panic?
Options
nonnatus
Posts: 1,458 Forumite
in Techie Stuff
Hello,
I use a Windows 7 computer, protected with Norton software.
Last night, I logged into my Gmail account and clicked on an email from a friend. Well I clicked on my friends name (which looked odd because the letters were funny but I assumed he was being "Quirky". Anyway, the email opened and instead of a message it opened a webpage offering me viagra and similar products for American Dollars. It was definitely a web page, not a link in a message or something similar.
I immediately panicked and shut down the computer.
This morning, feeling brave I have started the computer and it's definitely not "right". I ran the Norton scan straight away which picked up nothing. But the computer is thinking way too hard whenever I ask it to do anything. When I click on a page or open a tab there is a delay and it just feels like it wants to do something else instead (I know I'm assigning thoughts to my computer which is bonkers, just trying to explain!)
I don't dare open my business software or access my banking whilst I feel this unsafe. Is there anything I can do to reassure myself that the system is safe to use as I have been or will I have to go and buy a whole new system? This computer runs my whole business, so I have today only to fix it or replace it - can anyone advise please?
I use a Windows 7 computer, protected with Norton software.
Last night, I logged into my Gmail account and clicked on an email from a friend. Well I clicked on my friends name (which looked odd because the letters were funny but I assumed he was being "Quirky". Anyway, the email opened and instead of a message it opened a webpage offering me viagra and similar products for American Dollars. It was definitely a web page, not a link in a message or something similar.
I immediately panicked and shut down the computer.
This morning, feeling brave I have started the computer and it's definitely not "right". I ran the Norton scan straight away which picked up nothing. But the computer is thinking way too hard whenever I ask it to do anything. When I click on a page or open a tab there is a delay and it just feels like it wants to do something else instead (I know I'm assigning thoughts to my computer which is bonkers, just trying to explain!)
I don't dare open my business software or access my banking whilst I feel this unsafe. Is there anything I can do to reassure myself that the system is safe to use as I have been or will I have to go and buy a whole new system? This computer runs my whole business, so I have today only to fix it or replace it - can anyone advise please?
0
Comments
-
Oh God,
So I've just had an email into my OTHER account (Yahoo) from DPD who I trust, attaching it's weekly invoice. I went to open the attached invoice as I always do but the download "stuck" at 68% for over a minute before finishing. (normally does it in 5 seconds). But there's nothing wrong with the invoice and it printed out just fine.
But something's wrong.0 -
Go through the advise on the sticky at the top of this forum on removing malware.
http://forums.moneysavingexpert.com/showthread.php?t=1332690 -
The sticky could do with updating, for example installing ad-aware could cause problems with Norton.
Clicking on links in pharmaceutical spam doesn't necessarily mean infection. You're possibly ok and only being a little paranoid, scrutinising and over-analysing everything because of what happened.Is there anything I can do to reassure myself that the system is safe to use as I have been or will I have to go and buy a whole new system?
If you rely on the computer for your business, you really should have backups and a disk image to go back to.
Step 1.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
Step 2.
Download aswMBR and save it to your Desktop.
http://public.avast.com/~gmerek/aswMBR.exe- Right click aswMBR.exe & choose "Run as Administrator" to run it.
- Click YES to the prompt to download Avast virus definitions
- When the virus definitions have downloaded, click the Scan button.
- Wait till the scan reports "Scan finished successfully"
- Click Save log & save the log to your desktop.
- Click OK
- Two files will be created, aswMBR.txt & a file named MBR.dat
- Click EXIT.
- Copy & Paste the contents of aswMBR.txt into your next reply.
0 -
Thankyou Waddler for such a hugely helpful reply. I'm off to implement some of your advice.0
-
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by val at 17:46:07 on 2012-10-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2037.696 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\ADDON\NWU271 Wireless LAN USB Adapter\RtlService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\ADDON\NWU271 Wireless LAN USB Adapter\RtWlan.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: ALOT Toolbar Helper: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - c:\program files\alot\bin\alot.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON SX510W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S8C48.tmp" /EF "HKCU"
uRun: [EPSON SX510W Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S79F.tmp" /EF "HKCU"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Seagull Drivers] ssdal_nc.exe startup
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\val\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {6AE54368-4CFF-4E54-9418-D36097479441} - hxxp://www.dpd.co.uk/static/common/label/ulbl6_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9EB48385-92F7-4C17-AA62-AF53F79C76BA} - hxxp://xtend.city-link.co.uk/main/prjGetFileContent.CAB
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E574A32F-7F3F-49BB-9290-2126D7E58EBA} - hxxp://xtend.city-link.co.uk/main/LabelPrint_CityLink.CAB
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8CAED3ED-1DDE-40AE-9F94-C7B9DA3577ED} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D5088A53-7729-49F5-AE6C-3702E2426ABC} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2012-10-14 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-2 924320]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-2 132768]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20121012.001\IDSvix86.sys [2012-10-13 386720]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-4 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-7-29 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-7-29 166840]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-2 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0604000.009\symnets.sys [2012-10-2 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-2 138272]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-7-29 976728]
R2 Realtek11nCU;Realtek11nCU;c:\program files\addon\nwu271 wireless lan usb adapter\RtlService.exe [2012-6-22 36864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-12 106656]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-11-29 273448]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-30 21520]
R3 RTL8192cu;ADD-NWU271 Wireless LAN USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2012-6-22 728064]
R3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\drivers\rtlss.sys [2012-6-22 23144]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-20 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-20 135664]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-7-29 65848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-29 1343400]
.
=============== Created Last 30 ================
.
2012-10-14 05:58:37 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2012-10-14 05:58:30
d
w- c:\users\val\appdata\local\NPE
2012-10-09 21:57:50 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 21:57:49 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 21:57:49 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 21:57:33 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 21:57:29 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 21:57:25 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 21:57:25 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-02 03:04:37 924320 ----a-w- c:\windows\system32\drivers\n360\0604000.009\symefa.sys
2012-10-02 03:04:37 574112 ----a-w- c:\windows\system32\drivers\n360\0604000.009\srtsp.sys
2012-10-02 03:04:37 340088 ----a-r- c:\windows\system32\drivers\n360\0604000.009\symds.sys
2012-10-02 03:04:37 32928 ----a-w- c:\windows\system32\drivers\n360\0604000.009\srtspx.sys
2012-10-02 03:04:37 318584 ----a-r- c:\windows\system32\drivers\n360\0604000.009\symnets.sys
2012-10-02 03:04:37 149624 ----a-r- c:\windows\system32\drivers\n360\0604000.009\ironx86.sys
2012-10-02 03:04:37 132768 ----a-w- c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys
2012-10-02 03:04:28 8942 ----a-w- c:\windows\system32\drivers\n360\0604000.009\symvtcer.dat
2012-10-02 03:04:28
d
w- c:\windows\system32\drivers\n360\0604000.009
2012-09-25 20:04:55 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-29 19:52:38 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:46:42.75 ===============0 -
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-14 17:53:03
17:53:03.850 OS Version: Windows 6.1.7601 Service Pack 1
17:53:03.850 Number of processors: 2 586 0x170A
17:53:03.850 ComputerName: COLIN-PC UserName: val
17:53:05.597 Initialize success
17:53:54.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:53:54.995 Disk 0 Vendor: WDC_WD5000AAKS-00WWPA0 01.03B01 Size: 476940MB BusType: 3
17:53:55.011 Disk 0 MBR read successfully
17:53:55.026 Disk 0 MBR scan
17:53:55.026 Disk 0 Windows 7 default MBR code
17:53:55.026 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
17:53:55.042 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 161792
17:53:55.042 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 476109 MB offset 1697792
17:53:55.057 Disk 0 scanning sectors +976769024
17:53:55.135 Disk 0 scanning C:\Windows\system32\drivers
17:54:00.611 Service scanning
17:54:14.417 Modules scanning
17:54:23.247 Disk 0 trace - called modules:
17:54:23.247
17:54:23.262 Scan finished successfully
17:54:56.163 Disk 0 MBR has been saved successfully to "C:\Users\val\Desktop\MBR.dat"
17:54:56.178 The log file has been saved successfully to "C:\Users\val\Desktop\aswMBR.txt"0 -
Wow. Proper foreign language stuff.....!!??!!
Thanks for your time.0 -
That looks ok but it looks as though you finished the aswMBR scan prematurely?
Did you allow it to download Avast virus defintions?
Run it again as above but allow it to download the Avast virus definitions and be sure the scan has finished successfully before clicking Save log.
Post the contents of the attach.txt logfile that was generated along with DDS.txt (the first program you ran).0 -
If you were seriously considering buying a new system just because of a suspected malware infection, then maybe you are on the wrong forum?!
A System Restore or (worst case) Factory Restore or OS reinstall would be rather less expensive. But none of these should be necesssary either.No free lunch, and no free laptop0 -
Waddler - The scan SAID it had "finished successfully" and I did follow instructions about loading the definitions first. But I've done it again and the results are here.
Macman - My whole life revolves around my poor computer and yet I know very little about how it all works. It would definitely be a "saving" for me if I had to buy a new system rather than have some nasty virus spy on my passwords and bank accounts. And that sentence probably tells you all you need to know about my level of techie knowledge!!
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-15 06:09:45
06:09:45.469 OS Version: Windows 6.1.7601 Service Pack 1
06:09:45.469 Number of processors: 2 586 0x170A
06:09:45.469 ComputerName: COLIN-PC UserName: val
06:09:46.280 Initialize success
06:10:38.017 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:10:38.017 Disk 0 Vendor: WDC_WD5000AAKS-00WWPA0 01.03B01 Size: 476940MB BusType: 3
06:10:38.033 Disk 0 MBR read successfully
06:10:38.033 Disk 0 MBR scan
06:10:38.049 Disk 0 Windows 7 default MBR code
06:10:38.064 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
06:10:38.095 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 161792
06:10:38.142 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 476109 MB offset 1697792
06:10:38.173 Disk 0 scanning sectors +976769024
06:10:38.267 Disk 0 scanning C:\Windows\system32\drivers
06:10:43.961 Service scanning
06:10:56.737 Modules scanning
06:11:05.317 Disk 0 trace - called modules:
06:11:05.333
06:11:05.848 Scan finished successfully
06:13:20.570 Disk 0 MBR has been saved successfully to "C:\Users\val\Desktop\MBR.dat"
06:13:20.570 The log file has been saved successfully to "C:\Users\val\Desktop\No2.txt"
Now the attach file:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 05/12/2009 14:17:08
System Uptime: 14/10/2012 11:50:54 (6 hours ago)
.
Motherboard: Dell Inc. | | 0T656F
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU | 2600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 439.003 GiB free.
is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
AbiWord 2.8.6
Acrobat.com
ADD-NWU271 Wireless LAN Driver and Utility
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
ALOT Toolbar
Ask Toolbar
Ask Toolbar Updater
Basic PAYE Tools 2012
Bing Bar
Broadcom NetXtreme-I Netlink Driver and Management Installer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Dell Edoc Viewer
Epson Easy Photo Print 2
EPSON Printer Software
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EPSON SX510W Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 29
Junk Mail filter update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Excel Viewer
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton 360
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
Payroll for Windows
PowerDVD DX
QuickBooks Pro 2008
Rapport
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sage Instant Payroll v12.00
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SupportSoft Assisted Service
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
14/10/2012 17:39:25, Error: bowser [8003] - The master browser has received a server announcement from the computer OLLIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D5088A53-7729-49F5-AE6C-3702E2426. The master browser is stopping or an election is being forced.
14/10/2012 07:01:21, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14/10/2012 07:01:19, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/10/2012 05:22:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nCU service.
10/10/2012 03:20:52, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.
.
==== End Of File ===========================0
This discussion has been closed.
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608.1K Mortgages, Homes & Bills
- 173.1K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards