Tech Support Forum banner
Cancel

My Windows XP computer won't powerdown.

Jump to Latest Follow
Status
Not open for further replies.
1 - 12 of 12 Posts
M

· Registered
Joined
·
10 Posts
Discussion Starter · #1 · (Edited)
This problem seemed to start after I installed a cracked Altbinz .30. The program just wouldn't download anything correctly. So I posted on the Altbinz website and they told me the cracked version has a Trojan virus attached. I then got rid of it and installed the version I was using previously to a different directory and files within that program downloaded perfectly. Later that night when I shutdown my windows XP Pro SP2 OS, it wouldn't complete the full power down. My monitor will go to standby mode as it usually would but my Tower stays on (One of the lights on my CD Drives stays on and doesn't shut off, the power and Hard Drive lights stay constant). It won't shut off even if I hold down the power button. The only way I can shut off the PC is by switching the off switch on my Power Supply. When I try to put my computer on after wards by switching the Power Supply back on, the computer remains at that same position as it was when I tried to power it down. But this time when I hit the power button it restarts the computer. This problem continues to persist. I researched this problem online and tried many suggestions. I ran an anti-virus, Zero day and Spy-ware scanner. Next I went into Safe mode and deleted the altbinz exe that .30 had created. The computer still wouldn't power down. I used the ShutNTDown Registry patch and added a powershutdown setting in my registry manually as I read online, both with no result. Then I tried running Windows File Protection (sfc /scannow) and it found nothing. I ran HijackThis and didn't see any abnormal problems. Then I tried reverting to an older system restore which my computer failed to complete. I updated to the latest bios and cleaned the inside of my tower with an air can. I looked for the power options in my computer and can't find it. I then enabled ACPI in my bios because I don't have APM and then looked and the power option still wasn't available. Then I tried restarting in safe mode and tried shutting down and it still wouldn't power down. Then I tried reverting to the last known good configuration with no positive result. I really don't want to have to reinstall my windows, but this seems like the last step before I determine that it is a hardware problem. Can anyone else tell me what I can do to fix this problem? Any help would be greatly appreciated.
 
M

· Registered
Joined
·
10 Posts
Discussion Starter · #2 ·
Update:
I ran atf cleaner, Malwarebytes anti-malware, and rooter scanner which took a few hours. Anti-Malware found a bunch of viruses and stuff. I deleted them after reboot. Then I shutdown my computer and it powered down perfectly. I went to bed. When I got up I saw that my computer turned itself back on and the cdrom, hard drive and power lights were constant as if the same problem was repeating. I also ran chkdsk /r afterwards. So now I am back to square one, can someone tell me what else I should do?
 
M

· Registered
Joined
·
10 Posts
Discussion Starter · #4 · (Edited)
ComboFix 09-05-07.06 - Comp 05/07/2009 19:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.357 [GMT -4:00]
Running from: c:\documents and settings\Comp\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
AV: ThreatFire *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Comp\Application Data\inst.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\mail.exe
c:\windows\system32\uuddc32.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-07 04:33 . 2009-05-07 04:33 -------- d-----w c:\documents and settings\Comp\Application Data\Malwarebytes
2009-05-07 04:32 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-07 04:32 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 04:32 . 2009-05-07 04:32 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 04:32 . 2009-05-07 04:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-07 01:08 . 2004-08-04 04:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-07 01:08 . 2001-08-18 02:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-07 01:08 . 2001-08-18 02:36 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-05-07 01:08 . 2001-08-18 02:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-05-07 01:08 . 2001-08-18 02:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-05-07 01:08 . 2001-08-18 02:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-05-07 01:08 . 2001-08-17 16:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-05-07 01:08 . 2004-08-04 02:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-05-07 01:08 . 2004-08-04 03:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-05-07 01:08 . 2004-08-04 02:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-05-07 01:08 . 2004-08-04 04:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-05-07 01:06 . 2004-08-04 03:07 59264 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-05-07 01:05 . 2001-08-17 16:51 58368 -c--a-w c:\windows\system32\dllcache\smiminib.sys
2009-05-07 01:04 . 2004-08-04 02:59 79104 -c--a-w c:\windows\system32\dllcache\rocket.sys
2009-05-07 01:03 . 2001-08-17 16:20 54528 -c--a-w c:\windows\system32\dllcache\opl3sax.sys
2009-05-07 01:02 . 2001-08-17 18:00 2944 -c--a-w c:\windows\system32\dllcache\msmpu401.sys
2009-05-07 01:01 . 2001-08-18 02:36 37376 -c--a-w c:\windows\system32\dllcache\kousd.dll
2009-05-07 01:00 . 2001-08-18 02:36 20480 -c--a-w c:\windows\system32\dllcache\icam5ext.dll
2009-05-07 00:59 . 2001-08-17 16:15 442240 -c--a-w c:\windows\system32\dllcache\fpnpbase.sys
2009-05-07 00:58 . 2001-08-17 16:13 103044 -c--a-w c:\windows\system32\dllcache\digidxb.sys
2009-05-07 00:57 . 2001-08-17 17:51 13824 -c--a-w c:\windows\system32\dllcache\bulltlp3.sys
2009-05-07 00:56 . 2004-08-04 02:29 52224 -c--a-w c:\windows\system32\dllcache\atinraxx.sys
2009-05-07 00:55 . 2001-08-17 18:56 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll
2009-05-07 00:28 . 2002-08-29 10:41 133120 ----a-w c:\windows\system32\sfc__os.dll
2009-05-06 23:42 . 2009-05-06 23:42 -------- d-----w c:\documents and settings\Comp\Application Data\Mael
2009-05-06 22:58 . 2009-05-07 06:49 -------- d-----w C:\I386
2009-05-06 18:08 . 2009-05-06 18:08 -------- d-----w c:\documents and settings\eMule_Secure\Local Settings\Application Data\Google
2009-05-06 18:07 . 2009-05-06 18:07 -------- d-----w c:\program files\ASUS
2009-05-04 19:17 . 2005-01-28 20:44 24576 ----a-r c:\windows\system32\AsIO.dll
2009-05-04 19:17 . 2004-10-14 21:52 4962 ----a-r c:\windows\system32\drivers\AsIO.sys
2009-05-03 20:24 . 2001-08-17 17:47 9344 -c--a-w c:\windows\system32\dllcache\ntapm.sys
2009-05-03 20:24 . 2001-08-17 17:47 9344 ----a-w c:\windows\system32\drivers\NtApm.sys
2009-05-02 09:46 . 2009-05-06 18:06 -------- d-----w C:\altbinz
2009-04-28 02:48 . 2009-04-27 01:14 426 ----a-w c:\windows\system32\altbinzsvc.reg
2009-04-28 02:48 . 2009-04-27 01:01 285696 ----a-w c:\windows\system32\altbinzsvc.exe
2009-04-28 02:48 . 2009-04-27 01:14 41 ----a-w c:\windows\system32\altbinzsvc.bat
2009-04-28 02:48 . 2009-04-26 19:29 78 ----a-w c:\windows\system32\altbinzsvc.vbs
2009-04-24 01:19 . 2009-04-24 01:19 200 ----a-w c:\windows\AUDC80UI.dat
2009-04-24 01:18 . 2009-04-24 01:18 -------- d-----w c:\program files\Audio Converter
2009-04-24 01:10 . 2009-04-24 01:10 -------- d-----w C:\PureVoice
2009-04-16 02:35 . 2009-04-16 02:51 -------- d-----w c:\documents and settings\Comp\Tracing
2009-04-16 02:27 . 2009-04-16 02:27 -------- d-----w c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 23:53 . 2007-07-21 22:08 -------- d-----w c:\program files\Error Repair Professional
2009-05-07 21:30 . 2005-12-12 05:41 40 ----a-w c:\windows\system32\profile.dat
2009-05-06 22:17 . 2007-04-10 21:22 -------- d-----w c:\program files\Trend Micro
2009-05-06 18:07 . 2005-12-12 06:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 18:16 . 2005-12-12 05:37 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-25 03:41 . 2007-05-26 23:36 -------- d-----w c:\program files\Google
2009-04-24 00:45 . 2009-04-06 04:51 -------- d-----w c:\program files\AVS4YOU
2009-04-24 00:45 . 2009-04-06 04:51 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-12 21:16 . 2007-08-04 17:19 -------- d---a-w c:\program files\eMule
2009-04-06 05:24 . 2009-04-06 05:15 -------- d-----w c:\program files\SimpleDivX
2009-04-06 04:31 . 2009-04-06 04:31 -------- d-----w c:\program files\Xvid
2009-03-31 21:50 . 2009-02-18 23:17 -------- d-----w c:\program files\LimeWire
2009-03-23 07:35 . 2009-03-23 07:35 -------- d-----w c:\program files\Opera
2009-03-23 06:48 . 2009-03-23 06:48 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-19 21:30 . 2009-03-19 21:30 -------- d-----w c:\program files\Common Files\HTML Executable Viewer
2009-03-11 08:10 . 2008-01-16 23:11 -------- d-----w c:\program files\ThreatFire
2009-03-09 19:40 . 2008-12-02 01:12 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-09 19:40 . 2006-01-02 19:50 -------- d-----w c:\program files\Java
2009-03-08 08:34 . 2004-08-04 07:56 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 07:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 07:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 07:56 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 07:56 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 07:56 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 07:56 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 07:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 07:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2001-08-23 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:44 . 2004-08-04 07:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 18:19 . 2008-05-21 08:33 39184 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 18:19 . 2008-05-21 08:33 33040 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 18:19 . 2008-01-16 23:11 12560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 18:19 . 2008-05-21 08:33 51472 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-02-19 18:07 . 2005-12-12 06:31 70320 ----a-w c:\documents and settings\Comp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-15 19:30 . 2006-10-13 20:24 1488688 ----a-w c:\windows\system32\muBlinder_ValBackup.dll
2009-02-09 10:20 . 2004-08-04 07:56 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-04 07:56 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-04 07:56 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-04 07:56 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:19 . 2004-08-04 06:17 1846272 ----a-w c:\windows\system32\win32k.sys
2001-09-11 13:45 . 2006-01-07 15:38 493 ----a-w c:\program files\setup.bat
2001-09-10 22:29 . 2006-01-07 15:38 13521 ----a-w c:\program files\SetupReg.exe
2001-08-13 09:05 . 2006-01-07 15:39 135813120 ----a-w c:\program files\GAMEDATA.GTC
2001-08-13 09:05 . 2006-01-07 15:38 43740 -c--a-w c:\program files\COMPRESS.INF
2001-08-13 09:01 . 2006-01-07 15:38 784312 ----a-w c:\program files\FILELIST.INF
2008-06-05 19:01 . 2008-06-05 19:01 24 --sh--w c:\windows\S2AAE989C.tmp
2006-10-14 00:24 . 2006-10-14 00:12 88 --sha-r c:\windows\system32\6AEF55C80D.sys
2007-04-02 21:23 . 2006-10-14 00:12 5852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~2\\vptray.exe" [2007-10-08 125368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"muBlinder"="c:\documents and settings\Comp\Desktop\muBlinder\muBlinder.exe" [2009-04-02 1464320]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2005-10-11 2807808]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-29 1626112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 01:35 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorRepairPro
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KCeasy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"SBCSSvc"=2 (0x2)
"WebClient"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7808:TCP"= 7808:TCP:BitComet 7808 TCP
"7808:UDP"= 7808:UDP:BitComet 7808 UDP
"19000:TCP"= 19000:TCP:BitComet 19000 TCP(ED2K)
"19000:UDP"= 19000:UDP:BitComet 19000 UDP(ED2K)
"23114:TCP"= 23114:TCP:BitComet 23114 TCP(ED2K)
"23114:UDP"= 23114:UDP:BitComet 23114 UDP(ED2K)
"10589:TCP"= 10589:TCP:BitComet 10589 TCP
"10589:UDP"= 10589:UDP:BitComet 10589 UDP
"20225:TCP"= 20225:TCP:BitComet 20225 TCP
"20225:UDP"= 20225:UDP:BitComet 20225 UDP
"9655:TCP"= 9655:TCP:BitComet 9655 TCP(ED2K)
"9655:UDP"= 9655:UDP:BitComet 9655 UDP(ED2K)
"52580:TCP"= 52580:TCP:BitComet 52580 TCP(ED2K)
"52580:UDP"= 52580:UDP:BitComet 52580 UDP(ED2K)

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [12/12/2005 2:50 AM 24971]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [5/21/2008 4:33 AM 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [5/21/2008 4:33 AM 39184]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [10/7/2008 9:31 PM 61424]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1/29/2009 5:15 PM 47640]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/7/2009 12:32 AM 179856]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/1/2009 8:04 PM 101936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/7/2009 12:32 AM 15504]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [5/21/2008 4:33 AM 33040]
S2 DriveSentryCommsDriver;DriveSentryCommsDriver;c:\windows\system32\DRIVERS\DriveSentryCommsDriver.sys --> c:\windows\system32\DRIVERS\DriveSentryCommsDriver.sys [?]
S2 freenet-darknet-8888;Freenet 0.7 darknet-8888; [x]
S2 gupdate1c9b6db991d274c;Google Update Service (gupdate1c9b6db991d274c);c:\program files\Google\Update\GoogleUpdate.exe [4/6/2009 1:17 PM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [6/10/2008 1:49 AM 508544]
S3 DrmCVideo32;DrmCVideo32;c:\windows\system32\drivers\DrmCVideo32.sys [6/10/2008 1:49 AM 3768]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [5/3/2009 4:24 PM 9344]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]
S3 UltraCrypt;UltraCrypt;\??\c:\program files\UltraLeecher\UltraCrypt.sys --> c:\program files\UltraLeecher\UltraCrypt.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cc65c6-c362-11da-81c5-0011d80e6628}]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bcd810e-b3ae-11da-818b-806d6172696f}]
\shell\play\Command - "c:\program files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{011A540B-9939-5978-4775-64BC4F26FEC9}]
c:\windows\system32\ud.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 17:17]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ErrorRepairPro - c:\program files\Error Repair Professional\autostart.exe
HKCU-Run-Aim6 - (no file)
ShellExecuteHooks-{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Comp\Application Data\Mozilla\Firefox\Profiles\hv2rcumh.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 20:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-789336058-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-329068152-789336058-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2082E1C-A023-EFF0-4564-803F73C8F49B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abiolfbpfchiapdohepabmgekbdiiklgbe"=hex:65,62,69,6f,6b,64,6b,61,6c,62,65,66,
62,68,6b,64,66,64,61,6d,6f,66,6f,6b,65,68,61,6e,64,6a,64,6a,66,62,62,67,66,\
"bbiolfbpfchiapdoheoacneiggnogdjnjfpd"=hex:61,62,6c,6d,62,64,70,6f,63,64,69,6d,
68,70,61,70,6a,65,6a,6e,66,70,6a,67,66,69,62,62,6e,6e,61,64,62,6a,00,67

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:bd,5e,b1,8d,c8,fa,16,96,6e,d2,fe,9b,1f,8d,dc,2d,47,5e,91,5d,03,
17,ee,c5,b9,95,7f,19,07,a7,34,02,d5,fe,b5,6c,b2,47,31,c2,ad,7f,8e,12,f1,6e,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:bd,5e,b1,8d,c8,fa,16,96,6e,d2,fe,9b,1f,8d,dc,2d,47,5e,91,5d,03,
17,ee,c5,b9,95,7f,19,07,a7,34,02,d5,fe,b5,6c,b2,47,31,c2,ad,7f,8e,12,f1,6e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\LMIinit.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll

- - - - - - - > 'lsass.exe'(1056)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2009-05-08 20:08
ComboFix-quarantined-files.txt 2009-05-08 00:08

Pre-Run: 42,841,538,560 bytes free
Post-Run: 42,838,376,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
313
 

Attachments

kodi

· Premium Member
Joined
·
8,751 Posts
#6 ·
@ spike2me, Only Qualified TSF staff members are allowed to give help with Virus removal on this Forum
@ misterix, have moved this thread to the Virus removal forum where you will get help
 
M

· Registered
Joined
·
10 Posts
Discussion Starter · #7 · (Edited)
Update: I ran Symantec Antivirus, Counterspy and Stopzilla in safe mode. After it fixed the extra spys it found, when I rebooted into windows, my internet went down. My ISP could not fix it. I then did a repair of my copy of Windows XP, I still couldn't connect to the internet. Ran a winsockfix, called my ISP and they fixed it. However my computer STILL won't powerdown. My tech at the ISP told me it sounds like I have a Stealth Spyware Script and that only Spy Sweeper will fix it other then a complete format and clean windows install. Are there any steps to do now without having to format and do a clean install or determine it's a hardware problem?
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#8 ·
Save Share
M

· Registered
Joined
·
10 Posts
Discussion Starter · #9 ·
DDS (Ver_09-03-16.01) - NTFSx86
Run by Comp at 2:45:07.12 on Wed 05/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.447 [GMT -4:00]

AV: ThreatFire *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Symantec Client Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\vptray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Comp\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
{5ca3d70e-1895-11cf-8e15-001234567890}
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [High Definition Audio Property Page Shortcut] "c:\windows\system32\HDAShCut.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [vptray] c:\progra~1\symant~2\symant~2\\vptray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [muBlinder] c:\documents and settings\comp\desktop\mublinder\muBlinder.exe -startup
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: turbotax.com
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233513819000
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233513803890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\comp\applic~1\mozilla\firefox\profiles\hv2rcumh.default\
FF - prefs.js: browser.startup.homepage - about:blank

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-12-12 26112]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-3-12 54656]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-5-21 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-5-21 39184]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-5-9 13360]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-10-7 61424]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2007-5-29 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-29 47640]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-5-9 69168]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-8 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090508.003\naveng.sys [2009-5-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090508.003\navex15.sys [2009-5-8 876144]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-5-21 33040]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 DriveSentryCommsDriver;DriveSentryCommsDriver;c:\windows\system32\drivers\drivesentrycommsdriver.sys --> c:\windows\system32\drivers\DriveSentryCommsDriver.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2008-10-28 886056]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-2 4048240]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]
S3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2008-6-10 508544]
S3 DrmCVideo32;DrmCVideo32;c:\windows\system32\drivers\DrmCVideo32.sys [2008-6-10 3768]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\ntapm.sys [2001-8-17 9344]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
S3 UltraCrypt;UltraCrypt;\??\c:\program files\ultraleecher\ultracrypt.sys --> c:\program files\ultraleecher\UltraCrypt.sys [?]
S4 freenet-darknet-8888;Freenet 0.7 darknet-8888; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-05-12 13:50 560 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-05-11 17:21 <DIR> --dsh--- C:\Diskeeper
2009-05-11 17:18 <DIR> --d----- c:\program files\common files\Diskeeper Corporation
2009-05-11 17:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Diskeeper Corporation
2009-05-11 14:47 282,624 a------- c:\windows\system32\yk51x86.dll
2009-05-11 04:46 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-11 04:45 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-11 04:45 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-11 04:45 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-11 04:45 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-11 04:44 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-11 04:42 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-11 04:40 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-05-11 01:30 20,992 ac------ c:\windows\system32\dllcache\permchk.dll
2009-05-11 01:29 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll
2009-05-11 01:28 2,134,528 ac------ c:\windows\system32\dllcache\smtpsnap.dll
2009-05-11 01:26 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-05-11 01:26 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-05-11 01:26 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-05-11 01:26 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-05-11 01:26 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-05-11 01:26 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-05-11 01:26 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-05-11 01:25 7,168 ac------ c:\windows\system32\dllcache\bitsprx4.dll
2009-05-11 01:25 7,168 a------- c:\windows\system32\bitsprx4.dll
2009-05-11 01:23 290,304 ac------ c:\windows\system32\dllcache\rhttpaa.dll
2009-05-11 01:23 136,192 ac------ c:\windows\system32\dllcache\aaclient.dll
2009-05-11 01:23 53,248 ac------ c:\windows\system32\dllcache\tsgqec.dll
2009-05-11 01:23 290,304 a------- c:\windows\system32\rhttpaa.dll
2009-05-11 01:23 136,192 a------- c:\windows\system32\aaclient.dll
2009-05-11 01:23 53,248 a------- c:\windows\system32\tsgqec.dll
2009-05-11 01:20 4,444 a------- c:\windows\system32\pid.PNF
2009-05-11 01:18 123,602 a------- c:\windows\system32\nvapps.nvb
2009-05-11 00:12 0 a------- c:\windows\SETE2.tmp
2009-05-10 21:01 <DIR> --d----- c:\windows\system32\scripting
2009-05-10 21:01 <DIR> --d----- c:\windows\system32\en
2009-05-10 21:01 <DIR> --d----- c:\windows\Network Diagnostic
2009-05-10 21:01 <DIR> --d----- c:\windows\L2Schemas
2009-05-10 15:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-05-10 14:48 <DIR> --d----- C:\Binaries
2009-05-10 14:46 <DIR> --d----- c:\program files\Webroot
2009-05-09 14:30 69,168 a------- c:\windows\system32\drivers\sbapifs.sys
2009-05-09 14:30 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-05-09 04:51 37,390,376 a------- c:\docume~1\comp\applic~1\SpySweeperRegSetup_EN.exe
2009-05-09 04:42 <DIR> --d----- c:\docume~1\comp\applic~1\Sunbelt
2009-05-09 04:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-05-09 04:41 <DIR> --d----- c:\program files\Sunbelt Software
2009-05-09 02:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-05-09 02:12 <DIR> --d----- c:\program files\common files\iS3
2009-05-09 02:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-05-09 02:08 <DIR> --d----- c:\docume~1\comp\applic~1\STOPzilla!
2009-05-09 02:07 <DIR> --d----- c:\program files\STOPzilla!
2009-05-08 15:17 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-08 15:17 <DIR> --d----- c:\docume~1\comp\applic~1\SUPERAntiSpyware.com
2009-05-08 15:09 22,528 a------- c:\windows\system32\wsock32.dlb
2009-05-08 15:09 205,560 a------- c:\windows\UNBOC.EXE
2009-05-08 15:09 212,728 a------- c:\windows\CMDLIC.DLL
2009-05-08 15:09 <DIR> --d----- c:\program files\Comodo
2009-05-08 14:20 <DIR> --d----- c:\program files\Spyware Terminator
2009-05-07 20:41 <DIR> --d----- c:\docume~1\comp\applic~1\Mael
2009-05-07 19:57 <DIR> --d----- C:\cmdcons
2009-05-07 19:55 161,792 a------- c:\windows\SWREG.exe
2009-05-07 19:55 98,816 a------- c:\windows\sed.exe
2009-05-07 00:33 <DIR> --d----- c:\docume~1\comp\applic~1\Malwarebytes
2009-05-07 00:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 00:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-06 20:28 133,120 a------- c:\windows\system32\sfc__os.dll
2009-05-06 20:03 133,120 a------- c:\windows\system32\sfc_os.bak
2009-05-06 14:07 <DIR> --d----- c:\program files\ASUS
2009-05-04 15:17 24,576 a----r-- c:\windows\system32\AsIO.dll
2009-05-04 15:17 4,962 a----r-- c:\windows\system32\drivers\AsIO.sys
2009-05-02 05:46 <DIR> --d----- C:\altbinz
2009-04-27 22:48 426 a------- c:\windows\system32\altbinzsvc.reg
2009-04-27 22:48 285,696 a------- c:\windows\system32\altbinzsvc.exe
2009-04-27 22:48 41 a------- c:\windows\system32\altbinzsvc.bat
2009-04-27 22:48 78 a------- c:\windows\system32\altbinzsvc.vbs
2009-04-23 21:19 200 a------- c:\windows\AUDC80UI.dat
2009-04-23 21:18 <DIR> --d----- c:\program files\Audio Converter
2009-04-15 22:35 <DIR> --d----- c:\documents and settings\comp\Tracing
2009-04-15 22:27 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-05-11 04:01 682,232 a------- c:\windows\system32\drivers\sptd.sys
2009-05-11 01:24 22,764 a------- c:\windows\system32\emptyregdb.dat
2009-04-21 10:09 297,344 a------- c:\windows\system32\drivers\yk51x86.sys
2009-04-02 14:30 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-04-02 14:30 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-04-02 14:30 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-31 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-03-31 14:56 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-03-31 14:55 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-03-27 10:56 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-03-27 10:55 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-03-27 10:55 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-03-27 10:55 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-03-27 10:54 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-03-27 10:54 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-03-27 10:54 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-03-27 10:53 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-03-27 10:50 716,800 a----r-- c:\windows\system32\IS3Base5.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2007-11-07 19:24 47,360 a----r-- c:\docume~1\comp\applic~1\pcouffin.sys
2006-09-27 16:41 81,920 a----r-- c:\docume~1\comp\applic~1\ezpinst.exe
2006-08-25 16:55 94,080 a----r-- c:\docume~1\comp\applic~1\ezplay.sys
2006-01-24 12:58 557,056 a----r-- c:\documents and settings\comp\chatlnk.exe
2001-09-11 09:45 493 a------- c:\program files\setup.bat
2001-09-10 18:29 13,521 a------- c:\program files\SetupReg.exe
2001-08-13 05:05 43,740 ac------ c:\program files\COMPRESS.INF
2001-08-13 05:05 135,813,120 a------- c:\program files\GAMEDATA.GTC
2001-08-13 05:01 784,312 ac------ c:\program files\FILELIST.INF
1998-08-24 12:09 10,000 a------- c:\windows\inf\unregpn.exe
2006-10-13 20:24 88 a--shr-- c:\windows\system32\6AEF55C80D.sys
2007-04-02 17:23 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 2:48:43.15 ===============

The Gmer is poorly designed. I couldn't see the show all icon and when it finally finished scanning (Which took over an hour) the save button wasn't there anymore. So I have attached the file after I ran scan, closed the program and saved.
 

Attachments

Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#10 · (Edited)
Gmer is not poorly designed, what you experienced is not typical and likely due to your numerous AV's interfering with it.

Why do you have 2 AV's installed and running on your system? It's never a good idea to do that. More than one AV installed at a given time will not only conflict with one another, but will also cause system slow downs and other OS issues.

Please choose and run only 1 and uninstall the other via the Add/Remove Programs in the Control Panel.

Reboot.

What issues remain?
 
Save Share
M

· Registered
Joined
·
10 Posts
Discussion Starter · #11 ·
one's a zero day, the other is regular. My Anti virus doesn't have any zero day protection. Endpoint, Symantec's other AV program does, so there should be no conflict.
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#12 ·
ThreatFire is an active AV program. Please uninstall it and see if your issues remain.
 
Save Share
1 - 12 of 12 Posts
Status
Not open for further replies.
About this Discussion
11 Replies
4 Participants
Last post:
Ried
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top