gneral meltdown; unresponsive programs, blue screens

View previous topic View next topic Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by Belahzur on Fri Feb 27, 2009 11:29 pm

Hmm.
Lets have a look around.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by lisam on Sat Feb 28, 2009 1:53 am

DDS (Ver_09-02-01.01) - NTFSx86
Run by Lisa at 20:50:36.48 on Fri 02/27/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.174 [GMT -5:00]

AV: Authentium Antivirus *On-access scanning enabled* (Outdated)
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
FW: Authentium Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\CrossLoop\CrossLoopConnect.exe
C:\Program Files\EarthLink TotalAccess\MailClnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\SYSTEM32\FREECELL.EXE
C:\Documents and Settings\Lisa\Local Settings\Temporary Internet Files\Content.IE5\1QRBRHK0\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: ElnkBhoGuard Class: {00000000-0000-0000-0000-000000000002} - c:\program files\earthlink\toolbar\EScamBlk.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: ElnkScamBHO Class: {15f4d456-5baa-4076-8486-eecb38cd3e57} - c:\program files\earthlink\toolbar\EScamBlk.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\earthlink\toolbar\ElnkPuB.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\earthlink\toolbar\ProtctIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\earthlink\toolbar\uninsttb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink\toolbar\Toolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink\toolbar\SearchUI.dll/search.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.]
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-27 40840]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-2-24 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-2-24 38208]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-27 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-27 81288]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-12-27 160792]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2006-9-6 66048]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-9-20 112384]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-9-20 13532]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-2-24 33088]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-27 356920]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-27 1079176]
S4 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2009-02-27 17:18 --d----- c:\program files\Spybot - Search & Destroy
2009-02-27 17:18 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-27 17:08 --d----- c:\program files\CrossLoop
2009-02-27 15:10 --d----- C:\fsaua.data
2009-02-27 14:28 --d----- c:\windows\ERUNT
2009-02-27 14:23 --d----- C:\SDFix
2009-02-27 14:04 161,792 a------- c:\windows\SWREG.exe
2009-02-27 14:04 98,816 a------- c:\windows\sed.exe
2009-02-27 12:41 --d----- c:\docume~1\lisa\applic~1\Malwarebytes
2009-02-27 12:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-27 12:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-27 12:41 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-27 12:41 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-26 13:18 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-02-26 13:00 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-26 13:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 06:47 38,208 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-02-24 06:47 33,088 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-02-24 06:47 51,520 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-02-24 06:47 12,608 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-02-10 22:26 14,336 a------- c:\windows\system32\dllcache\padrs412.dll
2009-02-10 22:25 78,848 a------- c:\windows\system32\dllcache\dayi.ime

==================== Find3M ====================

2008-12-27 20:57 263,686 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat

============= FINISH: 20:51:00.25 ===============

lisam
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-02-26
OS OS : windowsxp
Points Points : 28399
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by lisam on Sat Feb 28, 2009 1:56 am

You know, I should also say that I now have about 200 replicated files (about 8 of which were copied 30 or so times). Should I just delete, one by one?

lisam
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-02-26
OS OS : windowsxp
Points Points : 28399
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by Belahzur on Sat Feb 28, 2009 1:59 am

Hello. What do you mean 200 files, all copies of each other? If you don't need them, then delete them.

Please delete this folder in bold:
C:\SDFix

You are running two AV's (Anti-virus), this is a bad idea as they can conflict and cause problems. I see Authentium and Spyware Doctor.
I would recommend that you remove Authentium to avoid conflict and other future problems, and it's out of date anyway.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Authentium
  • Authentium Antivirus

Let me know how the machine is running now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by lisam on Sat Feb 28, 2009 3:08 am

OK...got rid of SD/fix. No sign ot Authentium in C drive files. And everything seems ok, but ths is really weird. Last night, before all of these scanns, I was deleting files before backing them up and I noticed that some of the files I was deleting were replicating. I mentioned that to you and you said that's what happens. So now I have hundreds of these files in my documents, and they are now 3rd and 4th generation...i.e. "Copy(2) of Copy of Copy of Ice Hotel.doc When I go in and try to delete them, like 40 at a time, I am not sure that I am making any progress...could they still be replicating????? My computer seems otherwise fine, like its cured and vibrantly healthy, except with this mutant unchecked growth in My Documents.

lisam
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-02-26
OS OS : windowsxp
Points Points : 28399
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by lisam on Sat Feb 28, 2009 4:18 am

p.s. yes, these same files are replicating...I delete, and more appear...copies of copies of copies.

lisam
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-02-26
OS OS : windowsxp
Points Points : 28399
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by Belahzur on Sat Feb 28, 2009 2:39 pm

Hello.
Lets run a GMER scan.

Please run a GMER Rootkit scan:

Download GMER's application from here:
[You must be registered and logged in to see this link.]

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.
The log will be quite big, so it may need to be uploaded.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by lisam on Sat Feb 28, 2009 4:05 pm

btw, the cloned documents may have been corrupted early on, but I did get rid of them. I just searched for document names with "copy of" (there were 1500), and deleted all. Here is the gmer scan:
Thank you.

GMER 1.0.14.14536 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-02-28 11:02:55
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 832A04D8 ZwConnectPort
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xAA6F77A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xAA6F4794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xAA6F4F1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xAA6F81F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xAA6F842A]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF88E8A3C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xAA6F912A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xAA6F883C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xAA6F3D0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xAA6F3384]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Spyware Doctor\pctsTray.exe[1268] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ C7, A1, C3, 83 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2296] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2296] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2296] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2296] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2296] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2296] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2296] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.14 ----

lisam
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-02-26
OS OS : windowsxp
Points Points : 28399
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by Belahzur on Sat Feb 28, 2009 4:10 pm

GMER looks good.
Has the copied stuff stopped appearing?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by lisam on Sat Feb 28, 2009 4:44 pm

oh good. thank you so much. yes, the copies have stopped cloning.
how can I repay you for your time and effort? I know gp doesn't charge,
but a repayment of effort of some sort? contribution to a favorite cause of yours? a comment/review/feedback? I mean itl...

lisam
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-02-26
OS OS : windowsxp
Points Points : 28399
# Likes # Likes : 0

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by Belahzur on Sat Feb 28, 2009 4:45 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by Belahzur on Sat Feb 28, 2009 4:45 pm

Double post, ignore this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: gneral meltdown; unresponsive programs, blue screens

Post by lisam on Sun Mar 01, 2009 1:22 am

Just did all of this...thank you...including the feedback and sending out an email recommending gp to others. But again, please accept my personal thanks for sticking with me, a nameless faceless newbie, over three days of an extensive fix. Saved my butt in more ways than one, and really taught me a lot. Honestly, I can't think who I could have paid to do the same. I wish I could reciprocate in some way. Thank you very much.

lisam
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-02-26
OS OS : windowsxp
Points Points : 28399
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum