Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] infected computer?

Started by patrik , Oct 14 2009 02:30 PM

  • This topic is locked This topic is locked
7 replies to this topic

#1 patrik

patrik

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 14 October 2009 - 02:30 PM

I recently was a victim of identity theft by credit card. I have made several online purchases with my computer. I am thinking that was how the vandals got my credit card number. Thank you for any help that you can give me.

I ran malware bytes which found

worm.spambot
in the recovery section of my hard drive
minint\system32\drivers\dmload.sys

running superantispyware found no major problems
avast didnt find any problems.



Here is my hijackthis logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:15 PM, on 10/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdqcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [AcceleNet Client Application] C:\Program Files\FamilyOnline\Fastlane\AcceleNetClient.exe -startup
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
O4 - HKLM\..\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v9.update.mic...b?1252862315230
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
O23 - Service: lxdq_device - - C:\WINDOWS\system32\lxdqcoms.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9056 bytes

    Advertisements

Register to Remove

#2 patrik

patrik

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 14 October 2009 - 03:26 PM

ok, I also ran the registry backup erunt and saved a backup. I ran the dds program and the rootrepeal program. Here are the logs from the programs. dds.txt DDS (Ver_09-10-13.01) - NTFSx86 Run by ename at 17:11:37.58 on Wed 10/14/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.111 [GMT -4:00] AV: avast! antivirus 4.8.1356 [VPS 091014-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxdqcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe C:\Documents and Settings\ename\Desktop\computertools\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = <local>;127.0.0.1 BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [ACUMon] "c:\program files\cisco systems\aironet client monitor\ACUMon.Exe" -a mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor mRun: [TP4EX] tp4ex.exe mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe mRun: [AcceleNet Client Application] c:\program files\familyonline\fastlane\AcceleNetClient.exe -startup mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe" mRun: [lxdqamon] "c:\program files\lexmark z2400 series\lxdqamon.exe" mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\familyonline\fastlane\ICTLOAD.DLL Trusted Zone: ameritrade.com Trusted Zone: ameritrade.com\wwws Trusted Zone: tdameritrade.com Trusted Zone: tdameritrade.com\research Trusted Zone: tdameritrade.com\wwws DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v9.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252862315230 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = scecli pwdmon ACGina ================= FIREFOX =================== FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2004-10-7 6784] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2004-10-13 11520] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-13 114768] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2004-10-13 4224] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480] R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2004-10-13 16384] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-13 20560] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-10-7 63616] R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?] R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-1-16 70016] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2004-10-14 11001] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408] S2 015ED354C7CA9060;015ED354C7CA9060;\??\c:\documents and settings\ename\desktop\015ed354c7ca9060\015ed354c7ca9060 --> c:\documents and settings\ename\desktop\015ed354c7ca9060\015ED354C7CA9060 [?] S2 Ca50xav;Icatch(V) Video Camera Device;c:\windows\system32\drivers\ca50xav.sys --> c:\windows\system32\drivers\Ca50xav.sys [?] S2 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;c:\windows\system32\drivers\coachcap.sys [2007-7-1 93068] S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2004-10-14 148688] S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2008-7-25 98984] S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2009-2-1 16194] S3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [2009-2-5 72832] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-2-9 8704] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-2-9 3072] S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336] S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\ename\locals~1\temp\jnv4_mib.sys --> c:\docume~1\ename\locals~1\temp\jnv4_mib.sys [?] S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\drivers\wpn511.sys --> c:\windows\system32\drivers\wpn511.sys [?] S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [2004-10-13 119296] S3 USBCamera;Icatch(V) Still Camera Device;c:\windows\system32\drivers\bulk50x.sys --> c:\windows\system32\drivers\Bulk50x.sys [?] =============== Created Last 30 ================ 2009-10-14 10:53 1,435,648 -c------ c:\windows\system32\dllcache\query.dll 2009-10-14 10:53 58,880 a------- c:\windows\system32\SET121.tmp 2009-10-14 10:53 58,880 -c------ c:\windows\system32\dllcache\msasn1.dll 2009-10-14 10:52 136,192 a------- c:\windows\system32\SET1E.tmp 2009-10-13 15:00 93,805,238 a------- C:\101309.reg 2009-10-13 14:53 <DIR> --dsh--- c:\documents and settings\ename\IECompatCache 2009-10-12 21:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-10-12 21:08 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-10-12 21:08 <DIR> --d----- c:\docume~1\ename\applic~1\SUPERAntiSpyware.com 2009-10-05 22:12 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys 2009-10-05 22:12 14,592 a------- c:\windows\system32\drivers\kbdhid.sys 2009-09-14 22:45 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll ==================== Find3M ==================== 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-13 13:09 594,600 a------- c:\windows\system32\lxdqcoms.exe 2009-08-13 13:09 320,168 a------- c:\windows\system32\lxdqih.exe 2009-08-13 13:09 365,224 a------- c:\windows\system32\lxdqcfg.exe 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe 2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-04 10:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe 2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 12:22 1,435,648 a------- c:\windows\system32\query.dll 1995-12-01 16:01 170,736 a------- c:\documents and settings\ename\LOGIX500.EXE 2009-01-13 19:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011320090114\index.dat ============= FINISH: 17:13:28.78 =============== dds.attach Attached File  Attach.txt   11.52KB   634 downloads rootrepeal ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/14 17:15 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF5FFF000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8BC6000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP2336 Image Path: \Driver\PCI_PNP2336 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF28C3000 Size: 49152 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: spxe.sys Image Path: spxe.sys Address: 0xF8555000 Size: 1048576 File Visible: No Signed: - Status: - Name: srescan.sys Image Path: srescan.sys Address: 0xF835F000 Size: 81920 File Visible: No Signed: - Status: - SSDT ------------------- #: 000 Function Name: NtAcceptConnectPort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058fe01 #: 001 Function Name: NtAccessCheck Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805790f1 #: 002 Function Name: NtAccessCheckAndAuditAlarm Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805879a5 #: 003 Function Name: NtAccessCheckByType Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059113c #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058da8f #: 005 Function Name: NtAccessCheckByTypeResultList Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806380b6 #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8063a23f #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8063a288 #: 008 Function Name: NtAddAtom Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057a6e4 #: 009 Function Name: NtAddBootEntry Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064904d #: 010 Function Name: NtAdjustGroupsToken Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8063786d #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058d0ad #: 012 Function Name: NtAlertResumeThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062f9b4 #: 013 Function Name: NtAlertThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057abcd #: 014 Function Name: NtAllocateLocallyUniqueId Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80588934 #: 015 Function Name: NtAllocateUserPhysicalPages Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80626937 #: 016 Function Name: NtAllocateUuids Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805dd3d9 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80568fc3 #: 018 Function Name: NtAreMappedFilesTheSame Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805d9777 #: 021 Function Name: NtCancelDeviceWakeupRequest Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649063 #: 024 Function Name: NtClearEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056966f #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf60916b8 #: 026 Function Name: NtCloseObjectAuditAlarm Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058d51b #: 027 Function Name: NtCompactKeys Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064e918 #: 028 Function Name: NtCompareTokens Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80589724 #: 029 Function Name: NtCompleteConnectPort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80590b49 #: 030 Function Name: NtCompressKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064eb87 #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61cdfc0 #: 033 Function Name: NtCreateDebugObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8065a03e #: 035 Function Name: NtCreateEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056d57a #: 036 Function Name: NtCreateEventPair Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649158 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61cac80 #: 038 Function Name: NtCreateIoCompletion Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80591395 #: 040 Function Name: NtCreateJobSet Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062fe5f #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf6091574 #: 042 Function Name: NtCreateMailslotFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805d9668 #: 043 Function Name: NtCreateMutant Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80578037 #: 044 Function Name: NtCreateNamedPipeFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80583f4b #: 046 Function Name: NtCreatePort Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61ce580 #: 047 Function Name: NtCreateProcess Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e2900 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e2b10 #: 049 Function Name: NtCreateProfile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649779 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e6b10 #: 051 Function Name: NtCreateSemaphore Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057243b #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059f519 #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058e64b #: 054 Function Name: NtCreateTimer Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059e5f5 #: 056 Function Name: NtCreateWaitablePort Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61ce670 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8065b1b9 #: 058 Function Name: NtDebugContinue Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8065b313 #: 060 Function Name: NtDeleteAtom Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80587491 #: 061 Function Name: NtDeleteBootEntry Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649063 #: 062 Function Name: NtDeleteFile Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61cb210 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e59f0 #: 064 Function Name: NtDeleteObjectAuditAlarm Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8063a2e3 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf6091a52 #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058efb9 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e2280 #: 069 Function Name: NtDuplicateToken Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057cfeb #: 070 Function Name: NtEnumerateBootEntries Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064904d #: 071 Function Name: NtEnumerateKey Status: Hooked by "spxe.sys" at address 0xf8574ca2 #: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80648adb #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spxe.sys" at address 0xf8575030 #: 074 Function Name: NtExtendSection Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80625758 #: 076 Function Name: NtFindAtom Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805899b4 #: 077 Function Name: NtFlushBuffersFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058760e #: 078 Function Name: NtFlushInstructionCache Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80577693 #: 079 Function Name: NtFlushKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805dc5a0 #: 080 Function Name: NtFlushVirtualMemory Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059acdc #: 081 Function Name: NtFlushWriteBuffer Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062719b #: 082 Function Name: NtFreeUserPhysicalPages Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80626cec #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805698ee #: 084 Function Name: NtFsControlFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057aab5 #: 085 Function Name: NtGetContextThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805e0403 #: 086 Function Name: NtGetDevicePowerState Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062c19b #: 087 Function Name: NtGetPlugPlayEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059fdc8 #: 089 Function Name: NtImpersonateAnonymousToken Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805975e5 #: 090 Function Name: NtImpersonateClientOfPort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80589190 #: 091 Function Name: NtImpersonateThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057e641 #: 093 Function Name: NtInitiatePowerAction Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062bf67 #: 094 Function Name: NtIsProcessInJob Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062fd13 #: 095 Function Name: NtIsSystemResumeAutomatic Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062c182 #: 098 Function Name: NtLoadKey Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e5f10 #: 099 Function Name: NtLoadKey2 Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e5f90 #: 100 Function Name: NtLockFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80588477 #: 102 Function Name: NtLockRegistryKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805d0ee7 #: 104 Function Name: NtMakePermanentObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059f955 #: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059f8d2 #: 106 Function Name: NtMapUserPhysicalPages Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80625e23 #: 107 Function Name: NtMapUserPhysicalPagesScatter Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806262f7 #: 108 Function Name: NtMapViewOfSection Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80573b61 #: 109 Function Name: NtModifyBootEntry Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649063 #: 110 Function Name: NtNotifyChangeDirectoryFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058a950 #: 111 Function Name: NtNotifyChangeKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058a699 #: 112 Function Name: NtNotifyChangeMultipleKeys Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058a762 #: 113 Function Name: NtOpenDirectoryObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80590a42 #: 114 Function Name: NtOpenEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057dce7 #: 115 Function Name: NtOpenEventPair Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649249 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61cb070 #: 117 Function Name: NtOpenIoCompletion Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806167bb #: 118 Function Name: NtOpenJobObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806300b7 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf609164e #: 120 Function Name: NtOpenMutant Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805780e5 #: 121 Function Name: NtOpenObjectAuditAlarm Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805953b5 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e4180 #: 123 Function Name: NtOpenProcessToken Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056def5 #: 124 Function Name: NtOpenProcessTokenEx Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056e0ee #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80570fd7 #: 126 Function Name: NtOpenSemaphore Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059efd5 #: 127 Function Name: NtOpenSymbolicLinkObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059090e #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e3f40 #: 129 Function Name: NtOpenThreadToken Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056d992 #: 130 Function Name: NtOpenThreadTokenEx Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056d903 #: 131 Function Name: NtOpenTimer Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064907f #: 132 Function Name: NtPlugPlayControl Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805db2f4 #: 133 Function Name: NtPowerInformation Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059c9d6 #: 134 Function Name: NtPrivilegeCheck Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805dd9ae #: 135 Function Name: NtPrivilegeObjectAuditAlarm Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805dd248 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80571cb1 #: 138 Function Name: NtPulseEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805db08c #: 139 Function Name: NtQueryAttributesFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805744b2 #: 140 Function Name: NtQueryBootEntryOrder Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064904d #: 141 Function Name: NtQueryBootOptions Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064904d #: 143 Function Name: NtQueryDefaultLocale Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80566b9e #: 144 Function Name: NtQueryDefaultUILanguage Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057eaa7 #: 145 Function Name: NtQueryDirectoryFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80572111 #: 146 Function Name: NtQueryDirectoryObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805843ad #: 147 Function Name: NtQueryEaFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80616a08 #: 148 Function Name: NtQueryEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80590abf #: 149 Function Name: NtQueryFullAttributesFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057c81a #: 150 Function Name: NtQueryInformationAtom Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805d76f8 #: 151 Function Name: NtQueryInformationFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80572c6a #: 152 Function Name: NtQueryInformationJobObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805808ad #: 153 Function Name: NtQueryInformationPort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062321f #: 154 Function Name: NtQueryInformationProcess Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056db30 #: 155 Function Name: NtQueryInformationThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056ba87 #: 156 Function Name: NtQueryInformationToken Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056e65f #: 157 Function Name: NtQueryInstallUILanguage Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057de2b #: 158 Function Name: NtQueryIntervalProfile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649c2b #: 159 Function Name: NtQueryIoCompletion Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8061687c #: 160 Function Name: NtQueryKey Status: Hooked by "spxe.sys" at address 0xf8575108 #: 161 Function Name: NtQueryMultipleValueKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064e300 #: 162 Function Name: NtQueryMutant Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806495b2 #: 163 Function Name: NtQueryObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057f4b4 #: 164 Function Name: NtQueryOpenSubKeys Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064e507 #: 165 Function Name: NtQueryPerformanceCounter Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80567348 #: 166 Function Name: NtQueryQuotaInformationFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806172cf #: 167 Function Name: NtQuerySection Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057d4d6 #: 168 Function Name: NtQuerySecurityObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805dd84e #: 169 Function Name: NtQuerySemaphore Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806483a7 #: 170 Function Name: NtQuerySymbolicLinkObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059077f #: 171 Function Name: NtQuerySystemEnvironmentValue Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80648b03 #: 172 Function Name: NtQuerySystemEnvironmentValueEx Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80648ac8 #: 173 Function Name: NtQuerySystemInformation Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057bc40 #: 174 Function Name: NtQuerySystemTime Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805911c6 #: 175 Function Name: NtQueryTimer Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80587212 #: 176 Function Name: NtQueryTimerResolution Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80584013 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf609176e #: 178 Function Name: NtQueryVirtualMemory Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056e1ec #: 179 Function Name: NtQueryVolumeInformationFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056d003 #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80591097 #: 182 Function Name: NtRaiseHardError Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806480e3 #: 183 Function Name: NtReadFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80574117 #: 184 Function Name: NtReadFileScatter Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805da83f #: 185 Function Name: NtReadRequestData Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805894d5 #: 186 Function Name: NtReadVirtualMemory Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057e2d8 #: 187 Function Name: NtRegisterThreadTerminatePort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058ed98 #: 189 Function Name: NtReleaseSemaphore Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80587f0a #: 190 Function Name: NtRemoveIoCompletion Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80566fa9 #: 191 Function Name: NtRemoveProcessDebug Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8065b28e #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e66f0 #: 193 Function Name: NtReplaceKey Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e6150 #: 194 Function Name: NtReplyPort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057cce4 #: 195 Function Name: NtReplyWaitReceivePort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056b82e #: 196 Function Name: NtReplyWaitReceivePortEx Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056b346 #: 197 Function Name: NtReplyWaitReplyPort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806232fe #: 198 Function Name: NtRequestDeviceWakeup Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062c10f #: 199 Function Name: NtRequestPort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805dd604 #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61cdbe0 #: 201 Function Name: NtRequestWakeupLatency Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062bf08 #: 202 Function Name: NtResetEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059eb98 #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf609172e #: 205 Function Name: NtResumeProcess Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062f954 #: 206 Function Name: NtResumeThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058ecbe #: 207 Function Name: NtSaveKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064ed72 #: 208 Function Name: NtSaveKeyEx Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064ee5d #: 209 Function Name: NtSaveMergedKeys Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064ef8a #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61ce190 #: 211 Function Name: NtSetBootEntryOrder Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064904d #: 212 Function Name: NtSetBootOptions Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064904d #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062dd17 #: 214 Function Name: NtSetDebugFilterState Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8065cdd6 #: 215 Function Name: NtSetDefaultHardErrorPort Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805d5667 #: 218 Function Name: NtSetEaFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80616f57 #: 219 Function Name: NtSetEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805696be #: 220 Function Name: NtSetEventBoostPriority Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057598e #: 221 Function Name: NtSetHighEventPair Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064953d #: 222 Function Name: NtSetHighWaitLowEventPair Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649461 #: 223 Function Name: NtSetInformationDebugObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8065ac2f #: 224 Function Name: NtSetInformationFile Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61cb440 #: 226 Function Name: NtSetInformationKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064de63 #: 227 Function Name: NtSetInformationObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057dd5d #: 228 Function Name: NtSetInformationProcess Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056dc01 #: 229 Function Name: NtSetInformationThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80575576 #: 231 Function Name: NtSetIntervalProfile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649757 #: 232 Function Name: NtSetIoCompletion Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8056bd1b #: 233 Function Name: NtSetLdtEntries Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062ea37 #: 234 Function Name: NtSetLowEventPair Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806494d3 #: 235 Function Name: NtSetLowWaitHighEventPair Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806493ef #: 236 Function Name: NtSetQuotaInformationFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806172a5 #: 237 Function Name: NtSetSecurityObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8059b1ab #: 238 Function Name: NtSetSystemEnvironmentValue Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80648da0 #: 239 Function Name: NtSetSystemEnvironmentValueEx Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80648ac8 #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8066768b #: 242 Function Name: NtSetSystemTime Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80647a2b #: 243 Function Name: NtSetThreadExecutionState Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805e0172 #: 245 Function Name: NtSetTimerResolution Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805e07f8 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf60918ae #: 248 Function Name: NtSetVolumeInformationFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806177eb #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80647177 #: 251 Function Name: NtStartProfile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x806499c0 #: 252 Function Name: NtStopProfile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80649b79 #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062f8f9 #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805e046e #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf61e3200 #: 256 Function Name: NtTerminateJobObject Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8063022d #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf614e0b0 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8057b88f #: 259 Function Name: NtTestAlert Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8058e7a5 #: 261 Function Name: NtTranslateFilePath Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80648aef #: 262 Function Name: NtUnloadDriver Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x80619c0e #: 263 Function Name: NtUnloadKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064d9da #: 264 Function Name: NtUnloadKeyEx Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8064dc03 #: 265 Function Name: NtUnlockFile Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805885d7 #: 266 Function Name: NtUnlockVirtualMemory Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8062720f #: 267 Function Name: NtUnmapViewOfSection Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805736e6 #: 269 Function Name: NtWaitForDebugEvent Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x8065a978 #: 270 Function Name: NtWaitForMultipleObjects Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x805666e0 #: 272 Function Name: NtWaitHighEventPair Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at ad==EOF==

#3 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 October 2009 - 06:55 PM

Hi patrik,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Your Java is out of date and you have other old versions still on your computer, those old versions are now a security vulnerability:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer - Version 6 update 16


Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#4 patrik

patrik

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 21 October 2009 - 03:52 PM

Hi tomk, Ok I updated the java and removed all the previous versions and ran the online kaspersky virus checker. Here is the report. So far so good. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, October 21, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Wednesday, October 21, 2009 15:43:58 Records in database: 3041723 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 64771 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 06:20:05 No threats found. Scanned area is clean. Selected area has been scanned.

#5 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 21 October 2009 - 04:52 PM

patrik,

Neither I nor Kaspersky seems to be able to find any malware on your computer. So...

Log looks good :D


You need to create a new Clean restore point:

Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#6 patrik

patrik

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 21 October 2009 - 11:08 PM

Thank you Tomk, Thats a big relief that it wasnt my computer that was the cause of my problem. :thumbup: Thanks again for the help.

#7 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 21 October 2009 - 11:43 PM

patrik, You are very welcome. Good Luck and Be Well. :thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 21 October 2009 - 11:45 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·