Solved Windows cannot access the specified device path or file

B

Batrico

Posts: 55   +0
Hi ive been working on a xp laptop trying to solve this issue for a couple of days now.I just installed firefox 10 and when i clicked on the exe it says Windows Cannot Access the Specified Device Path or File etc.Also when i look at the properties of the set up file it says this program has come from another computer etc.Ive tried the unblock button but that doesnt help.Ive tried a full scan with avast av and found no viruses.Iv done a system restore and it goes away but comes back again on second opening.So im thinking must be malware.

So far done mbr check and combofix. will paste reports next.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF799E000 \WINDOWS\system32\KDCOM.DLL
0xF78AE000 \WINDOWS\system32\BOOTVID.dll
0xF736F000 ACPI.sys
0xF79A0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF735E000 pci.sys
0xF749E000 isapnp.sys
0xF78B2000 compbatt.sys
0xF78B6000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A66000 pciide.sys
0xF771E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74AE000 MountMgr.sys
0xF733F000 ftdisk.sys
0xF7726000 PartMgr.sys
0xF78BA000 ACPIEC.sys
0xF7A67000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF74BE000 VolSnap.sys
0xF7327000 atapi.sys
0xF74CE000 disk.sys
0xF74DE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7307000 fltmgr.sys
0xF72F5000 sr.sys
0xF72DF000 DRVMCDB.SYS
0xF74EE000 PxHelp20.sys
0xF72C8000 KSecDD.sys
0xF723B000 Ntfs.sys
0xF7225000 inspect.sys
0xF71F8000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xF772E000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xF71DE000 Mup.sys
0xF753E000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF68D7000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF68C3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF682F000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF680B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF754E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79D4000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF755E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF756E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF67E8000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF67C0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF757E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6791000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77EE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF677D000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF77F6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF798A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7AFA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF758E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF798E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6766000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF759E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75AE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6755000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75BE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7806000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75DE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF66F7000 \SystemRoot\system32\DRIVERS\update.sys
0xF799A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF761E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF2612000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xF251B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xF2465000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xF7816000 \SystemRoot\System32\Drivers\Modem.SYS
0xF2352000 \SystemRoot\system32\drivers\sthda.sys
0xF232E000 \SystemRoot\system32\drivers\portcls.sys
0xF762E000 \SystemRoot\system32\drivers\drmk.sys
0xF6A99000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF2217000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xF79EA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B94000 \SystemRoot\System32\Drivers\Null.SYS
0xF79EC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF782E000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7836000 \SystemRoot\System32\drivers\vga.sys
0xF79EE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF783E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7846000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6A89000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF21BC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF2163000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF784E000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xF763E000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF213B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7856000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF2119000 \SystemRoot\System32\drivers\afd.sys
0xF764E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF20EE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF2056000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF767E000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2030000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF768E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF1FE6000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF1F76000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF66D6000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF7876000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF770E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF1276000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF21FF000 \SystemRoot\System32\drivers\Dxapi.sys
0xF785E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B4F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09B000 \SystemRoot\System32\atikvmag.dll
0xBF0DF000 \SystemRoot\System32\ati3duag.dll
0xBF323000 \SystemRoot\System32\ativvaxx.dll
0xBF562000 \SystemRoot\System32\ATMFD.DLL
0xF1252000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF228E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7A8E000 \SystemRoot\System32\DLA\DLADResN.SYS
0xEF0A0000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF21FB000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7A3E000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF786E000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xEF088000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xEF072000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xEF04A000 \SystemRoot\system32\DRIVERS\packet.sys
0xEF0F2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEED3B000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEE6CE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEE6B9000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE89B000 \SystemRoot\system32\drivers\sysaudio.sys
0xEE483000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEE42B000 \SystemRoot\system32\DRIVERS\srv.sys
0xEE4FB000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xEDF8A000 \SystemRoot\System32\Drivers\HTTP.sys
0xEDBEC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
648 C:\WINDOWS\system32\smss.exe
696 csrss.exe
736 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
792 C:\WINDOWS\system32\lsass.exe
956 C:\WINDOWS\system32\ati2evxx.exe
972 C:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1088 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1120 C:\WINDOWS\system32\svchost.exe
1276 svchost.exe
1296 C:\WINDOWS\system32\ati2evxx.exe
1408 svchost.exe
1528 C:\WINDOWS\system32\WLTRYSVC.EXE
1648 C:\WINDOWS\system32\BCMWLTRY.EXE
1696 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1768 C:\WINDOWS\explorer.exe
136 C:\WINDOWS\stsystra.exe
180 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
192 C:\WINDOWS\system32\WLTRAY.EXE
200 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
188 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
224 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
232 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
244 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
324 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
488 C:\Program Files\Common Files\Java\Java Update\jusched.exe
544 C:\Program Files\Messenger\msmsgs.exe
408 C:\WINDOWS\system32\ctfmon.exe
672 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2088 C:\WINDOWS\system32\spoolsv.exe
2180 svchost.exe
2308 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2328 C:\Program Files\Bonjour\mDNSResponder.exe
2428 C:\Program Files\Dell Network Assistant\hnm_svc.exe
2480 C:\Program Files\Java\jre6\bin\jqs.exe
2548 C:\WINDOWS\system32\svchost.exe
3632 alg.exe
3816 C:\WINDOWS\system32\svchost.exe
328 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2156 C:\Program Files\OpenOffice.org 3\program\swriter.exe
2212 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3272 C:\Program Files\OpenOffice.org 3\program\soffice.bin
2720 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
2764 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
1580 C:\Program Files\Internet Explorer\iexplore.exe
3768 C:\Program Files\Internet Explorer\iexplore.exe
1140 C:\Documents and Settings\Shel\Local Settings\Temporary Internet Files\Content.IE5\A8G86ADZ\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06dd1c00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2060BH, Rev: 0085002A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!
 
ComboFix 12-02-03.02 - Shel 02/03/2012 20:02:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.164 [GMT 0:00]
Running from: c:\documents and settings\Shel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Shel\WINDOWS
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{1010925C-CEA9-49ED-AB1F-BDA72379C99B}\1033.MST
c:\windows\Downloaded Installations\BMP\{1010925C-CEA9-49ED-AB1F-BDA72379C99B}\BACS.msi
c:\windows\EventSystem.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\MSMAsk32.ocx
c:\windows\system32\rightonadz-uninst.exe
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET1C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-02 23:41 . 2012-02-02 23:41 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-02 23:20 . 2012-02-02 23:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2012-02-02 22:41 . 2012-02-02 22:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-02-02 19:13 . 2012-02-03 20:16 -------- d-----w- c:\documents and settings\Shel
2012-02-02 18:11 . 2012-02-02 23:40 -------- d-s---w- c:\documents and settings\Peter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 21:00 . 2010-06-04 10:55 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-06-01 18:00 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-06-01 18:00 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-06-01 18:00 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-11-03 23:34 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2010-06-01 18:00 301224 ----a-w- c:\windows\system32\guard32.dll
2011-11-25 21:57 . 2004-08-10 12:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 12:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 12:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 12:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 12:51 152064 ----a-w- c:\windows\system32\schannel.dll
2012-01-29 15:55 . 2012-02-03 19:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-16 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Shel\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Shel^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Shel\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 16:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 20:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-12-09 08:36 236544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 09:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-16 17:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/14/2011 11:12 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/5/2009 4:31 PM 309848]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 10:55 AM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 6:00 PM 31704]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/5/2009 4:31 PM 19544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:26 PM 135664]
S3 cpuz;cpuz;\??\e:\aaaaa\tests\cpuz\cpuz.sys --> e:\aaaaa\tests\cpuz\cpuz.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:26 PM 135664]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
.
2008-02-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
2012-02-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
2010-05-18 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2006-06-19 15:35]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-378836b8-d739-32f3-d592-acc9e15e766c - c:\windows\system32\378836b8-d739-32f3-d592-acc9e15e766c.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 20:40
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(696)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\logon.scr
c:\program files\Alwil Software\Avast5\defs\12020301\Sf.bin
.
**************************************************************************
.
Completion time: 2012-02-03 21:00:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 20:59
.
Pre-Run: 24,589,582,336 bytes free
Post-Run: 24,525,971,456 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CB209827940ED510FEF7C4A203A728D2
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Never run Combofix on your own!
 
Hi thanks for replying
ive actually found out reading though your instructions after disabling my firewall it was the latest update of comodo that caused the problem.I uninstalled and reinstalled comodo and hey presto the laptop is working fine.Firefox loads again.Just restarte it for the final test and it :works
 
I can see that Combofix found some trojans so I'd suggest we run some checks.
Up to you of course.
 
Wont be able to work on the laptop till tomorrow evening.It wont be on the internet till then so should be ok for the moment.Thanks for your reply.
 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.05.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Shel :: MICHELLE [administrator]

2/5/2012 8:39:17 PM
mbam-log-2012-02-05 (20-39-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220826
Time elapsed: 12 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\AppID\{8D71EEB8-A1A7-4733-8FA2-1CAC015C967D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Typelib\{B4094603-DDA9-4CAF-9B13-0AD1034C9C53} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{48DC6FFB-64D7-42E8-949D-8EF2641EB73A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\AppID\Sidebar.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\WhoisCL.exe (Trojan.BHO) -> Quarantined and deleted successfully.

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-05 21:49:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060BH rev.0085002A
Running: l5sk7jkt.exe; Driver: C:\DOCUME~1\Shel\LOCALS~1\Temp\uwtcypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF1FD0BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF1FD0A5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF2028398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Shel at 21:55:50 on 2012-02-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.66 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\shel\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195594076281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{32AFFDC5-BCBC-4D98-B419-5FC3BABB1B40} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\shel\application data\mozilla\firefox\profiles\j7178s2o.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-14 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-5 309848]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-5 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-17 42184]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1960584]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]
S3 cpuz;cpuz;\??\e:\aaaaa\tests\cpuz\cpuz.sys --> e:\aaaaa\tests\cpuz\cpuz.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
.
=============== Created Last 30 ================
.
2012-02-05 20:35:44 -------- d-----w- c:\documents and settings\shel\application data\Malwarebytes
2012-02-05 20:34:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-05 20:34:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 20:34:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 22:09:24 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-02-03 22:01:26 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-03 19:43:10 -------- d-sha-r- C:\cmdcons
2012-02-03 19:38:55 98816 ----a-w- c:\windows\sed.exe
2012-02-03 19:38:55 518144 ----a-w- c:\windows\SWREG.exe
2012-02-03 19:38:55 256000 ----a-w- c:\windows\PEV.exe
2012-02-03 19:38:55 208896 ----a-w- c:\windows\MBR.exe
2012-02-02 23:41:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-02 23:41:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-02 23:37:56 -------- d-----w- c:\documents and settings\shel\application data\OpenOffice.org
2012-02-02 19:49:55 -------- d-----w- c:\documents and settings\shel\local settings\application data\Adobe(2)
2012-02-02 19:35:28 -------- d-----w- c:\documents and settings\shel\local settings\application data\ATI(2)
2012-02-02 19:34:49 -------- d-----w- c:\documents and settings\shel\local settings\application data\ApplicationHistory(3)
2012-02-02 19:32:19 -------- d-----w- c:\documents and settings\shel\Application Data(3)
2012-01-17 21:00:50 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
.
==================== Find3M ====================
.
2011-12-19 18:59:22 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59:20 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58:56 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58:55 301224 ----a-w- c:\windows\system32\guard32.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 22:00:59.39 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2006 4:21:46 PM
System Uptime: 2/5/2012 8:57:39 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0UW744
Processor: Mobile AMD Sempron(tm) Processor 3500+ | Socket M2/S1G1 | 1796/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 22.191 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F51028&REV_02\4&1A4C5809&0&00A4
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01F51028&REV_02\4&1A4C5809&0&00A4
Service: bcm4sbxp
.
==== System Restore Points ===================
.
RP906: 12/28/2011 10:25:48 AM - System Checkpoint
RP907: 12/29/2011 10:46:21 AM - System Checkpoint
RP908: 12/30/2011 1:24:47 PM - System Checkpoint
RP909: 1/1/2012 10:06:11 AM - System Checkpoint
RP910: 1/2/2012 11:17:33 AM - System Checkpoint
RP911: 1/2/2012 3:48:45 PM - Software Distribution Service 3.0
RP912: 1/3/2012 10:00:52 AM - Software Distribution Service 3.0
RP913: 1/4/2012 7:41:32 PM - Software Distribution Service 3.0
RP914: 1/5/2012 7:55:39 PM - Restore Operation
RP915: 1/6/2012 9:47:58 PM - System Checkpoint
RP916: 1/8/2012 11:34:18 AM - System Checkpoint
RP917: 1/8/2012 11:32:54 PM - Software Distribution Service 3.0
RP918: 1/11/2012 8:56:57 AM - System Checkpoint
RP919: 1/11/2012 10:15:13 AM - Software Distribution Service 3.0
RP920: 1/12/2012 8:23:12 AM - Software Distribution Service 3.0
RP921: 1/14/2012 7:22:44 AM - System Checkpoint
RP922: 1/15/2012 10:46:29 AM - System Checkpoint
RP923: 1/16/2012 12:18:10 PM - System Checkpoint
RP924: 1/17/2012 12:24:51 PM - System Checkpoint
RP925: 1/18/2012 11:49:55 PM - System Checkpoint
RP926: 1/20/2012 10:15:50 AM - System Checkpoint
RP927: 1/21/2012 11:39:00 AM - System Checkpoint
RP928: 1/22/2012 12:30:30 PM - System Checkpoint
RP929: 1/25/2012 8:39:06 PM - System Checkpoint
RP930: 1/29/2012 3:26:51 PM - System Checkpoint
RP931: 1/30/2012 9:12:16 PM - System Checkpoint
RP932: 1/31/2012 10:33:48 AM - Software Distribution Service 3.0
RP933: 2/1/2012 2:06:01 PM - System Checkpoint
RP934: 2/2/2012 5:30:59 PM - System Checkpoint
RP935: 2/2/2012 7:11:22 PM - Restore Operation
RP936: 2/2/2012 7:24:20 PM - Restore Operation
RP937: 2/2/2012 7:57:24 PM - Software Distribution Service 3.0
RP938: 2/2/2012 11:33:29 PM - Restore Operation
RP939: 2/3/2012 6:51:58 PM - Revo Uninstaller's restore point - Mozilla Firefox 10.0 (x86 en-US)
RP940: 2/3/2012 9:35:46 PM - Revo Uninstaller's restore point - COMODO Internet Security
RP941: 2/3/2012 9:38:50 PM - Removed COMODO Internet Security
RP942: 2/3/2012 10:17:35 PM - after reinstalling te dragon
RP943: 2/5/2012 9:34:17 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Bonjour
Broadcom Management Programs
BSR Screen Recorder 4
CCleaner
CCScore
Comodo Dragon
COMODO GeekBuddy
COMODO Internet Security
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Network Assistant
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Digital Line Detect
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hardcore
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Product Detection
IL Download Manager
iTunes
J2SE Development Kit 5.0 Update 14
J2SE Runtime Environment 5.0 Update 14
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 29
Java(TM) 6 Update 3
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Malwarebytes Anti-Malware version 1.60.1.1000
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Works
Modem Helper
Mozilla Firefox 10.0 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
netbrdg
NetWaiting
OfotoXMI
OpenOffice.org 3.3
PoiZone
PowerDVD 5.7
QuickSet
QuickTime
reFX Vanguard VSTi v1.6.1
Revo Uninstaller 1.88
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Sawer
SearchAssist
Security Task Manager 1.7g
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Update Manager
staticcr
Synaptics Pointing Device Driver
T-RackS 1.x
TheSage
tooltips
Toxic Biohazard
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
V-Station 1.50
Virtual DJ - Atomix Productions
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Service Pack 3
WIRELESS
XML Paper Specification Shared Components Pack 1.0
XoftSpySE
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
2/3/2012 8:39:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.
2/3/2012 8:39:47 PM, error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/3/2012 8:00:02 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
2/3/2012 7:16:43 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/2/2012 7:32:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
2/2/2012 7:32:47 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/2/2012 6:39:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/2/2012 6:38:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 APPDRV aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 6:38:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 6:37:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/2/2012 6:37:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/2/2012 5:43:56 PM, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: The system cannot find the file specified.
2/2/2012 11:52:59 PM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
2/2/2012 10:41:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 APPDRV aswSnx aswSP aswTdi cmdGuard Fips
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==========================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Just follow my instruction and do NOT click on anything what is NOT listed in my guides.
 
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-05 22:59:04
-----------------------------
22:59:04.171 OS Version: Windows 5.1.2600 Service Pack 3
22:59:04.171 Number of processors: 1 586 0x4C02
22:59:04.171 ComputerName: MICHELLE UserName: Shel
22:59:05.765 Initialize success
22:59:08.531 AVAST engine defs: 12020503
22:59:36.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:59:36.000 Disk 0 Vendor: FUJITSU_MHV2060BH 0085002A Size: 57231MB BusType: 3
22:59:36.031 Disk 0 MBR read successfully
22:59:36.031 Disk 0 MBR scan
22:59:36.062 Disk 0 unknown MBR code
22:59:36.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
22:59:36.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 54031 MB offset 224910
22:59:36.125 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 110896695
22:59:36.125 Disk 0 scanning sectors +117194175
22:59:36.203 Disk 0 scanning C:\WINDOWS\system32\drivers
22:59:54.843 Service scanning
22:59:57.734 Modules scanning
23:00:06.125 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
23:00:08.093 Disk 0 trace - called modules:
23:00:08.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
23:00:08.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bcf5e0]
23:00:08.156 3 CLASSPNP.SYS[f74eefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b8e728]
23:00:08.687 AVAST engine scan C:\WINDOWS
23:00:18.937 AVAST engine scan C:\WINDOWS\system32
23:03:33.828 AVAST engine scan C:\WINDOWS\system32\drivers
23:03:48.656 AVAST engine scan C:\Documents and Settings\Shel
23:10:38.437 AVAST engine scan C:\Documents and Settings\All Users
23:11:46.640 Scan finished successfully
23:20:47.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shel\Desktop\MBR.dat"
23:20:47.203 The log file has been saved successfully to "C:\Documents and Settings\Shel\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-05 22:59:04
-----------------------------
22:59:04.171 OS Version: Windows 5.1.2600 Service Pack 3
22:59:04.171 Number of processors: 1 586 0x4C02
22:59:04.171 ComputerName: MICHELLE UserName: Shel
22:59:05.765 Initialize success
22:59:08.531 AVAST engine defs: 12020503
22:59:36.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:59:36.000 Disk 0 Vendor: FUJITSU_MHV2060BH 0085002A Size: 57231MB BusType: 3
22:59:36.031 Disk 0 MBR read successfully
22:59:36.031 Disk 0 MBR scan
22:59:36.062 Disk 0 unknown MBR code
22:59:36.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
22:59:36.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 54031 MB offset 224910
22:59:36.125 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 110896695
22:59:36.125 Disk 0 scanning sectors +117194175
22:59:36.203 Disk 0 scanning C:\WINDOWS\system32\drivers
22:59:54.843 Service scanning
22:59:57.734 Modules scanning
23:00:06.125 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
23:00:08.093 Disk 0 trace - called modules:
23:00:08.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
23:00:08.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bcf5e0]
23:00:08.156 3 CLASSPNP.SYS[f74eefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b8e728]
23:00:08.687 AVAST engine scan C:\WINDOWS
23:00:18.937 AVAST engine scan C:\WINDOWS\system32
23:03:33.828 AVAST engine scan C:\WINDOWS\system32\drivers
23:03:48.656 AVAST engine scan C:\Documents and Settings\Shel
23:10:38.437 AVAST engine scan C:\Documents and Settings\All Users
23:11:46.640 Scan finished successfully
23:20:47.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shel\Desktop\MBR.dat"
23:20:47.203 The log file has been saved successfully to "C:\Documents and Settings\Shel\Desktop\aswMBR.txt"
23:20:59.609 Verifying
23:21:09.656 Disk 0 Windows 501 MBR fixed successfully
23:21:30.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shel\Desktop\MBR.dat"
23:21:30.984 The log file has been saved successfully to "C:\Documents and Settings\Shel\Desktop\aswMBR.txt"
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06dd1c00
Boot sector MD5 is: 2545cd04c0536ff4d864ef9815c56f4e

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
ListParts by Farbar
Ran by Shel on 05-02-2012 at 23:59:29
Windows XP (X86)
Running From: C:\Documents and Settings\Shel\My Documents\Downloads
************************************************************

========================= Memory info ======================

Percentage of memory in use: 81%
Total physical RAM: 446.04 MB
Available physical RAM: 84.3 MB
Total Pagefile: 1054.71 MB
Available Pagefile: 498.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.74 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:52.76 GB) (Free:22.34 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 56 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 110 MB 32 KB
Partition 2 Primary 53 GB 110 MB
Partition 3 Unknown 3075 MB 53 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 53 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No
There is no volume associated with this partition.


****** End Of Log ******
 
Gonna call it a day and go watch superbowlsecond half.its 12.51am here so if you think i need do anyting else ll pick it up fromhere tomorrow
 
No problem :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
You must log in or register to reply here.

Similar threads

A
VMware exploited 34 vulnerable device drivers to gain full control of Windows 11
Replies
3
Views
361
OortCloud
O
E
Nvidia could be working on a new gaming device to rival the Steam Deck
Replies
16
Views
284
Disiw
D
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back