Jump to content


Photo

virus help


  • This topic is locked This topic is locked
98 replies to this topic

#21 me82

me82

    Member

  • Members
  • 168 posts

Posted 12 March 2012 - 09:48 PM

22:27:48.0796 0608 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 22:27:49.0250 0608 ============================================================ 22:27:49.0250 0608 Current date / time: 2012/03/12 22:27:49.0250 22:27:49.0250 0608 SystemInfo: 22:27:49.0250 0608 22:27:49.0250 0608 OS Version: 5.1.2600 ServicePack: 2.0 22:27:49.0250 0608 Product type: Workstation 22:27:49.0250 0608 ComputerName: YOUR-PA86Z1I3G7 22:27:49.0250 0608 UserName: Administrator 22:27:49.0250 0608 Windows directory: C:WINDOWS 22:27:49.0250 0608 System windows directory: C:WINDOWS 22:27:49.0250 0608 Processor architecture: Intel x86 22:27:49.0250 0608 Number of processors: 1 22:27:49.0250 0608 Page size: 0x1000 22:27:49.0250 0608 Boot type: Safe boot with network 22:27:49.0250 0608 ============================================================ 22:27:55.0843 0608 Drive DeviceHarddisk0DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054 22:27:55.0843 0608 DeviceHarddisk0DR0: 22:27:55.0843 0608 MBR used 22:27:55.0859 0608 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1 22:27:56.0031 0608 Initialize success 22:27:56.0031 0608 ============================================================ 22:28:53.0906 1944 ============================================================ 22:28:53.0906 1944 Scan started 22:28:53.0906 1944 Mode: Manual; 22:28:53.0906 1944 ============================================================ 22:29:08.0671 0648 ============================================================ 22:29:08.0671 0648 Scan started 22:29:08.0671 0648 Mode: Manual; 22:29:08.0671 0648 ============================================================ 22:29:09.0187 0648 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:WINDOWSsystem32driversAavmker4.sys 22:29:09.0203 0648 Aavmker4 - ok 22:29:09.0562 0648 Abiosdsk - ok 22:29:09.0828 0648 abp480n5 - ok 22:29:10.0328 0648 ACPI (3b67b435fddf777c595f0ec736b03c37) C:WINDOWSsystem32DRIVERSACPI.sys 22:29:10.0390 0648 Suspicious file (Forged): C:WINDOWSsystem32DRIVERSACPI.sys. Real md5: 3b67b435fddf777c595f0ec736b03c37, Fake md5: a10c7534f7223f4a73a948967d00e69b 22:29:10.0406 0648 ACPI ( Virus.Win32.Rloader.a ) - infected 22:29:10.0406 0648 ACPI - detected Virus.Win32.Rloader.a (0) 22:29:10.0781 0648 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:WINDOWSsystem32driversACPIEC.sys 22:29:10.0796 0648 ACPIEC - ok 22:29:11.0140 0648 adpu160m - ok 22:29:11.0593 0648 aec (841f385c6cfaf66b58fbd898722bb4f0) C:WINDOWSsystem32driversaec.sys 22:29:11.0640 0648 aec - ok 22:29:12.0140 0648 AFD (55e6e1c51b6d30e54335750955453702) C:WINDOWSSystem32driversafd.sys 22:29:12.0187 0648 AFD - ok 22:29:12.0531 0648 Aha154x - ok 22:29:12.0796 0648 aic78u2 - ok 22:29:13.0062 0648 aic78xx - ok 22:29:14.0203 0648 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:WINDOWSsystem32driversALCXWDM.SYS 22:29:15.0156 0648 ALCXWDM - ok 22:29:15.0609 0648 AliIde - ok 22:29:15.0921 0648 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:WINDOWSsystem32DRIVERSamdk7.sys 22:29:15.0937 0648 AmdK7 - ok 22:29:16.0312 0648 amsint - ok 22:29:16.0593 0648 asc - ok 22:29:16.0843 0648 asc3350p - ok 22:29:17.0109 0648 asc3550 - ok 22:29:17.0609 0648 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:WINDOWSsystem32driversaswFsBlk.sys 22:29:17.0625 0648 aswFsBlk - ok 22:29:18.0093 0648 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:WINDOWSsystem32driversaswMon2.sys 22:29:18.0125 0648 aswMon2 - ok 22:29:18.0562 0648 aswRdr (352d5a48ebab35a7693b048679304831) C:WINDOWSsystem32driversaswRdr.sys 22:29:18.0578 0648 aswRdr - ok 22:29:19.0203 0648 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:WINDOWSsystem32driversaswSnx.sys 22:29:19.0390 0648 aswSnx - ok 22:29:19.0937 0648 aswSP (010012597333da1f46c3243f33f8409e) C:WINDOWSsystem32driversaswSP.sys 22:29:20.0078 0648 aswSP - ok 22:29:20.0546 0648 aswTdi (f9f84364416658e9786235904d448d37) C:WINDOWSsystem32driversaswTdi.sys 22:29:20.0562 0648 aswTdi - ok 22:29:20.0968 0648 AsyncMac (02000abf34af4c218c35d257024807d6) C:WINDOWSsystem32DRIVERSasyncmac.sys 22:29:20.0984 0648 AsyncMac - ok 22:29:21.0390 0648 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:WINDOWSsystem32DRIVERSatapi.sys 22:29:21.0390 0648 atapi - ok 22:29:21.0765 0648 Atdisk - ok 22:29:22.0140 0648 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:WINDOWSsystem32DRIVERSatmarpc.sys 22:29:22.0156 0648 Atmarpc - ok 22:29:22.0578 0648 audstub (d9f724aa26c010a217c97606b160ed68) C:WINDOWSsystem32DRIVERSaudstub.sys 22:29:22.0578 0648 audstub - ok 22:29:23.0062 0648 AX88772 (26a378d112677fb8ae08e1dfcecda44d) C:WINDOWSsystem32DRIVERSax88772.sys 22:29:23.0078 0648 AX88772 - ok 22:29:23.0515 0648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:WINDOWSsystem32driversBeep.sys 22:29:23.0515 0648 Beep - ok 22:29:24.0015 0648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32driverscbidf2k.sys 22:29:24.0031 0648 cbidf2k - ok 22:29:24.0390 0648 cd20xrnt - ok 22:29:24.0750 0648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:WINDOWSsystem32driversCdaudio.sys 22:29:24.0750 0648 Cdaudio - ok 22:29:25.0156 0648 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:WINDOWSsystem32driversCdfs.sys 22:29:25.0187 0648 Cdfs - ok 22:29:25.0609 0648 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:WINDOWSsystem32DRIVERScdrom.sys 22:29:25.0640 0648 Cdrom - ok 22:29:25.0968 0648 Changer - ok 22:29:26.0281 0648 CmdIde - ok 22:29:26.0703 0648 Cpqarray - ok 22:29:27.0046 0648 dac2w2k - ok 22:29:27.0359 0648 dac960nt - ok 22:29:27.0796 0648 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:WINDOWSsystem32DRIVERSdisk.sys 22:29:27.0812 0648 Disk - ok 22:29:28.0625 0648 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:WINDOWSsystem32driversdmboot.sys 22:29:29.0000 0648 dmboot - ok 22:29:29.0468 0648 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:WINDOWSsystem32driversdmio.sys 22:29:29.0531 0648 dmio - ok 22:29:29.0937 0648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:WINDOWSsystem32driversdmload.sys 22:29:29.0937 0648 dmload - ok 22:29:30.0375 0648 DMusic (a6f881284ac1150e37d9ae47ff601267) C:WINDOWSsystem32driversDMusic.sys 22:29:30.0406 0648 DMusic - ok 22:29:30.0859 0648 dpti2o - ok 22:29:31.0234 0648 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:WINDOWSsystem32driversdrmkaud.sys 22:29:31.0234 0648 drmkaud - ok 22:29:31.0656 0648 drvmcdb (a605a3d1a946d7b9b8e011a056445136) C:WINDOWSsystem32driversdrvmcdb.sys 22:29:31.0687 0648 drvmcdb - ok 22:29:32.0093 0648 drvnddm (394d65a0da6bd18eaca54ae4fef28054) C:WINDOWSsystem32driversdrvnddm.sys 22:29:32.0140 0648 drvnddm - ok 22:29:32.0578 0648 eaps2kbd (53ce0799c9384cac99942ff032285f21) C:WINDOWSsystem32DRIVERSeaps2kbd.sys 22:29:32.0578 0648 eaps2kbd - ok 22:29:33.0000 0648 EAWDMFD (e54e3a335b3a03ad0252e50bb92a633c) C:WINDOWSsystem32DRIVERSeawdmfd.sys 22:29:33.0015 0648 EAWDMFD - ok 22:29:33.0546 0648 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:WINDOWSsystem32driversFastfat.sys 22:29:33.0593 0648 Fastfat - ok 22:29:34.0078 0648 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:WINDOWSsystem32DRIVERSfdc.sys 22:29:34.0093 0648 Fdc - ok 22:29:34.0562 0648 FETNDISB (95bc4d8493fe30312f5e1ab57ef36083) C:WINDOWSsystem32DRIVERSdlkfet5b.sys 22:29:34.0578 0648 FETNDISB - ok 22:29:35.0031 0648 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:WINDOWSsystem32driversFips.sys 22:29:35.0046 0648 Fips - ok 22:29:35.0453 0648 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:WINDOWSsystem32DRIVERSflpydisk.sys 22:29:35.0453 0648 Flpydisk - ok 22:29:35.0937 0648 FltMgr (54fd90f0038f07920cb9fb6591bde82f) C:WINDOWSsystem32driversfltmgr.sys 22:29:35.0984 0648 FltMgr - ok 22:29:36.0390 0648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:WINDOWSsystem32driversFs_Rec.sys 22:29:36.0390 0648 Fs_Rec - ok 22:29:36.0828 0648 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:WINDOWSsystem32DRIVERSftdisk.sys 22:29:36.0875 0648 Ftdisk - ok 22:29:37.0328 0648 Gpc (c0f1d4a21de5a415df8170616703debf) C:WINDOWSsystem32DRIVERSmsgpc.sys 22:29:37.0343 0648 Gpc - ok 22:29:37.0796 0648 hpn - ok 22:29:38.0046 0648 hpt3xx - ok 22:29:38.0421 0648 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:WINDOWSsystem32DriversHTTP.sys 22:29:38.0515 0648 HTTP - ok 22:29:38.0875 0648 i2omgmt - ok 22:29:39.0125 0648 i2omp - ok 22:29:39.0484 0648 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:WINDOWSsystem32DRIVERSi8042prt.sys 22:29:39.0500 0648 i8042prt - ok 22:29:39.0937 0648 i81x (007dbb8f9c35df8f8a20b8e7c1204b8b) C:WINDOWSsystem32DRIVERSi81xnt5.sys 22:29:40.0000 0648 i81x - ok 22:29:40.0406 0648 iAimFP0 (19f03895ce0b9e7fb514e67bb17edcb5) C:WINDOWSsystem32DRIVERSwADV01nt.sys 22:29:40.0421 0648 iAimFP0 - ok 22:29:40.0796 0648 iAimFP1 (479278c265b596c4fc1a2e0f51e70736) C:WINDOWSsystem32DRIVERSwADV02NT.sys 22:29:40.0796 0648 iAimFP1 - ok 22:29:41.0156 0648 iAimFP2 (66317ecbed58d15541cad4ed60888430) C:WINDOWSsystem32DRIVERSwADV05NT.sys 22:29:41.0156 0648 iAimFP2 - ok 22:29:41.0500 0648 iAimFP3 (5807920dcd9fe760ffd733a1297d164a) C:WINDOWSsystem32DRIVERSwSiINTxx.sys 22:29:41.0515 0648 iAimFP3 - ok 22:29:41.0843 0648 iAimFP4 (afb6725ddf3f417495ab99198979ffb1) C:WINDOWSsystem32DRIVERSwVchNTxx.sys 22:29:41.0843 0648 iAimFP4 - ok 22:29:42.0203 0648 iAimTV0 (3de116fe9fc7f15b0a5e0e611b344236) C:WINDOWSsystem32DRIVERSwATV01nt.sys 22:29:42.0218 0648 iAimTV0 - ok 22:29:42.0578 0648 iAimTV1 (275b8ec3a1aa555e3f1586eaf1302ac5) C:WINDOWSsystem32DRIVERSwATV02NT.sys 22:29:42.0578 0648 iAimTV1 - ok 22:29:42.0906 0648 iAimTV2 - ok 22:29:43.0218 0648 iAimTV3 (31d5981e35d0f158cd1031e0ee74c6fe) C:WINDOWSsystem32DRIVERSwATV04nt.sys 22:29:43.0234 0648 iAimTV3 - ok 22:29:43.0578 0648 iAimTV4 (78b4456a11582a927e9b1eca87d1e4f6) C:WINDOWSsystem32DRIVERSwCh7xxNT.sys 22:29:43.0593 0648 iAimTV4 - ok 22:29:43.0953 0648 ialm (86ba1718dee415bcd63fbe35f425d874) C:WINDOWSsystem32DRIVERSialmnt5.sys 22:29:43.0984 0648 ialm - ok 22:29:44.0468 0648 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:WINDOWSsystem32DRIVERSimapi.sys 22:29:44.0484 0648 Imapi - ok 22:29:44.0875 0648 ini910u - ok 22:29:45.0156 0648 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:WINDOWSsystem32DRIVERSintelide.sys 22:29:45.0156 0648 IntelIde - ok 22:29:45.0578 0648 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:WINDOWSsystem32driversip6fw.sys 22:29:45.0593 0648 ip6fw - ok 22:29:45.0984 0648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:WINDOWSsystem32DRIVERSipfltdrv.sys 22:29:46.0000 0648 IpFilterDriver - ok 22:29:46.0421 0648 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:WINDOWSsystem32DRIVERSipinip.sys 22:29:46.0437 0648 IpInIp - ok 22:29:46.0890 0648 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:WINDOWSsystem32DRIVERSipnat.sys 22:29:46.0937 0648 IpNat - ok 22:29:47.0375 0648 IPSec (64537aa5c003a6afeee1df819062d0d1) C:WINDOWSsystem32DRIVERSipsec.sys 22:29:47.0406 0648 IPSec - ok 22:29:47.0843 0648 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:WINDOWSsystem32DRIVERSirenum.sys 22:29:47.0843 0648 IRENUM - ok 22:29:48.0250 0648 isapnp (e504f706ccb699c2596e9a3da1596e87) C:WINDOWSsystem32DRIVERSisapnp.sys 22:29:48.0265 0648 isapnp - ok 22:29:48.0687 0648 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:WINDOWSsystem32DRIVERSkbdclass.sys 22:29:48.0703 0648 Kbdclass - ok 22:29:49.0203 0648 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:WINDOWSsystem32driverskmixer.sys 22:29:49.0296 0648 kmixer - ok 22:29:49.0718 0648 KSecDD (674d3e5a593475915dc6643317192403) C:WINDOWSsystem32driversKSecDD.sys 22:29:49.0750 0648 KSecDD - ok 22:29:50.0156 0648 lbrtfdc - ok 22:29:50.0750 0648 ltmodem5 (1d1b1f856c5bec5e99367f50d00e5949) C:WINDOWSsystem32DRIVERSltmdmnt.sys 22:29:51.0000 0648 ltmodem5 - ok 22:29:51.0375 0648 mabd - ok 22:29:51.0734 0648 MBAMSwissArmy - ok 22:29:52.0078 0648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:WINDOWSsystem32driversmnmdd.sys 22:29:52.0078 0648 mnmdd - ok 22:29:52.0546 0648 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:WINDOWSsystem32driversModem.sys 22:29:52.0562 0648 Modem - ok 22:29:52.0968 0648 Mouclass (34e1f0031153e491910e12551400192c) C:WINDOWSsystem32DRIVERSmouclass.sys 22:29:52.0968 0648 Mouclass - ok 22:29:53.0375 0648 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:WINDOWSsystem32driversMountMgr.sys 22:29:53.0390 0648 MountMgr - ok 22:29:53.0781 0648 mraid35x - ok 22:29:54.0125 0648 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:WINDOWSsystem32DRIVERSmrxdav.sys 22:29:54.0187 0648 MRxDAV - ok 22:29:54.0765 0648 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:WINDOWSsystem32DRIVERSmrxsmb.sys 22:29:54.0937 0648 MRxSmb - ok 22:29:55.0375 0648 Msfs (561b3a4333ca2dbdba28b5b956822519) C:WINDOWSsystem32driversMsfs.sys 22:29:55.0390 0648 Msfs - ok 22:29:55.0843 0648 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:WINDOWSsystem32driversMSKSSRV.sys 22:29:55.0843 0648 MSKSSRV - ok 22:29:56.0234 0648 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:WINDOWSsystem32driversMSPCLOCK.sys 22:29:56.0234 0648 MSPCLOCK - ok 22:29:56.0640 0648 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:WINDOWSsystem32driversMSPQM.sys 22:29:56.0656 0648 MSPQM - ok 22:29:57.0046 0648 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:WINDOWSsystem32DRIVERSmssmbios.sys 22:29:57.0062 0648 mssmbios - ok 22:29:57.0515 0648 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:WINDOWSsystem32driversMup.sys 22:29:57.0546 0648 Mup - ok 22:29:58.0015 0648 NDIS (558635d3af1c7546d26067d5d9b6959e) C:WINDOWSsystem32driversNDIS.sys 22:29:58.0093 0648 NDIS - ok 22:29:58.0468 0648 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:WINDOWSsystem32DRIVERSndistapi.sys 22:29:58.0484 0648 NdisTapi - ok 22:29:58.0875 0648 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:WINDOWSsystem32DRIVERSndisuio.sys 22:29:58.0875 0648 Ndisuio - ok 22:29:59.0343 0648 NdisWan (0b90e255a9490166ab368cd55a529893) C:WINDOWSsystem32DRIVERSndiswan.sys 22:29:59.0375 0648 NdisWan - ok 22:29:59.0828 0648 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:WINDOWSsystem32driversNDProxy.sys 22:29:59.0843 0648 NDProxy - ok 22:30:00.0265 0648 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:WINDOWSsystem32DRIVERSnetbios.sys 22:30:00.0281 0648 NetBIOS - ok 22:30:00.0750 0648 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:WINDOWSsystem32DRIVERSnetbt.sys 22:30:00.0828 0648 NetBT - ok 22:30:01.0375 0648 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:WINDOWSsystem32driversNpfs.sys 22:30:01.0390 0648 Npfs - ok 22:30:02.0015 0648 Ntfs (b78be402c3f63dd55521f73876951cdd) C:WINDOWSsystem32driversNtfs.sys 22:30:02.0250 0648 Ntfs - ok 22:30:02.0734 0648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:WINDOWSsystem32driversNull.sys 22:30:02.0734 0648 Null - ok 22:30:03.0109 0648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:WINDOWSsystem32DRIVERSnwlnkflt.sys 22:30:03.0125 0648 NwlnkFlt - ok 22:30:03.0546 0648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:WINDOWSsystem32DRIVERSnwlnkfwd.sys 22:30:03.0562 0648 NwlnkFwd - ok 22:30:04.0031 0648 Parport (29744eb4ce659dfe3b4122deb45bc478) C:WINDOWSsystem32DRIVERSparport.sys 22:30:04.0062 0648 Parport - ok 22:30:04.0484 0648 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:WINDOWSsystem32driversPartMgr.sys 22:30:04.0500 0648 PartMgr - ok 22:30:04.0921 0648 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:WINDOWSsystem32driversParVdm.sys 22:30:04.0937 0648 ParVdm - ok 22:30:05.0359 0648 PCI (8086d9979234b603ad5bc2f5d890b234) C:WINDOWSsystem32DRIVERSpci.sys 22:30:05.0390 0648 PCI - ok 22:30:05.0781 0648 PCIDump - ok 22:30:06.0078 0648 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:WINDOWSsystem32DRIVERSpciide.sys 22:30:06.0093 0648 PCIIde - ok 22:30:06.0562 0648 Pcmcia (82a087207decec8456fbe8537947d579) C:WINDOWSsystem32driversPcmcia.sys 22:30:06.0593 0648 Pcmcia - ok 22:30:07.0015 0648 pcouffin (5b6c11de7e839c05248ced8825470fef) C:WINDOWSsystem32Driverspcouffin.sys 22:30:07.0046 0648 pcouffin - ok 22:30:07.0421 0648 PDCOMP - ok 22:30:07.0703 0648 PDFRAME - ok 22:30:07.0968 0648 PDRELI - ok 22:30:08.0218 0648 PDRFRAME - ok 22:30:08.0593 0648 perc2 - ok 22:30:08.0859 0648 perc2hib - ok 22:30:09.0375 0648 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:WINDOWSsystem32DRIVERSraspptp.sys 22:30:09.0406 0648 PptpMiniport - ok 22:30:09.0828 0648 Processor (0d97d88720a4087ec93af7dbb303b30a) C:WINDOWSsystem32DRIVERSprocessr.sys 22:30:09.0843 0648 Processor - ok 22:30:10.0281 0648 PSched (48671f327553dcf1d27f6197f622a668) C:WINDOWSsystem32DRIVERSpsched.sys 22:30:10.0312 0648 PSched - ok 22:30:10.0734 0648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:WINDOWSsystem32DRIVERSptilink.sys 22:30:10.0734 0648 Ptilink - ok 22:30:11.0140 0648 PxHelp20 (42d4c34300405d9f377e55f5ddadd720) C:WINDOWSsystem32DRIVERSPxHelp20.sys 22:30:11.0156 0648 PxHelp20 - ok 22:30:11.0484 0648 ql1080 - ok 22:30:11.0843 0648 Ql10wnt - ok 22:30:12.0156 0648 ql12160 - ok 22:30:12.0390 0648 ql1240 - ok 22:30:12.0656 0648 ql1280 - ok 22:30:12.0953 0648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:WINDOWSsystem32DRIVERSrasacd.sys 22:30:12.0953 0648 RasAcd - ok 22:30:13.0421 0648 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:WINDOWSsystem32DRIVERSrasl2tp.sys 22:30:13.0437 0648 Rasl2tp - ok 22:30:13.0890 0648 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:WINDOWSsystem32DRIVERSraspppoe.sys 22:30:13.0921 0648 RasPppoe - ok 22:30:14.0296 0648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:WINDOWSsystem32DRIVERSraspti.sys 22:30:14.0312 0648 Raspti - ok 22:30:14.0796 0648 Rdbss (29d66245adba878fff574cd66abd2884) C:WINDOWSsystem32DRIVERSrdbss.sys 22:30:14.0875 0648 Rdbss - ok 22:30:15.0281 0648 RDPCDD (4912d5b403614ce99c28420f75353332) C:WINDOWSsystem32DRIVERSRDPCDD.sys 22:30:15.0296 0648 RDPCDD - ok 22:30:15.0875 0648 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:WINDOWSsystem32driversRDPWD.sys 22:30:15.0921 0648 RDPWD - ok 22:30:16.0359 0648 redbook (b31b4588e4086d8d84adbf9845c2402b) C:WINDOWSsystem32DRIVERSredbook.sys 22:30:16.0375 0648 redbook - ok 22:30:16.0906 0648 rtl8139 (d507c1400284176573224903819ffda3) C:WINDOWSsystem32DRIVERSRTL8139.SYS 22:30:16.0906 0648 rtl8139 - ok 22:30:17.0343 0648 S3Psddr (6d9e6867f89a3b06cf317fc4c7ee5029) C:WINDOWSsystem32DRIVERSs3gnbm.sys 22:30:17.0406 0648 S3Psddr - ok 22:30:17.0859 0648 Secdrv (d26e26ea516450af9d072635c60387f4) C:WINDOWSsystem32DRIVERSsecdrv.sys 22:30:17.0875 0648 Secdrv - ok 22:30:18.0328 0648 Serenum (a2d868aeeff612e70e213c451a70cafb) C:WINDOWSsystem32DRIVERSserenum.sys 22:30:18.0328 0648 Serenum - ok 22:30:18.0765 0648 Serial (cd9404d115a00d249f70a371b46d5a26) C:WINDOWSsystem32DRIVERSserial.sys 22:30:18.0781 0648 Serial - ok 22:30:19.0218 0648 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:WINDOWSsystem32driversSfloppy.sys 22:30:19.0234 0648 Sfloppy - ok 22:30:19.0625 0648 Simbad - ok 22:30:19.0875 0648 Sparrow - ok 22:30:20.0171 0648 splitter (8e186b8f23295d1e42c573b82b80d548) C:WINDOWSsystem32driverssplitter.sys 22:30:20.0171 0648 splitter - ok 22:30:20.0687 0648 sr (e41b6d037d6cd08461470af04500dc24) C:WINDOWSsystem32DRIVERSsr.sys 22:30:20.0718 0648 sr - ok 22:30:21.0234 0648 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:WINDOWSsystem32DRIVERSsrv.sys 22:30:21.0359 0648 Srv - ok 22:30:21.0765 0648 sscdbhk5 (0885506bd787a1ae7041ea1d0e0f7922) C:WINDOWSsystem32driverssscdbhk5.sys 22:30:21.0765 0648 sscdbhk5 - ok 22:30:22.0171 0648 ssrtln (a9e4acee2d7c9736cd753d630e13a386) C:WINDOWSsystem32driversssrtln.sys 22:30:22.0171 0648 ssrtln - ok 22:30:22.0593 0648 swenum (03c1bae4766e2450219d20b993d6e046) C:WINDOWSsystem32DRIVERSswenum.sys 22:30:22.0593 0648 swenum - ok 22:30:23.0031 0648 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:WINDOWSsystem32driversswmidi.sys 22:30:23.0078 0648 swmidi - ok 22:30:23.0453 0648 symc810 - ok 22:30:23.0703 0648 symc8xx - ok 22:30:23.0953 0648 sym_hi - ok 22:30:24.0187 0648 sym_u3 - ok 22:30:24.0531 0648 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:WINDOWSsystem32driverssysaudio.sys 22:30:24.0562 0648 sysaudio - ok 22:30:25.0125 0648 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:WINDOWSsystem32DRIVERStcpip.sys 22:30:25.0250 0648 Tcpip - ok 22:30:25.0687 0648 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:WINDOWSsystem32driversTDPIPE.sys 22:30:25.0687 0648 TDPIPE - ok 22:30:26.0109 0648 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:WINDOWSsystem32driversTDTCP.sys 22:30:26.0109 0648 TDTCP - ok 22:30:26.0531 0648 TermDD (a540a99c281d933f3d69d55e48727f47) C:WINDOWSsystem32DRIVERStermdd.sys 22:30:26.0546 0648 TermDD - ok 22:30:26.0937 0648 tfsnboio (471b28101ee53b965b836033d8fe7955) C:WINDOWSsystem32dlatfsnboio.sys 22:30:26.0953 0648 tfsnboio - ok 22:30:27.0359 0648 tfsncofs (70766ef81e05ea358118468a722fa1f5) C:WINDOWSsystem32dlatfsncofs.sys 22:30:27.0375 0648 tfsncofs - ok 22:30:27.0765 0648 tfsndrct (66fd0aac1648bc38cd3cd130a4ea12e0) C:WINDOWSsystem32dlatfsndrct.sys 22:30:27.0765 0648 tfsndrct - ok 22:30:28.0140 0648 tfsndres (2b35fcaa75b1c475374d1474a1c2efe1) C:WINDOWSsystem32dlatfsndres.sys 22:30:28.0140 0648 tfsndres - ok 22:30:28.0562 0648 tfsnifs (7aaa22c17642d19c64b81caae888b43f) C:WINDOWSsystem32dlatfsnifs.sys 22:30:28.0578 0648 tfsnifs - ok 22:30:28.0953 0648 tfsnopio (a56ebc32e332f66488cbf9c5ef4e084a) C:WINDOWSsystem32dlatfsnopio.sys 22:30:28.0968 0648 tfsnopio - ok 22:30:29.0312 0648 tfsnpool (53809135b8eb9eb2b29525f125456741) C:WINDOWSsystem32dlatfsnpool.sys 22:30:29.0328 0648 tfsnpool - ok 22:30:29.0687 0648 tfsnudf (03e0ce19e5f6a8009ebdc3cc087a6c9c) C:WINDOWSsystem32dlatfsnudf.sys 22:30:29.0718 0648 tfsnudf - ok 22:30:30.0093 0648 tfsnudfa (3f8f05be8f1d68a598412927aeb57bd9) C:WINDOWSsystem32dlatfsnudfa.sys 22:30:30.0125 0648 tfsnudfa - ok 22:30:30.0500 0648 TosIde - ok 22:30:30.0937 0648 Udfs (12f70256f140cd7d52c58c7048fde657) C:WINDOWSsystem32driversUdfs.sys 22:30:30.0968 0648 Udfs - ok 22:30:31.0359 0648 ultra - ok 22:30:31.0718 0648 Update (aff2e5045961bbc0a602bb6f95eb1345) C:WINDOWSsystem32DRIVERSupdate.sys 22:30:31.0796 0648 Update - ok 22:30:32.0296 0648 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:WINDOWSsystem32DRIVERSusbccgp.sys 22:30:32.0312 0648 usbccgp - ok 22:30:32.0765 0648 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:WINDOWSsystem32DRIVERSusbehci.sys 22:30:32.0781 0648 usbehci - ok 22:30:33.0218 0648 usbhub (c72f40947f92cea56a8fb532edf025f1) C:WINDOWSsystem32DRIVERSusbhub.sys 22:30:33.0234 0648 usbhub - ok 22:30:33.0671 0648 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:WINDOWSsystem32DRIVERSusbprint.sys 22:30:33.0687 0648 usbprint - ok 22:30:34.0093 0648 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:WINDOWSsystem32DRIVERSusbscan.sys 22:30:34.0093 0648 usbscan - ok 22:30:34.0515 0648 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:WINDOWSsystem32DRIVERSUSBSTOR.SYS 22:30:34.0531 0648 USBSTOR - ok 22:30:34.0937 0648 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:WINDOWSsystem32DRIVERSusbuhci.sys 22:30:34.0953 0648 usbuhci - ok 22:30:35.0375 0648 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:WINDOWSSystem32driversvga.sys 22:30:35.0375 0648 VgaSave - ok 22:30:35.0781 0648 viaagp1 (099f10c7b9d4c7a2bf48d4c6eca1e7f1) C:WINDOWSsystem32DRIVERSviaagp1.sys 22:30:35.0796 0648 viaagp1 - ok 22:30:36.0203 0648 ViaIde (59cb1338ad3654417bea49636457f65d) C:WINDOWSsystem32DRIVERSviaide.sys 22:30:36.0203 0648 ViaIde - ok 22:30:36.0671 0648 VolSnap (ee4660083deba849ff6c485d944b379b) C:WINDOWSsystem32driversVolSnap.sys 22:30:36.0687 0648 VolSnap - ok 22:30:37.0156 0648 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:WINDOWSsystem32DRIVERSwanarp.sys 22:30:37.0156 0648 Wanarp - ok 22:30:37.0609 0648 wanatw (ba1d9278448cb26152a18b6a06b61ea3) C:WINDOWSsystem32DRIVERSwanatw4.sys 22:30:37.0625 0648 wanatw - ok 22:30:38.0031 0648 wandrv (30211add92098d4b5cfadbf3da01e69b) C:WINDOWSsystem32DRIVERSwandrv.sys 22:30:38.0031 0648 wandrv - ok 22:30:38.0421 0648 WDICA - ok 22:30:38.0750 0648 wdmaud (2797f33ebf50466020c430ee4f037933) C:WINDOWSsystem32driverswdmaud.sys 22:30:38.0796 0648 wdmaud - ok 22:30:39.0640 0648 {6080A529-897E-4629-A488-ABA0C29B635E} (5b3d453a2f38105bcd0c573b94dea346) C:WINDOWSsystem32driversialmsbw.sys 22:30:39.0671 0648 {6080A529-897E-4629-A488-ABA0C29B635E} - ok 22:30:40.0093 0648 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (e147bd61a697701096ca5c830a5adb90) C:WINDOWSsystem32driversialmkchw.sys 22:30:40.0125 0648 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok 22:30:40.0250 0648 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) DeviceHarddisk0DR0 22:30:40.0281 0648 DeviceHarddisk0DR0 - ok 22:30:40.0359 0648 Boot (0x1200) (e908ba9ef7fac04e8a885e6f734a6fa1) DeviceHarddisk0DR0Partition0 22:30:40.0359 0648 DeviceHarddisk0DR0Partition0 - ok 22:30:40.0390 0648 ============================================================ 22:30:40.0390 0648 Scan finished 22:30:40.0390 0648 ============================================================ 22:30:40.0468 1172 Detected object count: 1 22:30:40.0468 1172 Actual detected object count: 1 22:42:20.0406 1172 C:WINDOWSsystem32DRIVERSACPI.sys - copied to quarantine 22:42:28.0625 1172 Backup copy found, using it.. 22:42:28.0765 1172 C:WINDOWSsystem32DRIVERSACPI.sys - will be cured on reboot 22:42:28.0765 1172 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure 22:42:43.0625 0496 Deinitialize success

#22 me82

me82

    Member

  • Members
  • 168 posts

Posted 12 March 2012 - 09:53 PM

The last scan I did was on March 5, 2012 Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.03.06 Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 6.0.2900.2180 Administrator :: YOUR-PA86Z1I3G7 [administrator] 3/5/2012 12:13:13 AM mbam-log-2012-03-05 (00-13-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 282101 Time elapsed: 27 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun|winlogon (Trojan.Agent) -> Data: C:Documents and SettingsAdministratorwinlogon.exe -> Quarantined and deleted successfully. HKCUSoftwareMicrosoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:Documents and SettingsnikaMy DocumentsDownloadswrar401.exe (PUP.BundleInstaller.OI) -> No action taken. C:Documents and SettingsAdministratorLocal SettingsTemp95ED.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5ASL73MP3installer_m_459[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratoruidsave.dat (Malware.Trace) -> Quarantined and deleted successfully. C:Documents and Settingsnikauidsave.dat (Malware.Trace) -> Quarantined and deleted successfully. (end)

#23 me82

me82

    Member

  • Members
  • 168 posts

Posted 12 March 2012 - 09:54 PM

This one on March 3, 2012 Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.03.06 Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 6.0.2900.2180 Administrator :: YOUR-PA86Z1I3G7 [administrator] 3/3/2012 5:41:31 PM mbam-log-2012-03-03 (17-41-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217442 Time elapsed: 12 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun|58511 (Trojan.Agent.Gen) -> Data: C:DOCUME~1ALLUSE~1LOCALS~1Tempmsdubm.com -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:Documents and SettingsnikaMy DocumentsDownloadswrar401.exe (PUP.BundleInstaller.OI) -> No action taken. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58H2F8TURftp[1].exe (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58H2F8TURinstaller_m_459[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58XIBK92Jsoft[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5GPAN41UJsetup[1].exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully. (end)

#24 me82

me82

    Member

  • Members
  • 168 posts

Posted 12 March 2012 - 09:55 PM

another one from March 3, 2012 Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.03.06 Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 6.0.2900.2180 Administrator :: YOUR-PA86Z1I3G7 [administrator] 3/3/2012 11:41:25 AM mbam-log-2012-03-03 (11-41-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213317 Time elapsed: 12 minute(s), 4 second(s) Memory Processes Detected: 1 C:WINDOWSsystem32crrss.exe (Trojan.Agent) -> 1968 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 9 HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|devicemob (Trojan.Downloader) -> Data: C:Documents and SettingsAll Usersdevicemob.exe -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|mshsrv (Trojan.Downloader) -> Data: C:Documents and SettingsnikaApplication Datamshsrv.exe -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|dplaysvr (Trojan.Downloader) -> Data: C:Documents and SettingsnikaApplication Datadplaysvr.exe -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|38A.exe (Trojan.Dropper.PE4) -> Data: C:Program FilesLP015F38A.exe -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|rkXkeRHrWQE.exe (Rogue.FakeHDD) -> Data: C:Documents and SettingsAll UsersApplication DatarkXkeRHrWQE.exe -> Quarantined and deleted successfully. HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun|winlogon (Trojan.Downloader) -> Data: C:Documents and SettingsAdministratorwinlogon.exe -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|crrss (Trojan.Agent) -> Data: C:WINDOWSsystem32crrss.exe -> Quarantined and deleted successfully. HKCUSoftwareMicrosoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun|58511 (Trojan.Agent.Gen) -> Data: C:DOCUME~1ALLUSE~1LOCALS~1Tempmsdubm.com -> Delete on reboot. Registry Data Items Detected: 1 HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon|Userinit (Trojan.Agent) -> Bad: (C:WINDOWSsystem32crrss.exe) Good: () -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 52 C:Documents and SettingsnikaMy DocumentsDownloadswrar401.exe (PUP.BundleInstaller.OI) -> No action taken. C:Documents and SettingsAll Usersdevicemob.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaApplication Datamshsrv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaApplication Datadplaysvr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Program FilesLP015F38A.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully. C:Documents and SettingsAll UsersApplication DatarkXkeRHrWQE.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:Documents and SettingsAll UsersApplication DataoPgmLDH1TdsETm.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully. C:Documents and SettingsnikaApplication DataAntivirus Protection 2012AntivirusProtection2012.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaApplication DataAntivirus Protection 2012securityhelper.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaApplication DataAntivirus Protection 2012securitymanager.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaApplication DataFC96E00001.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully. C:Documents and SettingsnikaApplication DataVoopavowgookg.exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemp3A70.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemp48B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTempD0D8.tmp (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp00054c33.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp0052ef14.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp0057c174.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp01113690.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp1D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp3391.tmp (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp3gctrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp5DDA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp7A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemp7D.tmp (Spyware.Zbot) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTempF8CF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58H2F8TURftp[1].exe (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58H2F8TURinstaller_m_459[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58XIBK92Jsoft[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5GPAN41UJsetup[1].exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE54PAR09MVsetup2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5GBG8ZWUScf[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5GBG8ZWUSftp[1].exe (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5GBG8ZWUSinstaller_m_459[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5GBG8ZWUSit9[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5JH85E9MLit9[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5JH85E9MLsetup[1].exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5YVY76JG7355[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5YVY76JG7pp[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5YVY76JG7soft[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaApplication Datadplayx.dll (Trojan.QHost.BG) -> Quarantined and deleted successfully. C:Documents and SettingsnikaDesktopAntivirus Protection 2012.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTempppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTempw32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTempwrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAdministratorwinlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and Settingsnikawinlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsnikaLocal SettingsTempdf:filtered:.exe (Malware.Trace) -> Quarantined and deleted successfully. C:WINDOWSsystem32crrss.exe (Trojan.Agent) -> Delete on reboot. C:Documents and SettingsAdministratoruidsave.dat (Malware.Trace) -> Quarantined and deleted successfully. C:Documents and Settingsnikauidsave.dat (Malware.Trace) -> Quarantined and deleted successfully. C:Documents and SettingsAll UsersLocal SettingsTempmsdubm.com (Trojan.Agent.Gen) -> Quarantined and deleted successfully. (end)

#25 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 13 March 2012 - 07:47 AM

Hello me82

Thank you for the logs.

Are you able to boot into Normal Mode now?

If not, run the following from Safe Mode with Networking:

  • Combofix
  • Download ComboFix from one of the following locations:

    Link 1
    Link 2
  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Please post the Combofix log in your next reply.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#26 me82

me82

    Member

  • Members
  • 168 posts

Posted 13 March 2012 - 01:11 PM

I could always boot in normal mode but it really slow and a blank blue screen no icons no startup programs , menu are no accesseries only thing in start is malwarebytes and system check and that is deleted off my computer but the icon is half blue and half white. I can open up firefox and internet explorer but can connect to sites, my internet is connected and working though just in safe mode I will try in normal mode first (combofix)

#27 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 13 March 2012 - 02:16 PM

Hello me82

no icons no startup programs

Once you have ran Combofix from Normal Mode see if the following helps:
  • Unhide
  • Download and run unhide.exe by grinler from here and save the file to your desktop.
  • Run the tool and allow it to complete.

Post the Combofix log in your next reply and let me know if unhide has returned any of your Start Menu items.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#28 me82

me82

    Member

  • Members
  • 168 posts

Posted 13 March 2012 - 03:16 PM

I meant to say I cannot connect to websites in normal mode. do you want me to try system restore first since I think all the malware is gone . or just do the combofix

#29 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 13 March 2012 - 06:16 PM

Hello me82

Download the required tools (Combofix and Unhide) from Safe Mode with Networking.

Once they are saved on your desktop, boot back into Normal Mode and run them from there.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#30 me82

me82

    Member

  • Members
  • 168 posts

Posted 13 March 2012 - 08:43 PM

I' m in safemode now to see because i forget what to do about the internet issues after combofix I did combofix in normal mode and i ran it from a flash drive I could not copy combofix to the desktop so there is not log file , just a folder in c: call Qoobox and after it rebooted i left flash drive my computer it for a check on F drive,. I ran unhide in normal mode and the programs are all in the startup menu not on the desktop How can i send them to the desktop? Do I have to do the programs one by one? When I boot back in normal mode to fix internet settings I should be set. I will let you know next post

#31 me82

me82

    Member

  • Members
  • 168 posts

Posted 13 March 2012 - 10:57 PM

I'm in normal mode and I can connect to websites (thanks) My windows firewall was off .Can I turn it back on?
I have avast free edition on here and it blocked a trojan. C;documents and settingexplorer.exe Is that internet explorer?
I haven't got sound back I don't know if its the speakers or what ? Other than that Thank you for helping me this far

#32 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 14 March 2012 - 08:01 AM

Hello me82


When you ran Combofix did the scan complete even though no log was produced?

Please scan your machine with DDS again and post both logs in your next reply.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#33 me82

me82

    Member

  • Members
  • 168 posts

Posted 14 March 2012 - 01:08 PM

yes, Can I run DDS in safe mode ,since that's where its installed?

#34 me82

me82

    Member

  • Members
  • 168 posts

Posted 14 March 2012 - 04:02 PM

. DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 6.0.2900.2180 Run by Administrator at 16:57:27 on 2012-03-14 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.639.521 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ============== Running Processes =============== . C:WINDOWSsystem32svchost.exe -k DcomLaunch svchost.exe C:WINDOWSSystem32svchost.exe -k netsvcs svchost.exe svchost.exe C:WINDOWSexplorer.exe C:WINDOWSsystem32NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 uSearch Page = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com uWindow Title = Microsoft Internet Explorer provided by Compaq uSearch Bar = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409 mDefault_Page_URL = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 mDefault_Search_URL = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com mStart Page = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409 mSearch Bar = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html uInternet Connection Wizard,ShellNext = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 uWinlogon: shell=explorer.exe "c:documents and settingsadministratorwinlogon.exe" BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginierpbrowserrecordplugin.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:program filesstartnow toolbarToolbar32.dll BHO: YBIOCtrl Class: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:windowsdownloaded program filesycomp4,0,2,2.dll BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:program filesmicrosoft moneysystemmnyviewer.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:program filesstartnow toolbarToolbar32.dll EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:program filesyahoo!messengeryhexbmes.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [cleansweep.exe] c:cleansweep.execleansweep.exe uRunOnce: [rflubjvk] c:docume~1admini~1locals~1applic~1rflubjvk.exe uRunOnce: [FlashPlayerUpdate] c:windowssystem32macromedflashFlashUtil11e_Plugin.exe -update plugin mRun: [StorageGuard] "c:program filesveritas softwareupdate managersgtray.exe" /r mRun: [WCOLOREAL] "c:program filescompaqcolorealcoloreal.exe" mRun: [DDCM] "c:program fileswildtangentddcddcmanagerDDCMan.exe" -Background mRun: [DDCActiveMenu] "c:program fileswildtangentddcactivemenuDDCActiveMenu.exe" -boot mRun: [srmclean] c:cpqsscomsrmclean.exe mRun: [CPQEASYACC] c:program filescompaqeasy access button supportStartEAK.exe mRun: [RemoteControl] "c:program filescyberlinkpowerdvdPDVDServ.exe" mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe mRun: [<NO NAME>] mRun: [wcmdmgr] c:windowswtupdaterwcmdmgrl.exe -launch mRun: [TkBellExe] "c:program filesrealrealone playerupdaterealsched.exe" -osboot mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui mRun: [KernelFaultCheck] %systemroot%system32dumprep 0 -k dRun: [Windows Update Server] c:documents and settingslocalservice5ed86d98-3033.exe StartupFolder: c:docume~1alluse~1startm~1programsstartupadober~1.lnk - c:program filesadobereader 8.0readerreader_sl.exe StartupFolder: c:docume~1alluse~1startm~1programsstartupadober~2.lnk - c:program filesadobereader 8.0readerAdobeCollabSync.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:program filesyahoo!commonylogin.dll IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:program filesyahoo!messengeryhexbmes.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:program filesmicrosoft moneysystemmnyviewer.dll DPF: Microsoft XML Parser for Java - file://c:windowsjavaclassesxmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces{E33A9FD0-DEF2-4352-87CE-17F0C5C31E81} : DhcpNameServer = 192.168.1.254 Notify: igfxcui - igfxsrvc.dll . ================= FIREFOX =================== . FF - ProfilePath - c:documents and settingsadministratorapplication datamozillafirefoxprofilesuhaymgi7.default FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bab70036d-e04f-4a11-bfe1-9ae4f7c99b89%7D&mid=1828756a5a9547d180a9d14acce4e9e6-6587c276f1491d8d761e2f957e2b6589725384c0&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-03-03%2021%3A21%3A45&sap=ku&q= FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprpchromebrowserrecordext.dll FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprphtml5videoshim.dll FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll FF - plugin: c:program filesrealrealone playernetscape6nppl3260.dll FF - plugin: c:program filesrealrealone playernetscape6nprjplug.dll FF - plugin: c:program filesrealrealone playernetscape6nprpjplug.dll . ============= SERVICES / DRIVERS =============== . S0 mabd;mabd;c:windowssystem32driversvpnyjfhw.sys --> c:windowssystem32driversvpnyjfhw.sys [?] S1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-3-2 435032] S1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-3-2 314456] S2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-3-2 20568] S2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-3-2 44768] S2 msCMTSrvc;Content Monitoring Tool;c:windowssystem32mscmtsrvc.exe --> c:windowssystem32msCMTSrvc.exe [?] S2 PackethSvc;Virtual NIC Service;c:windowssystem32PackethSvc.exe [2002-8-2 64512] S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:program filesstartnow toolbarToolbarUpdaterService.exe [2011-10-25 244960] . =============== Created Last 30 ================ . 2012-03-13 22:46:49 -------- d-sha-r- C:cmdcons 2012-03-13 22:41:58 98816 ----a-w- c:windowssed.exe 2012-03-13 22:41:58 518144 ----a-w- c:windowsSWREG.exe 2012-03-13 22:41:58 256000 ----a-w- c:windowsPEV.exe 2012-03-13 22:41:58 208896 ----a-w- c:windowsMBR.exe 2012-03-13 22:41:35 -------- d-s---w- C:ComboFix 2012-03-13 02:42:19 -------- d-----w- C:TDSSKiller_Quarantine 2012-03-10 18:09:08 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataHP 2012-03-08 23:45:51 -------- d-----w- c:documents and settingsadministratorapplication dataQuickScan 2012-03-07 22:29:27 23040 -c--a-w- c:windowssystem32dllcachexrxwbtmp.dll 2012-03-07 22:29:27 116224 -c--a-w- c:windowssystem32dllcachexrxwiadr.dll 2012-03-07 22:29:26 17408 -c--a-w- c:windowssystem32dllcachexrxscnui.dll 2012-03-07 22:29:25 27648 -c--a-w- c:windowssystem32dllcachexrxftplt.exe 2012-03-07 22:29:24 4608 -c--a-w- c:windowssystem32dllcachexrxflnch.exe 2012-03-07 22:29:16 99865 -c--a-w- c:windowssystem32dllcachexlog.exe 2012-03-07 22:29:14 16970 -c--a-w- c:windowssystem32dllcachexem336n5.sys 2012-03-07 22:28:56 8192 -c--a-w- c:windowssystem32dllcachewshirda.dll 2012-03-07 22:28:02 8832 -c--a-w- c:windowssystem32dllcachewmiacpi.sys 2012-03-07 22:27:58 154624 -c--a-w- c:windowssystem32dllcachewlluc48.sys 2012-03-07 22:27:57 34890 -c--a-w- c:windowssystem32dllcachewlandrv2.sys 2012-03-07 22:27:34 771581 -c--a-w- c:windowssystem32dllcachewinacisa.sys 2012-03-07 22:27:24 53760 -c--a-w- c:windowssystem32dllcachewiamsmud.dll 2012-03-07 22:27:23 87040 -c--a-w- c:windowssystem32dllcachewiafbdrv.dll 2012-03-07 22:27:13 701386 -c--a-w- c:windowssystem32dllcachewdhaalba.sys 2012-03-07 22:27:11 35871 -c--a-w- c:windowssystem32dllcachewbfirdma.sys 2012-03-07 22:27:11 31744 -c--a-w- c:windowssystem32dllcachewceusbsh.sys 2012-03-07 22:25:58 32384 -c--a-w- c:windowssystem32dllcacheusb101et.sys 2012-03-07 22:24:58 123995 -c--a-w- c:windowssystem32dllcachetjisdn.sys 2012-03-07 22:24:52 138528 -c--a-w- c:windowssystem32dllcachetgiulnt5.sys 2012-03-07 22:24:51 81408 -c--a-w- c:windowssystem32dllcachetgiul50.dll 2012-03-07 22:24:48 149376 -c--a-w- c:windowssystem32dllcachetffsport.sys 2012-03-07 22:24:39 17129 -c--a-w- c:windowssystem32dllcachetdkcd31.sys 2012-03-07 22:24:37 37961 -c--a-w- c:windowssystem32dllcachetdk100b.sys 2012-03-07 22:24:19 30464 -c--a-w- c:windowssystem32dllcachetbatm155.sys 2012-03-07 22:24:13 7040 -c--a-w- c:windowssystem32dllcachetandqic.sys 2012-03-07 22:24:12 36640 -c--a-w- c:windowssystem32dllcachet2r4mini.sys 2012-03-07 22:24:11 172768 -c--a-w- c:windowssystem32dllcachet2r4disp.dll 2012-03-07 22:23:59 32640 -c--a-w- c:windowssystem32dllcachesymc8xx.sys 2012-03-07 22:23:57 16256 -c--a-w- c:windowssystem32dllcachesymc810.sys 2012-03-07 22:23:55 30688 -c--a-w- c:windowssystem32dllcachesym_u3.sys 2012-03-07 22:23:54 28384 -c--a-w- c:windowssystem32dllcachesym_hi.sys 2012-03-07 22:23:53 94293 -c--a-w- c:windowssystem32dllcachesxports.dll 2012-03-07 22:23:52 103936 -c--a-w- c:windowssystem32dllcachesx.sys 2012-03-07 22:23:51 3968 -c--a-w- c:windowssystem32dllcacheswusbflt.sys 2012-03-07 22:23:50 10240 -c--a-w- c:windowssystem32dllcacheswpidflt.dll 2012-03-07 22:23:49 10240 -c--a-w- c:windowssystem32dllcacheswpdflt2.dll 2012-03-07 22:23:47 53760 -c--a-w- c:windowssystem32dllcachesw_wheel.dll 2012-03-07 22:23:46 41472 -c--a-w- c:windowssystem32dllcachesw_effct.dll 2012-03-07 22:22:58 155648 -c--a-w- c:windowssystem32dllcachestlnprop.dll 2012-03-07 22:22:57 53248 -c--a-w- c:windowssystem32dllcachestlncoin.dll 2012-03-07 22:22:56 285760 -c--a-w- c:windowssystem32dllcachestlnata.sys 2012-03-07 22:22:04 16896 -c--a-w- c:windowssystem32dllcachestcusb.sys 2012-03-07 22:20:59 25034 -c--a-w- c:windowssystem32dllcachesmcpwr2n.sys 2012-03-07 22:19:43 161568 -c--a-w- c:windowssystem32dllcachesgsmusb.sys 2012-03-07 22:18:59 75392 -c--a-w- c:windowssystem32dllcaches3savmxm.sys 2012-03-07 22:17:59 37563 -c--a-w- c:windowssystem32dllcacherlnet5.sys 2012-03-07 22:17:56 86097 -c--a-w- c:windowssystem32dllcachereslog32.dll 2012-03-07 22:17:30 19584 -c--a-w- c:windowssystem32dllcacherasirda.sys 2012-03-07 22:17:22 714762 -c--a-w- c:windowssystem32dllcacher2mdmkxx.sys 2012-03-07 22:17:20 899146 -c--a-w- c:windowssystem32dllcacher2mdkxga.sys 2012-03-07 22:17:17 41472 -c--a-w- c:windowssystem32dllcacheqvusd.dll 2012-03-07 22:17:16 3328 -c--a-w- c:windowssystem32dllcacheqv2kux.sys 2012-03-07 22:17:05 49024 -c--a-w- c:windowssystem32dllcacheql1280.sys 2012-03-07 22:17:04 40448 -c--a-w- c:windowssystem32dllcacheql1240.sys 2012-03-07 22:17:03 45312 -c--a-w- c:windowssystem32dllcacheql12160.sys 2012-03-07 22:17:02 33152 -c--a-w- c:windowssystem32dllcacheql10wnt.sys 2012-03-07 22:17:01 40320 -c--a-w- c:windowssystem32dllcacheql1080.sys 2012-03-07 22:15:59 35328 -c--a-w- c:windowssystem32dllcachepcntpci5.sys 2012-03-07 22:14:41 51552 -c--a-w- c:windowssystem32dllcachentgrip.sys 2012-03-07 22:14:37 9344 -c--a-w- c:windowssystem32dllcachentapm.sys 2012-03-07 22:14:36 7552 -c--a-w- c:windowssystem32dllcachensmmc.sys 2012-03-07 22:14:32 28672 -c--a-w- c:windowssystem32dllcachenscirda.sys 2012-03-07 22:14:24 87040 -c--a-w- c:windowssystem32dllcachenm6wdm.sys 2012-03-07 22:14:23 126080 -c--a-w- c:windowssystem32dllcachenm5a2wdm.sys 2012-03-07 22:14:12 32840 -c--a-w- c:windowssystem32dllcachengrpci.sys 2012-03-07 22:14:10 132695 -c--a-w- c:windowssystem32dllcachenetwlan5.sys 2012-03-07 22:12:55 49024 -c--a-w- c:windowssystem32dllcachemstape.sys 2012-03-07 22:12:49 12416 -c--a-w- c:windowssystem32dllcachemsriffwv.sys 2012-03-07 22:12:33 2944 -c--a-w- c:windowssystem32dllcachemsmpu401.sys 2012-03-07 22:12:29 22016 -c--a-w- c:windowssystem32dllcachemsircomm.sys 2012-03-07 22:12:27 98304 -c--a-w- c:windowssystem32dllcachemsir3jp.dll 2012-03-07 22:12:02 35200 -c--a-w- c:windowssystem32dllcachemsgame.sys 2012-03-07 22:11:59 6016 -c--a-w- c:windowssystem32dllcachemsfsio.sys 2012-03-07 22:11:41 17280 -c--a-w- c:windowssystem32dllcachemraid35x.sys 2012-03-07 22:10:22 12160 -c--a-w- c:windowssystem32dllcachemouhid.sys 2012-03-07 22:10:04 16128 -c--a-w- c:windowssystem32dllcachemodemcsa.sys 2012-03-07 22:08:57 4992 -c--a-w- c:windowssystem32dllcacheloop.sys 2012-03-07 22:07:50 14848 -c--a-w- c:windowssystem32dllcachekbdhid.sys 2012-03-07 22:07:30 6144 -c--a-w- c:windowssystem32dllcachekbd106.dll 2012-03-07 22:07:29 6144 -c--a-w- c:windowssystem32dllcachekbd101c.dll 2012-03-07 22:07:29 5632 -c--a-w- c:windowssystem32dllcachekbd103.dll 2012-03-07 22:07:28 6144 -c--a-w- c:windowssystem32dllcachekbd101b.dll 2012-03-07 22:07:09 26624 -c--a-w- c:windowssystem32dllcacheirstusb.sys 2012-03-07 22:07:08 18688 -c--a-w- c:windowssystem32dllcacheirsir.sys 2012-03-07 22:07:06 27136 -c--a-w- c:windowssystem32dllcacheirmon.dll 2012-03-07 22:07:05 23552 -c--a-w- c:windowssystem32dllcacheirmk7.sys 2012-03-07 22:07:04 152576 -c--a-w- c:windowssystem32dllcacheirftp.exe 2012-03-07 22:07:01 87424 -c--a-w- c:windowssystem32dllcacheirda.sys 2012-03-07 22:05:57 372824 -c--a-w- c:windowssystem32dllcacheiconf32.dll 2012-03-07 22:04:54 488383 -c--a-w- c:windowssystem32dllcachehsf_v124.sys 2012-03-07 22:03:57 28288 -c--a-w- c:windowssystem32dllcachegrserial.sys 2012-03-07 22:02:54 27165 -c--a-w- c:windowssystem32dllcachefetnd5.sys 2012-03-07 22:01:59 144896 -c--a-w- c:windowssystem32dllcacheepcfw2k.sys 2012-03-07 22:00:59 28062 -c--a-w- c:windowssystem32dllcachedp83820.sys 2012-03-07 21:59:19 419357 -c--a-w- c:windowssystem32dllcachedgconfig.dll 2012-03-07 21:59:17 29531 -c--a-w- c:windowssystem32dllcachedgapci.sys 2012-03-07 21:57:52 117760 -c--a-w- c:windowssystem32dllcached100ib5.sys 2012-03-07 21:56:54 6656 -c--a-w- c:windowssystem32dllcachecmdide.sys 2012-03-07 21:55:59 7680 -c--a-w- c:windowssystem32dllcachecd20xrnt.sys 2012-03-07 21:55:56 714698 -c--a-w- c:windowssystem32dllcachecbmdmkxx.sys 2012-03-07 21:55:55 46108 -c--a-w- c:windowssystem32dllcachecben5.sys 2012-03-07 21:55:54 39680 -c--a-w- c:windowssystem32dllcachecb325.sys 2012-03-07 21:55:52 37916 -c--a-w- c:windowssystem32dllcachecb102.sys 2012-03-07 21:55:48 32256 -c--a-w- c:windowssystem32dllcachediapi2NT.dll 2012-03-07 21:55:47 164923 -c--a-w- c:windowssystem32dllcachediapi2.sys 2012-03-07 21:55:44 119296 -c--a-w- c:windowssystem32dllcachecamext30.dll 2012-03-07 21:55:42 236032 -c--a-w- c:windowssystem32dllcachecamext20.dll 2012-03-07 21:55:40 74240 -c--a-w- c:windowssystem32dllcachecamexo20.dll 2012-03-07 21:55:38 171264 -c--a-w- c:windowssystem32dllcachecamdrv30.sys 2012-03-07 21:55:37 223232 -c--a-w- c:windowssystem32dllcachecamdrv21.sys 2012-03-07 21:55:35 314752 -c--a-w- c:windowssystem32dllcachecamdro21.sys 2012-03-07 21:53:59 14080 -c--a-w- c:windowssystem32dllcachebattc.sys 2012-03-07 21:52:59 281600 -c--a-w- c:windowssystem32dllcacheatimtai.sys 2012-03-07 21:51:51 101888 -c--a-w- c:windowssystem32dllcacheadpu160m.sys 2012-03-07 21:50:03 66048 -c--a-w- c:windowssystem32dllcaches3legacy.dll 2012-03-05 06:13:22 -------- d-----w- c:windowssystem32wbemrepositoryFS 2012-03-05 06:13:22 -------- d-----w- c:windowssystem32wbemRepository 2012-03-04 21:13:28 -------- d-----w- C:$AVG 2012-03-04 20:45:42 101720 ----a-w- c:windowssystem32driversSBREDrv.sys 2012-03-04 20:37:51 -------- d-----w- c:program filesLavasoft 2012-03-04 04:54:55 151078792 ----a-w- c:program filesmozilla firefoxavg internet security 2012 12.0 build 1891 final incl keysavg_isct_x86_all_2012_1901a4695.exe 2012-03-04 04:35:43 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataMozilla 2012-03-04 02:23:07 -------- d-----w- c:documents and settingsadministratorapplication dataAVG2012 2012-03-04 02:18:19 -------- d-----w- c:documents and settingsall usersapplication dataAVG2012 2012-03-04 02:16:14 -------- d-----w- c:program filesAVG 2012-03-03 16:38:49 -------- d-----w- c:documents and settingsadministratorapplication dataMalwarebytes 2012-03-03 16:38:37 -------- d-----w- c:documents and settingsall usersapplication dataMalwarebytes 2012-03-03 16:38:34 20464 ----a-w- c:windowssystem32driversmbam.sys 2012-03-03 16:38:34 -------- d-----w- c:program filesMalwarebytes' Anti-Malware 2012-03-03 00:26:56 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataAdobe 2012-03-03 00:18:44 435032 ----a-w- c:windowssystem32driversaswSnx.sys 2012-03-03 00:17:47 41184 ----a-w- c:windowsavastSS.scr 2012-03-02 18:46:44 -------- d-----w- c:documents and settingsall usersapplication dataSpybot - Search & Destroy 2012-03-02 18:32:31 -------- d-----w- c:windowsSxsCaPendDel 2012-03-02 17:40:26 -------- d-----w- c:documents and settingsall usersapplication dataCommon Files 2012-03-02 17:39:55 -------- d-----w- c:documents and settingsall usersapplication dataMFAData 2012-03-02 16:14:48 -------- d-s---w- c:documents and settingsadministratorUserData 2012-03-02 05:43:56 -------- d-----w- c:program files6E48F 2012-03-02 05:42:30 -------- d-----w- c:program filesLP 2012-02-15 07:18:20 -------- d-----w- c:windowsSmartPack 2012-02-15 07:18:20 -------- d-----w- c:program filesSmartPack . ==================== Find3M ==================== . 2012-03-13 02:43:15 187776 ----a-w- c:windowssystem32driversacpi.sys 2012-03-08 04:05:03 4694 ----a-w- c:windowscompaq.reg 2012-02-12 22:29:32 47360 ----a-w- c:windowssystem32driverspcouffin.sys 2012-01-28 21:58:34 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-01-28 08:26:58 499712 ----a-w- c:windowssystem32msvcp71.dll 2012-01-28 08:26:58 348160 ----a-w- c:windowssystem32msvcr71.dll 2012-01-25 18:00:00 79360 ----a-w- c:windowssystem32ff_vfw.dll 2012-01-05 00:25:40 335 ----a-w- c:windowsINET.reg 2011-12-21 18:14:02 151552 ----a-w- c:windowssystem32ac3acm.acm . ============= FINISH: 16:59:19.06 ===============

#35 me82

me82

    Member

  • Members
  • 168 posts

Posted 14 March 2012 - 04:05 PM

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: DeviceHarddiskVolume1 Install Date: 1/2/2012 6:31:09 PM System Uptime: 3/14/2012 4:46:00 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P4G533LA Processor: Intel® Celeron® CPU 1.80GHz | PGA 478 | 1793/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 37 GiB total, 19.908 GiB free. D: is CDROM () E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP9: 1/27/2012 3:48:16 PM - avast! Free Antivirus Setup RP10: 1/27/2012 9:33:41 PM - Removed Norton AntiVirus 2002 RP11: 1/27/2012 9:52:00 PM - Installed Kaspersky Anti-Virus 2012. RP12: 1/27/2012 11:43:53 PM - First Restore Point RP13: 1/28/2012 2:00:17 PM - Software Distribution Service 3.0 RP14: 1/28/2012 5:05:39 PM - Software Distribution Service 3.0 RP15: 1/29/2012 2:22:10 PM - Software Distribution Service 3.0 RP16: 1/29/2012 3:25:13 PM - Software Distribution Service 3.0 RP17: 1/30/2012 2:39:09 PM - Software Distribution Service 3.0 RP18: 1/31/2012 3:46:39 PM - Software Distribution Service 3.0 RP19: 2/2/2012 9:42:07 PM - System Checkpoint RP20: 2/5/2012 3:46:36 PM - System Checkpoint RP21: 2/6/2012 6:54:31 PM - System Checkpoint RP22: 2/7/2012 2:36:24 PM - Installed Adobe Reader 8 RP23: 2/8/2012 4:07:58 PM - System Checkpoint RP24: 2/9/2012 6:41:07 PM - System Checkpoint RP25: 2/10/2012 7:19:24 PM - System Checkpoint RP26: 2/11/2012 8:21:50 PM - System Checkpoint RP27: 2/12/2012 10:20:11 PM - System Checkpoint RP28: 2/13/2012 10:37:13 PM - System Checkpoint RP29: 2/14/2012 11:03:59 PM - System Checkpoint RP30: 2/15/2012 4:24:39 PM - Software Distribution Service 3.0 RP31: 2/17/2012 6:29:35 PM - System Checkpoint RP32: 2/18/2012 6:55:06 PM - System Checkpoint RP33: 2/19/2012 7:23:20 PM - System Checkpoint RP34: 2/21/2012 10:44:26 PM - System Checkpoint RP35: 2/24/2012 2:55:29 PM - System Checkpoint RP36: 2/26/2012 1:41:22 PM - System Checkpoint RP37: 3/2/2012 1:21:01 PM - Removed Kaspersky Anti-Virus 2012. RP38: 3/3/2012 4:19:24 PM - Restore Operation RP39: 3/3/2012 4:49:07 PM - Restore Operation RP40: 3/3/2012 4:57:49 PM - Restore Operation RP41: 3/3/2012 4:58:50 PM - Feb.10 RP42: 3/3/2012 5:09:19 PM - Restore Operation RP43: 3/4/2012 5:24:17 PM - System Checkpoint RP44: 3/4/2012 9:17:06 PM - Restore Operation RP45: 3/4/2012 9:27:36 PM - Restore Operation RP46: 3/5/2012 1:06:10 AM - Removed Ad-Aware RP47: 3/5/2012 1:11:41 AM - march uninstall ad aware ,alware scan RP48: 3/5/2012 1:12:24 AM - Restore Operation RP49: 3/13/2012 6:42:48 PM - ComboFix created restore point RP50: 3/14/2012 2:11:41 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe Acrobat 5.0 Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Reader 8 America Online AOL Coach Version 1.0(Build:20011028.1) Atomic Pop avast! Free Antivirus Blackhawk Striker Blasterball 2 Blasterball Wild Coloreal Compaq Advisor CompuServe 2000 ConvertXtoDVD 4.1.19.365 Coupon Printer for Windows D-Link DFE-530TX+ D-Link PCI Fast Ethernet Adapter Dark Orbit Disney's Lilo and Stitch Pinball DLA Driver Genius Professional Edition Easy Access Button Support GemMaster 2 Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB981793) HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Deskjet 1050 J410 series Product Improvement Study HP Photo Creations HP Update Inactive HP Printer Drivers (Remove only) Intel® 845G Chipset Graphics Driver Software Java 2 Runtime Environment Standard Edition v1.3.1 K-Lite Codec Pack 8.2.0 (Full) Kublox Malwarebytes Anti-Malware version 1.60.1.1000 Men In Black II Crossfire Trial Version Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works 6.0 Microsoft Works and Money 2002 Setup Launcher Mozilla Firefox 5.0 (x86 en-US) Netscape 6 (6.2.1) Operation Mania (remove only) PowerDVD Python 2.2 combined Win32 extensions Python 2.2.1 Quicken 2002 New User Edition Quicken Financial Center RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 RecordNow RecordNow Update Manager S3Display S3Gamma2 S3Info2 S3Overlay SabreWing 2 Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981350) Security Update for Windows XP (KB982381) SmartPack 1.21.0 Snowboard Extreme Space Rocks StartNow Toolbar Super DVD Creator 9.5 Update for Windows XP (KB898461) Update for Windows XP (KB914882) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Viewpoint Media Player (Remove Only) Virtual Warfare WebFldrs XP WildTangent Channel Manager WildTangent Updater WildTangent Web Driver Windows Installer 3.1 (KB893803) Windows XP Service Pack 2 WinRAR 4.10 (32-bit) Works Suite OS Pack Yahoo! Companion Toolbar Yahoo! Essentials Yahoo! Internet Mail Yahoo! Login Yahoo! Messenger Yahoo! Messenger Explorer Bar . ==== Event Viewer Messages From Past Week ======== . 3/7/2012 4:59:29 PM, error: atapi [9] - The device, DeviceIdeIdePort0, did not respond within the timeout period. 3/7/2012 4:06:32 PM, error: System Error [1003] - Error code 00000077, parameter1 c000000e, parameter2 c000000e, parameter3 00000000, parameter4 0692d000. 3/7/2012 2:11:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/7/2012 2:02:43 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired. 3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The Windows Time service hung on starting. 3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The Terminal Services service hung on starting. 3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The Server service hung on starting. 3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The Distributed Link Tracking Client service hung on starting. 3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting. 3/7/2012 12:57:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TapiSrv service. 3/7/2012 12:57:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service. 3/7/2012 12:57:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WAN Miniport (ATW) Service service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the vToolbarUpdater service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Virtual NIC Service service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Updater Service for StartNow Toolbar service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Compaq Advisor service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect. 3/7/2012 12:57:39 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: After starting, the service hung in a start-pending state. 3/7/2012 12:57:39 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The Virtual NIC Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The System Event Notification service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The Compaq Advisor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/7/2012 11:40:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 3/7/2012 11:24:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips Processor 3/7/2012 11:24:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 3/7/2012 11:19:37 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 3/7/2012 1:58:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Fips Processor 3/7/2012 1:32:38 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 3/13/2012 7:35:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TrkWks service. 3/13/2012 7:35:23 PM, error: Service Control Manager [7001] - The wscsvc service depends on the Windows Management Instrumentation service which failed to start because of the following error: After starting, the service hung in a start-pending state. 3/13/2012 7:35:23 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: All pipe instances are busy. 3/13/2012 7:35:23 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/13/2012 6:29:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service. 3/13/2012 6:29:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service. 3/13/2012 6:29:30 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/12/2012 10:45:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips IntelIde Processor viaagp1 ViaIde 3/12/2012 10:44:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 3/12/2012 1:28:03 PM, error: Service Control Manager [7022] - The Telephony service hung on starting. 3/12/2012 1:28:03 PM, error: Service Control Manager [7022] - The System Restore Service service hung on starting. 3/12/2012 1:28:03 PM, error: Service Control Manager [7022] - The Protected Storage service hung on starting. 3/12/2012 1:28:03 PM, error: Service Control Manager [7022] - The IPSEC Services service hung on starting. 3/12/2012 1:28:03 PM, error: Service Control Manager [7022] - The Help and Support service hung on starting. 3/12/2012 1:28:03 PM, error: Service Control Manager [7022] - The COM+ Event System service hung on starting. 3/12/2012 1:28:03 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting. 3/12/2012 1:28:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service. 3/12/2012 1:28:03 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: After starting, the service hung in a start-pending state. 3/12/2012 1:28:03 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: After starting, the service hung in a start-pending state. 3/12/2012 1:28:03 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/10/2012 12:20:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E} . ==== End Of File ===========================

#36 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 14 March 2012 - 05:06 PM

Hello me82

Thank you for the logs.

I see that you are presently running Avast. Please confirm to me that you have uninstalled Kaspersky Anti-Virus. Also, if you no longer use AVG let me know.

  • Please un-install StartNow Toolbar
  • Click on "Start" then on "Control Panel" and then on "Add or remove programs".
  • Click on "remove a program". A list of currently installed programs will be displayed.
  • Find the "StartNow Toolbar" program, click on it once and then click on the "uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.
  • Repeat for Java 2 Runtime Environment Standard Edition v1.3.1 and Viewpoint Media Player.

I would like you to run Combofix again.

You mentioned this in a previous post:

I did combofix in normal mode and i ran it from a flash drive I could not copy combofix to the desktop

Please DO NOT transfer it onto the machine using a flash drive and do not run it from a flash drive.

Download a fresh copy of Combofix to your desktop in Normal Mode.
  • Combofix
  • Download ComboFix from one of the following locations:

    Link 1
    Link 2
  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Please run Combofix exactly as described above.

If there are any problems, do not continue, just come back here and let me know.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#37 me82

me82

    Member

  • Members
  • 168 posts

Posted 14 March 2012 - 07:47 PM

I did uninstall Kaspersky Anti-Virus. Unhide.exe put it back in my startup menu but it is no longer on my system. I uninstalled AVG too. Only thing of avg on here is the secure search if i want to use it as a search tool on internet.

#38 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 15 March 2012 - 06:53 AM

Hello me82

I did uninstall Kaspersky Anti-Virus. Unhide.exe put it back in my startup menu but it is no longer on my system.
I uninstalled AVG too. Only thing of avg on here is the secure search if i want to use it as a search
tool on internet.

Thanks for letting me know,

Let me know how you get on with Combofix.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#39 me82

me82

    Member

  • Members
  • 168 posts

Posted 15 March 2012 - 05:31 PM

I have combofix save in downloads folder(firefox) and i choose to change the locations of downloaded files to desktop. Its in desktop but thru Windows explorer. Its not on the my deskstop screen Do you still want me to run it . I took a printscreen of it. how can i attach it so you can see what i'm talking about?

#40 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 16 March 2012 - 02:38 AM

Hello me82

Take a look at the instructions here and use them to configure your firefox browser to download directly to desktop.

Once you have made the change download Combofix to desktop and follow the instructions to run it.

Let me know if you have any problems :)
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users