined and deleted successfully.

    (end)
     
  12. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    Do i need to do the GMER thing next
  13. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-05 21:49:00
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060BH rev.0085002A
    Running: l5sk7jkt.exe; Driver: C:\DOCUME~1\Shel\LOCALS~1\Temp\uwtcypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF1FD0BF2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF1FD0A5D]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF2028398]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----
  14. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Shel at 21:55:50 on 2012-02-05
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.66 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
    mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    StartupFolder: c:\docume~1\shel\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195594076281
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{32AFFDC5-BCBC-4D98-B419-5FC3BABB1B40} : DhcpNameServer = 192.168.2.1 192.168.2.1
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\shel\application data\mozilla\firefox\profiles\j7178s2o.default\
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-14 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-5 309848]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 494968]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-5 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 42184]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1960584]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]
    S3 cpuz;cpuz;\??\e:\aaaaa\tests\cpuz\cpuz.sys --> e:\aaaaa\tests\cpuz\cpuz.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]
    S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-02-05 20:35:44 -------- d-----w- c:\documents and settings\shel\application data\Malwarebytes
    2012-02-05 20:34:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-02-05 20:34:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-05 20:34:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-03 22:09:24 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
    2012-02-03 22:01:26 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2012-02-03 19:43:10 -------- d-sha-r- C:\cmdcons
    2012-02-03 19:38:55 98816 ----a-w- c:\windows\sed.exe
    2012-02-03 19:38:55 518144 ----a-w- c:\windows\SWREG.exe
    2012-02-03 19:38:55 256000 ----a-w- c:\windows\PEV.exe
    2012-02-03 19:38:55 208896 ----a-w- c:\windows\MBR.exe
    2012-02-02 23:41:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-02-02 23:41:15 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-02-02 23:37:56 -------- d-----w- c:\documents and settings\shel\application data\OpenOffice.org
    2012-02-02 19:49:55 -------- d-----w- c:\documents and settings\shel\local settings\application data\Adobe(2)
    2012-02-02 19:35:28 -------- d-----w- c:\documents and settings\shel\local settings\application data\ATI(2)
    2012-02-02 19:34:49 -------- d-----w- c:\documents and settings\shel\local settings\application data\ApplicationHistory(3)
    2012-02-02 19:32:19 -------- d-----w- c:\documents and settings\shel\Application Data(3)
    2012-01-17 21:00:50 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    .
    ==================== Find3M ====================
    .
    2011-12-19 18:59:22 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 18:59:20 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 18:58:56 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 18:58:55 301224 ----a-w- c:\windows\system32\guard32.dll
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    ============= FINISH: 22:00:59.39 ===============
  15. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/12/2006 4:21:46 PM
    System Uptime: 2/5/2012 8:57:39 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0UW744
    Processor: Mobile AMD Sempron(tm) Processor 3500+ | Socket M2/S1G1 | 1796/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 53 GiB total, 22.191 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom 440x 10/100 Integrated Controller
    Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F51028&REV_02\4&1A4C5809&0&00A4
    Manufacturer: Broadcom
    Name: Broadcom 440x 10/100 Integrated Controller
    PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F51028&REV_02\4&1A4C5809&0&00A4
    Service: bcm4sbxp
    .
    ==== System Restore Points ===================
    .
    RP906: 12/28/2011 10:25:48 AM - System Checkpoint
    RP907: 12/29/2011 10:46:21 AM - System Checkpoint
    RP908: 12/30/2011 1:24:47 PM - System Checkpoint
    RP909: 1/1/2012 10:06:11 AM - System Checkpoint
    RP910: 1/2/2012 11:17:33 AM - System Checkpoint
    RP911: 1/2/2012 3:48:45 PM - Software Distribution Service 3.0
    RP912: 1/3/2012 10:00:52 AM - Software Distribution Service 3.0
    RP913: 1/4/2012 7:41:32 PM - Software Distribution Service 3.0
    RP914: 1/5/2012 7:55:39 PM - Restore Operation
    RP915: 1/6/2012 9:47:58 PM - System Checkpoint
    RP916: 1/8/2012 11:34:18 AM - System Checkpoint
    RP917: 1/8/2012 11:32:54 PM - Software Distribution Service 3.0
    RP918: 1/11/2012 8:56:57 AM - System Checkpoint
    RP919: 1/11/2012 10:15:13 AM - Software Distribution Service 3.0
    RP920: 1/12/2012 8:23:12 AM - Software Distribution Service 3.0
    RP921: 1/14/2012 7:22:44 AM - System Checkpoint
    RP922: 1/15/2012 10:46:29 AM - System Checkpoint
    RP923: 1/16/2012 12:18:10 PM - System Checkpoint
    RP924: 1/17/2012 12:24:51 PM - System Checkpoint
    RP925: 1/18/2012 11:49:55 PM - System Checkpoint
    RP926: 1/20/2012 10:15:50 AM - System Checkpoint
    RP927: 1/21/2012 11:39:00 AM - System Checkpoint
    RP928: 1/22/2012 12:30:30 PM - System Checkpoint
    RP929: 1/25/2012 8:39:06 PM - System Checkpoint
    RP930: 1/29/2012 3:26:51 PM - System Checkpoint
    RP931: 1/30/2012 9:12:16 PM - System Checkpoint
    RP932: 1/31/2012 10:33:48 AM - Software Distribution Service 3.0
    RP933: 2/1/2012 2:06:01 PM - System Checkpoint
    RP934: 2/2/2012 5:30:59 PM - System Checkpoint
    RP935: 2/2/2012 7:11:22 PM - Restore Operation
    RP936: 2/2/2012 7:24:20 PM - Restore Operation
    RP937: 2/2/2012 7:57:24 PM - Software Distribution Service 3.0
    RP938: 2/2/2012 11:33:29 PM - Restore Operation
    RP939: 2/3/2012 6:51:58 PM - Revo Uninstaller's restore point - Mozilla Firefox 10.0 (x86 en-US)
    RP940: 2/3/2012 9:35:46 PM - Revo Uninstaller's restore point - COMODO Internet Security
    RP941: 2/3/2012 9:38:50 PM - Removed COMODO Internet Security
    RP942: 2/3/2012 10:17:35 PM - after reinstalling te dragon
    RP943: 2/5/2012 9:34:17 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.6
    Adobe Shockwave Player 11.5
    AMD Processor Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    ATI Catalyst Control Center
    ATI Display Driver
    avast! Free Antivirus
    Bonjour
    Broadcom Management Programs
    BSR Screen Recorder 4
    CCleaner
    CCScore
    Comodo Dragon
    COMODO GeekBuddy
    COMODO Internet Security
    Conexant HDA D110 MDC V.92 Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Network Assistant
    Dell Support 3.2.1
    Dell System Restore
    Dell Wireless WLAN Card
    Digital Line Detect
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    fflink
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hardcore
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Product Detection
    IL Download Manager
    iTunes
    J2SE Development Kit 5.0 Update 14
    J2SE Runtime Environment 5.0 Update 14
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 29
    Java(TM) 6 Update 3
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    Malwarebytes Anti-Malware version 1.60.1.1000
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft MPEG-4 VKI Video Codec V1/V2/V3
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 6.0 Enterprise Edition
    Microsoft Works
    Modem Helper
    Mozilla Firefox 10.0 (x86 en-US)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    netbrdg
    NetWaiting
    OfotoXMI
    OpenOffice.org 3.3
    PoiZone
    PowerDVD 5.7
    QuickSet
    QuickTime
    reFX Vanguard VSTi v1.6.1
    Revo Uninstaller 1.88
    Roxio DLA
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Sawer
    SearchAssist
    Security Task Manager 1.7g
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Sonic Update Manager
    staticcr
    Synaptics Pointing Device Driver
    T-RackS 1.x
    TheSage
    tooltips
    Toxic Biohazard
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    V-Station 1.50
    Virtual DJ - Atomix Productions
    VPRINTOL
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Movie Maker 2.0
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WIRELESS
    XML Paper Specification Shared Components Pack 1.0
    XoftSpySE
    XviD MPEG-4 Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/3/2012 8:39:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.
    2/3/2012 8:39:47 PM, error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/3/2012 8:00:02 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    2/3/2012 7:16:43 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    2/2/2012 7:32:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    2/2/2012 7:32:47 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/2/2012 6:39:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/2/2012 6:38:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 APPDRV aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2012 6:37:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2/2/2012 6:37:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/2/2012 5:43:56 PM, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: The system cannot find the file specified.
    2/2/2012 11:52:59 PM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
    2/2/2012 10:41:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 APPDRV aswSnx aswSP aswTdi cmdGuard Fips
    .
    ==== End Of File ===========================
  16. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  17. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    Do i click on fix MBR
  18. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Just follow my instruction and do NOT click on anything what is NOT listed in my guides.
  19. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-05 22:59:04
    -----------------------------
    22:59:04.171 OS Version: Windows 5.1.2600 Service Pack 3
    22:59:04.171 Number of processors: 1 586 0x4C02
    22:59:04.171 ComputerName: MICHELLE UserName: Shel
    22:59:05.765 Initialize success
    22:59:08.531 AVAST engine defs: 12020503
    22:59:36.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:59:36.000 Disk 0 Vendor: FUJITSU_MHV2060BH 0085002A Size: 57231MB BusType: 3
    22:59:36.031 Disk 0 MBR read successfully
    22:59:36.031 Disk 0 MBR scan
    22:59:36.062 Disk 0 unknown MBR code
    22:59:36.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
    22:59:36.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 54031 MB offset 224910
    22:59:36.125 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 110896695
    22:59:36.125 Disk 0 scanning sectors +117194175
    22:59:36.203 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:59:54.843 Service scanning
    22:59:57.734 Modules scanning
    23:00:06.125 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    23:00:08.093 Disk 0 trace - called modules:
    23:00:08.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
    23:00:08.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bcf5e0]
    23:00:08.156 3 CLASSPNP.SYS[f74eefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b8e728]
    23:00:08.687 AVAST engine scan C:\WINDOWS
    23:00:18.937 AVAST engine scan C:\WINDOWS\system32
    23:03:33.828 AVAST engine scan C:\WINDOWS\system32\drivers
    23:03:48.656 AVAST engine scan C:\Documents and Settings\Shel
    23:10:38.437 AVAST engine scan C:\Documents and Settings\All Users
    23:11:46.640 Scan finished successfully
    23:20:47.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shel\Desktop\MBR.dat"
    23:20:47.203 The log file has been saved successfully to "C:\Documents and Settings\Shel\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-05 22:59:04
    -----------------------------
    22:59:04.171 OS Version: Windows 5.1.2600 Service Pack 3
    22:59:04.171 Number of processors: 1 586 0x4C02
    22:59:04.171 ComputerName: MICHELLE UserName: Shel
    22:59:05.765 Initialize success
    22:59:08.531 AVAST engine defs: 12020503
    22:59:36.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:59:36.000 Disk 0 Vendor: FUJITSU_MHV2060BH 0085002A Size: 57231MB BusType: 3
    22:59:36.031 Disk 0 MBR read successfully
    22:59:36.031 Disk 0 MBR scan
    22:59:36.062 Disk 0 unknown MBR code
    22:59:36.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
    22:59:36.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 54031 MB offset 224910
    22:59:36.125 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 110896695
    22:59:36.125 Disk 0 scanning sectors +117194175
    22:59:36.203 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:59:54.843 Service scanning
    22:59:57.734 Modules scanning
    23:00:06.125 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    23:00:08.093 Disk 0 trace - called modules:
    23:00:08.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
    23:00:08.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bcf5e0]
    23:00:08.156 3 CLASSPNP.SYS[f74eefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b8e728]
    23:00:08.687 AVAST engine scan C:\WINDOWS
    23:00:18.937 AVAST engine scan C:\WINDOWS\system32
    23:03:33.828 AVAST engine scan C:\WINDOWS\system32\drivers
    23:03:48.656 AVAST engine scan C:\Documents and Settings\Shel
    23:10:38.437 AVAST engine scan C:\Documents and Settings\All Users
    23:11:46.640 Scan finished successfully
    23:20:47.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shel\Desktop\MBR.dat"
    23:20:47.203 The log file has been saved successfully to "C:\Documents and Settings\Shel\Desktop\aswMBR.txt"
    23:20:59.609 Verifying
    23:21:09.656 Disk 0 Windows 501 MBR fixed successfully
    23:21:30.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shel\Desktop\MBR.dat"
    23:21:30.984 The log file has been saved successfully to "C:\Documents and Settings\Shel\Desktop\aswMBR.txt"
  20. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    You posted aswMBR log twice.
    I still need Bootkit Remover log.
  21. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06dd1c00
    Boot sector MD5 is: 2545cd04c0536ff4d864ef9815c56f4e

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  22. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
  23. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    ListParts by Farbar
    Ran by Shel on 05-02-2012 at 23:59:29
    Windows XP (X86)
    Running From: C:\Documents and Settings\Shel\My Documents\Downloads
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 81%
    Total physical RAM: 446.04 MB
    Available physical RAM: 84.3 MB
    Total Pagefile: 1054.71 MB
    Available Pagefile: 498.91 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2000.74 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:52.76 GB) (Free:22.34 GB) NTFS ==>[Drive with boot components (Windows XP)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 56 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 110 MB 32 KB
    Partition 2 Primary 53 GB 110 MB
    Partition 3 Unknown 3075 MB 53 GB

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 53 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 3
    Type : DB
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.


    ****** End Of Log ******
  24. Batrico

    Batrico Newcomer, in training Topic Starter Posts: 50

    Gonna call it a day and go watch superbowlsecond half.its 12.51am here so if you think i need do anyting else ll pick it up fromhere tomorrow
  25. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    No problem :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.