-
Linabbs's blog- ZA采用升級安裝或者導入舊版ZA的配置文件到新版導致程序列表假死的Bug。
- 裝了ZA,如何使你的開機速度快點
- 如何設置查看局域網內被設入internet區機器的共享資源
- ZA也可以做到低資源占用!
- 關于za for vista(在VISTA下用ZA的人過來看看)
- CheckPoint Integrity Desktop v6.5.063.207 KeyGen
- 戰術攻防之近距離搏擊篇(ARP)攻擊
- 還在使用老版ZA的朋友們注意:ZoneAlarm防火墻產品有多個本地權限提升存在漏洞
- Knowledge Base / KB Extended (KE) 內容列表及說明
- 關于《利用ZA專家規則,允許/禁止端口》的一點補充和說明
Feb
17
Hello all!
I am experiencing exactly the same problems as ‘grayfox’ (His thread) and ‘lisaandre’ (Her thread). Needless to say it is driving me mad too and I’m starting to get the impression that my PC is becoming increasingly unstable as a result!
I’m not an expert with computers but am fairly confident. I’m desperate to resolve this problem and would be endlessly grateful for any help and advice.
Many thanks,
CF
Welcome to linabbs 
Read this - it’s at the head of the forum and you can hardly miss it - and post the logs requested into this thread.
Hello PeteC.
Thank you so much for your quick reply. I’m sorry that I hadn’t read ‘*** READ THIS BEFORE YOU POST A LOG ***’. I took it as only to applying to people who were about to post a log and would have saved us both time had I posted my logs with my initial request for help. Anyway…
Here are the two logs as requested:
The DDS log:
DDS (Ver_09-01-18.01) - NTFSx86
Run by Peter at 18:54:19.71 on 19/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1317 [GMT 0:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Kontiki\KHost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Peter\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = http://www.google.co.uk/ig/dell?hl=e…suk&channel=uk
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/apps/vso/en-gb/redir.asp?affid=105-64&installtype=force&dtag=jsswb2j&systempopup=true
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.3\apdproxy.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3pro\utility\Spyder3Utility.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdback~1.lnk - c:\program files\my book\wd backup\uBBMonitor.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ShAdmGen - {621483C7-EF15-1660-0E71-00BE5E159BBC} - c:\program files\lxgaheb\ShAdmGen.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\peter\applic~1\mozilla\firefox\profiles\578z67pc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\peter\application data\mozilla\firefox\profiles\578z67pc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\peter\application data\mozilla\firefox\profiles\578z67pc.default\extensions\moveplayer@movene tworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
—- FIREFOX POLICIES —-
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-15 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-15 26824]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-15 231704]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-6 12288]
=============== Created Last 30 ================
2009-01-17 20:26 <DIR> –dshr– C:\resycled
2009-01-17 20:26 255 —shr– C:\autorun.inf
2009-01-17 16:00 <DIR> –d—– c:\program files\Lavasoft
2009-01-17 16:00 <DIR> –d—– c:\program files\common files\Wise Installation Wizard
2009-01-16 19:27 <DIR> –d—– c:\program files\iPod
2009-01-16 19:27 <DIR> –d—– c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 19:27 <DIR> –d—– c:\program files\iTunes
2009-01-15 19:50 <DIR> –d—– c:\docume~1\peter\applic~1\CopyTrans
2009-01-15 19:49 <DIR> –d—– c:\program files\WindSolutions
2009-01-15 19:20 <DIR> –d—– c:\docume~1\peter\applic~1\CopyTransDoctor
2009-01-15 19:19 <DIR> –d—– c:\docume~1\peter\applic~1\CopyTransControlCenter
2009-01-13 12:59 <DIR> –d—– c:\program files\FirmTools
2009-01-12 20:41 664 a——- c:\windows\system32\d3d9caps.dat
2009-01-12 19:42 <DIR> –d—– c:\program files\COMPACT
2009-01-07 15:04 <DIR> –d—– c:\docume~1\peter\applic~1\JAlbum
2009-01-07 14:51 <DIR> –d—– c:\program files\Jalbum8.1
2008-12-31 09:31 <DIR> –d—– c:\program files\Navman
2008-12-31 09:29 <DIR> –d—– c:\program files\AvantGo Connect
2008-12-31 09:28 306,688 a——- c:\windows\IsUninst.exe
2008-12-31 09:28 2,510 a——- c:\windows\Microsoft.MIF
2008-12-23 21:29 21,463 a——- c:\windows\Aware40.mch
==================== Find3M ====================
2008-12-13 06:40 3,593,216 ——– c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 a——- c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ——– c:\windows\system32\dllcache\srv.sys
2008-12-07 01:20 499,712 a——- c:\windows\system32\msvcp71.dll
2008-12-07 01:20 348,160 a——- c:\windows\system32\msvcr71.dll
2008-12-04 21:46 180,224 a——- c:\windows\system32\xvidvfw.dll
2008-12-04 21:42 815,104 a——- c:\windows\system32\xvidcore.dll
2008-10-24 11:21 455,296 ——– c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a——- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ——– c:\windows\system32\dllcache\gdi32.dll
2008-02-10 11:02 40,216 a——- c:\docume~1\peter\applic~1\GDIPFONTCACHEV1.DAT
2007-05-31 20:49 1,004,960 —sh— c:\windows\system32\cbeeg.bak1
2008-10-14 17:54 32,768 a–sh— c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat
============= FINISH: 18:54:38.50 ===============
…and the ‘Attach’ log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-01-18.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 31/05/2007 11:55:40
System Uptime: 19/01/2009 16:22:09 (2 hours ago)
Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | Microprocessor | 1995/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 50 GiB total, 6.482 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
4oD
Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 8 Professional - English, Fran�ais, Deutsch
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 6.0.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Album Creator
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.0
BBC iPlayer Download Manager
Bonjour
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Connect
CyberSky 4
dBpoweramp Aiff Codec
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
Dell Support 5.0.0 (630)
Dell System Restore
Diskeeper 2008 Pro Premier
Eusing Free Registry Cleaner
Extension Renamer
FLIQLO Screen Saver
FLV Player 2.0 (build 25)
GameShadow
Genuine Fractals 5.0
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
Intellihance Pro 4.2
iTunes
Jalbum 8.1
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kuler
Lightroom
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech� Camera Driver
Magic ISO Maker v5.4 (build 0239)
Mask Pro 4.1
McAfee Uninstaller
mCore
MCU
mDrWiFi
Medieval CUE Splitter
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync 3.7
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C 2005 Redistributable
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.0.5)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
Navman SmartST Desktop for iCN530
Nero 7
neroxml
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Poser 7
PowerDVD 5.7
Quest3D Viewers 3.0e
QuickSet
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sky Anytime
Sonic Encoders
Spybot - Search & Destroy
Spyder3Pro
Suite Shared Configuration CS4
SWiSH Max2
Synaptics Pointing Device Driver
UMVPLStandalone
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vertus Fluid Mask 3 2.100.2-RC2
Victoria 4.2 Base
Victoria 4.2 Morphs
Visual C 8.0 CRT (x86) WinSXS MSM
Visual C 8.0 CRT.Policy (x86) WinSXS MSM
Visual C 8.0 MFC (x86) WinSXS MSM
Visual C 8.0 MFC.Policy (x86) WinSXS MSM
WD Backup
WD Diagnostics
WD Firewire HID Driver
Web Buttons
WebFldrs XP
WinAce Archiver
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
==== Event Viewer Messages From Past Week ========
13/01/2009 20:18:26, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
13/01/2009 19:50:22, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
13/01/2009 14:06:50, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001302888B5F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
16/01/2009 10:35:00, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
17/01/2009 12:05:09, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
==== End Of File ===========================
WOW!!! Im sure these logs makes some sense to you but to me it’s a bit like having my (digital) tarrot read!
Thanks again.
CF
Ok - that’s fine
One of our trained malware analysts will deal with your logs in due course. They are kept extremely busy and all logs are dealt with in the order received.
Welcome to linabbs ConcreteFloater
Download RootRepeal to your Desktop. Extract the compressed file to it’s own folder.
Open the folder and doubleclick on RootRepeal.exe to run it.
Click on the Report tab, and then click on: Scan
A window opens asking what to include in the scan.
Check the following boxes then click OK:Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
You will then be asked which drive to scan.
Check C: (or the drive your operating system is installed on, if not C)
Click OK once again.
The tool will begin scanning and may take a while to complete, so please be patient.
When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).
Post the contents of the report in a reply here.
Hello
Thank you so much for your reply. The first time I ran RootRepeal it crached. Here is the report if it helps:
ROOTREPEAL CRASH REPORT
————————-
Exception Code: 0xc0000005
Exception Address: 0×0040e77a
Attempt to read from address: 0×00bd9004
I then rebooted my PC and reran the program. Here is the report as requested:
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/01/20 13:50
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
——————-
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0744000 Size: 98304 File Visible: No
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA632000 Size: 8192 File Visible: No
Status: -
Name: gaopdxmgknoboo.sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxmgknoboo.sys
Address: 0xB09B2000 Size: 176128 File Visible: -
Status: Hidden from Windows API!
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xADC68000 Size: 45056 File Visible: No
Status: -
Hidden/Locked Files
——————-
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\gaopdxisjleajk.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gaopdxhvisiurx.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gaopdxlsbowmvp.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gaopdxmgknoboo.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\gaopdxserv.sys
Status: Invisible to the Windows API!
Hidden Services
——————-
Service Name: gaopdxserv.sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxmgknoboo.sys
Thanks again for your help.
CF
Related Posts:
Comments
Leave a Reply
You must be logged in to post a comment.