Jump to content
Sign in to follow this  
me82

virus help

Recommended Posts

me82   

I cannot browse the internet in normal mode . only in safemode .I had a virus on my computer may still be on here. but i have used avast , avg internet security and malwarebytes. I removed whatever came up in the scan. My icons on desktop are gone as well as the startup menu in normal mode. system restore does not work.

 

I just did hijackthis in safemode and i'm going to post log file

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:52:03 PM, on 3/5/2012

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp4,0,2,2.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realone player\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z

O4 - HKCU\..\RunOnce: [rflubjvk] C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\rflubjvk.exe

O4 - HKUS\S-1-5-18\..\Run: [Windows Update Server] C:\Documents and Settings\LocalService\5ed86d98-3033.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Windows Update Server] C:\Documents and Settings\LocalService\5ed86d98-3033.exe (User 'Default user')

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe

O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 7634 bytes

Share this post


Link to post
Share on other sites
JonTom   

Hello me82 and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.
I have closed the thread you created here: http://forums.pcpits...288-my-hjt-log/

 

Can you tell me why this machine has not yet been updated to XP SP3?

 

  • Please perform the following scan

  • Please download DDS from here and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click on the DDS icon to run the tool (may take up to 3 minutes to run).
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
  • aswMBR

    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click the "Scan" button to start scan.
    Posted Image

     

    • On completion of the scan click save log, save it to your desktop and post in your next reply.
    Posted Image
  • MGADiag

    • Please download MGADiag by clicking here and save it to your desktop.
    • Double click the Posted Image icon on your desktop.
    • Push Posted Image
    • Push Posted Image
    • Go to Start -> Run and type in "Notepad"
    • Go to Edit -> Paste in notepad.
    • "x" out all of the numbers and letters in the line beginning with "Windows Product Key:"
    • Copy and paste that log here.
  • CKScanner

    • Download CKScanner by askey127 from here and save it to your Desktop.
    • Double click CKScanner.exe then click on Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved.
    • Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    Please post both DDS logs, the aswMBR, MGADiag and CKScanner logs in your next reply.

     

    You will need to make more than one post to fit all of the information in.

Share this post


Link to post
Share on other sites
me82   

The reason why it has not been updated to sp3 yet was because I did a reinstall of the

operating system 2 months ago. some of the windows updates i didn't install yet and I had sp

1 and 2 on a flash drive i needed to install my printer software with.

 

Do you want me to download all of those and scan at one time

Share this post


Link to post
Share on other sites
JonTom   

Hello me82

 

Do you want me to download all of those and scan at one time

Yes please. Run each scan and post the logs one at a time. Once I have reviewed them I'll get back to you :)

Share this post


Link to post
Share on other sites
me82   

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 6.0.2900.2180

Run by Administrator at 18:08:49 on 2012-03-09

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.639.527 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

============== Running Processes ===============

.

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:WINDOWSSystem32svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:WINDOWSexplorer.exe

C:WINDOWSsystem32NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

uSearch Page = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com

uWindow Title = Microsoft Internet Explorer provided by Compaq

uSearch Bar = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409

mDefault_Page_URL = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

mDefault_Search_URL = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com

mStart Page = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409

mSearch Bar = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html

uInternet Connection Wizard,ShellNext = hxxp://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

uWinlogon: shell=explorer.exe "c:documents and settingsadministratorwinlogon.exe"

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginierpbrowserrecordplugin.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:program filesstartnow toolbarToolbar32.dll

BHO: YBIOCtrl Class: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:windowsdownloaded program filesycomp4,0,2,2.dll

BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:program filesmicrosoft moneysystemmnyviewer.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:program filesstartnow toolbarToolbar32.dll

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:program filesyahoo!messengeryhexbmes.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRunOnce: [rflubjvk] c:docume~1admini~1locals~1applic~1rflubjvk.exe

uRunOnce: [FlashPlayerUpdate] c:windowssystem32macromedflashFlashUtil11e_Plugin.exe -update plugin

mRun: [storageGuard] "c:program filesveritas softwareupdate managersgtray.exe" /r

mRun: [WCOLOREAL] "c:program filescompaqcolorealcoloreal.exe"

mRun: [DDCM] "c:program fileswildtangentddcddcmanagerDDCMan.exe" -Background

mRun: [DDCActiveMenu] "c:program fileswildtangentddcactivemenuDDCActiveMenu.exe" -boot

mRun: [srmclean] c:cpqsscomsrmclean.exe

mRun: [CPQEASYACC] c:program filescompaqeasy access button supportStartEAK.exe

mRun: [RemoteControl] "c:program filescyberlinkpowerdvdPDVDServ.exe"

mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [wcmdmgr] c:windowswtupdaterwcmdmgrl.exe -launch

mRun: [TkBellExe] "c:program filesrealrealone playerupdaterealsched.exe" -osboot

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [avast] "c:program filesavast softwareavastavastUI.exe" /nogui

dRun: [Windows Update Server] c:documents and settingslocalservice5ed86d98-3033.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe

IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:program filesyahoo!commonylogin.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:program filesyahoo!messengeryhexbmes.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:program filesmicrosoft moneysystemmnyviewer.dll

DPF: Microsoft XML Parser for Java - file://c:windowsjavaclassesxmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab

DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll

DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces{E33A9FD0-DEF2-4352-87CE-17F0C5C31E81} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxsrvc.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:documents and settingsadministratorapplication datamozillafirefoxprofilesuhaymgi7.default

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bab70036d-e04f-4a11-bfe1-9ae4f7c99b89%7D&mid=1828756a5a9547d180a9d14acce4e9e6-6587c276f1491d8d761e2f957e2b6589725384c0&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-03-03%2021%3A21%3A45&sap=ku&q=

FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprpchromebrowserrecordext.dll

FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprphtml5videoshim.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll

FF - plugin: c:program filesrealrealone playernetscape6nppl3260.dll

FF - plugin: c:program filesrealrealone playernetscape6nprjplug.dll

FF - plugin: c:program filesrealrealone playernetscape6nprpjplug.dll

.

============= SERVICES / DRIVERS ===============

.

S0 mabd;mabd;c:windowssystem32driversvpnyjfhw.sys --> c:windowssystem32driversvpnyjfhw.sys [?]

S1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-3-2 435032]

S1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-3-2 314456]

S2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-3-2 20568]

S2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-3-2 44768]

S2 msCMTSrvc;Content Monitoring Tool;c:windowssystem32mscmtsrvc.exe --> c:windowssystem32msCMTSrvc.exe [?]

S2 PackethSvc;Virtual NIC Service;c:windowssystem32PackethSvc.exe [2002-8-2 64512]

S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:program filesstartnow toolbarToolbarUpdaterService.exe [2011-10-25 244960]

S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys --> c:windowssystem32driversmbamswissarmy.sys [?]

.

=============== Created Last 30 ================

.

2012-03-08 23:45:51 -------- d-----w- c:documents and settingsadministratorapplication dataQuickScan

2012-03-07 22:29:27 23040 -c--a-w- c:windowssystem32dllcachexrxwbtmp.dll

2012-03-07 22:29:27 116224 -c--a-w- c:windowssystem32dllcachexrxwiadr.dll

2012-03-07 22:29:26 17408 -c--a-w- c:windowssystem32dllcachexrxscnui.dll

2012-03-07 22:29:25 27648 -c--a-w- c:windowssystem32dllcachexrxftplt.exe

2012-03-07 22:29:24 4608 -c--a-w- c:windowssystem32dllcachexrxflnch.exe

2012-03-07 22:29:16 99865 -c--a-w- c:windowssystem32dllcachexlog.exe

2012-03-07 22:29:14 16970 -c--a-w- c:windowssystem32dllcachexem336n5.sys

2012-03-07 22:28:56 8192 -c--a-w- c:windowssystem32dllcachewshirda.dll

2012-03-07 22:28:02 8832 -c--a-w- c:windowssystem32dllcachewmiacpi.sys

2012-03-07 22:27:58 154624 -c--a-w- c:windowssystem32dllcachewlluc48.sys

2012-03-07 22:27:57 34890 -c--a-w- c:windowssystem32dllcachewlandrv2.sys

2012-03-07 22:27:34 771581 -c--a-w- c:windowssystem32dllcachewinacisa.sys

2012-03-07 22:27:24 53760 -c--a-w- c:windowssystem32dllcachewiamsmud.dll

2012-03-07 22:27:23 87040 -c--a-w- c:windowssystem32dllcachewiafbdrv.dll

2012-03-07 22:27:13 701386 -c--a-w- c:windowssystem32dllcachewdhaalba.sys

2012-03-07 22:27:11 35871 -c--a-w- c:windowssystem32dllcachewbfirdma.sys

2012-03-07 22:27:11 31744 -c--a-w- c:windowssystem32dllcachewceusbsh.sys

2012-03-07 22:25:58 32384 -c--a-w- c:windowssystem32dllcacheusb101et.sys

2012-03-07 22:24:58 123995 -c--a-w- c:windowssystem32dllcachetjisdn.sys

2012-03-07 22:24:52 138528 -c--a-w- c:windowssystem32dllcachetgiulnt5.sys

2012-03-07 22:24:51 81408 -c--a-w- c:windowssystem32dllcachetgiul50.dll

2012-03-07 22:24:48 149376 -c--a-w- c:windowssystem32dllcachetffsport.sys

2012-03-07 22:24:39 17129 -c--a-w- c:windowssystem32dllcachetdkcd31.sys

2012-03-07 22:24:37 37961 -c--a-w- c:windowssystem32dllcachetdk100b.sys

2012-03-07 22:24:19 30464 -c--a-w- c:windowssystem32dllcachetbatm155.sys

2012-03-07 22:24:13 7040 -c--a-w- c:windowssystem32dllcachetandqic.sys

2012-03-07 22:24:12 36640 -c--a-w- c:windowssystem32dllcachet2r4mini.sys

2012-03-07 22:24:11 172768 -c--a-w- c:windowssystem32dllcachet2r4disp.dll

2012-03-07 22:23:59 32640 -c--a-w- c:windowssystem32dllcachesymc8xx.sys

2012-03-07 22:23:57 16256 -c--a-w- c:windowssystem32dllcachesymc810.sys

2012-03-07 22:23:55 30688 -c--a-w- c:windowssystem32dllcachesym_u3.sys

2012-03-07 22:23:54 28384 -c--a-w- c:windowssystem32dllcachesym_hi.sys

2012-03-07 22:23:53 94293 -c--a-w- c:windowssystem32dllcachesxports.dll

2012-03-07 22:23:52 103936 -c--a-w- c:windowssystem32dllcachesx.sys

2012-03-07 22:23:51 3968 -c--a-w- c:windowssystem32dllcacheswusbflt.sys

2012-03-07 22:23:50 10240 -c--a-w- c:windowssystem32dllcacheswpidflt.dll

2012-03-07 22:23:49 10240 -c--a-w- c:windowssystem32dllcacheswpdflt2.dll

2012-03-07 22:23:47 53760 -c--a-w- c:windowssystem32dllcachesw_wheel.dll

2012-03-07 22:23:46 41472 -c--a-w- c:windowssystem32dllcachesw_effct.dll

2012-03-07 22:22:58 155648 -c--a-w- c:windowssystem32dllcachestlnprop.dll

2012-03-07 22:22:57 53248 -c--a-w- c:windowssystem32dllcachestlncoin.dll

2012-03-07 22:22:56 285760 -c--a-w- c:windowssystem32dllcachestlnata.sys

2012-03-07 22:22:04 16896 -c--a-w- c:windowssystem32dllcachestcusb.sys

2012-03-07 22:20:59 25034 -c--a-w- c:windowssystem32dllcachesmcpwr2n.sys

2012-03-07 22:19:43 161568 -c--a-w- c:windowssystem32dllcachesgsmusb.sys

2012-03-07 22:18:59 75392 -c--a-w- c:windowssystem32dllcaches3savmxm.sys

2012-03-07 22:17:59 37563 -c--a-w- c:windowssystem32dllcacherlnet5.sys

2012-03-07 22:17:56 86097 -c--a-w- c:windowssystem32dllcachereslog32.dll

2012-03-07 22:17:30 19584 -c--a-w- c:windowssystem32dllcacherasirda.sys

2012-03-07 22:17:22 714762 -c--a-w- c:windowssystem32dllcacher2mdmkxx.sys

2012-03-07 22:17:20 899146 -c--a-w- c:windowssystem32dllcacher2mdkxga.sys

2012-03-07 22:17:17 41472 -c--a-w- c:windowssystem32dllcacheqvusd.dll

2012-03-07 22:17:16 3328 -c--a-w- c:windowssystem32dllcacheqv2kux.sys

2012-03-07 22:17:05 49024 -c--a-w- c:windowssystem32dllcacheql1280.sys

2012-03-07 22:17:04 40448 -c--a-w- c:windowssystem32dllcacheql1240.sys

2012-03-07 22:17:03 45312 -c--a-w- c:windowssystem32dllcacheql12160.sys

2012-03-07 22:17:02 33152 -c--a-w- c:windowssystem32dllcacheql10wnt.sys

2012-03-07 22:17:01 40320 -c--a-w- c:windowssystem32dllcacheql1080.sys

2012-03-07 22:15:59 35328 -c--a-w- c:windowssystem32dllcachepcntpci5.sys

2012-03-07 22:14:41 51552 -c--a-w- c:windowssystem32dllcachentgrip.sys

2012-03-07 22:14:37 9344 -c--a-w- c:windowssystem32dllcachentapm.sys

2012-03-07 22:14:36 7552 -c--a-w- c:windowssystem32dllcachensmmc.sys

2012-03-07 22:14:32 28672 -c--a-w- c:windowssystem32dllcachenscirda.sys

2012-03-07 22:14:24 87040 -c--a-w- c:windowssystem32dllcachenm6wdm.sys

2012-03-07 22:14:23 126080 -c--a-w- c:windowssystem32dllcachenm5a2wdm.sys

2012-03-07 22:14:12 32840 -c--a-w- c:windowssystem32dllcachengrpci.sys

2012-03-07 22:14:10 132695 -c--a-w- c:windowssystem32dllcachenetwlan5.sys

2012-03-07 22:12:55 49024 -c--a-w- c:windowssystem32dllcachemstape.sys

2012-03-07 22:12:49 12416 -c--a-w- c:windowssystem32dllcachemsriffwv.sys

2012-03-07 22:12:33 2944 -c--a-w- c:windowssystem32dllcachemsmpu401.sys

2012-03-07 22:12:29 22016 -c--a-w- c:windowssystem32dllcachemsircomm.sys

2012-03-07 22:12:27 98304 -c--a-w- c:windowssystem32dllcachemsir3jp.dll

2012-03-07 22:12:02 35200 -c--a-w- c:windowssystem32dllcachemsgame.sys

2012-03-07 22:11:59 6016 -c--a-w- c:windowssystem32dllcachemsfsio.sys

2012-03-07 22:11:41 17280 -c--a-w- c:windowssystem32dllcachemraid35x.sys

2012-03-07 22:10:22 12160 -c--a-w- c:windowssystem32dllcachemouhid.sys

2012-03-07 22:10:04 16128 -c--a-w- c:windowssystem32dllcachemodemcsa.sys

2012-03-07 22:08:57 4992 -c--a-w- c:windowssystem32dllcacheloop.sys

2012-03-07 22:07:50 14848 -c--a-w- c:windowssystem32dllcachekbdhid.sys

2012-03-07 22:07:30 6144 -c--a-w- c:windowssystem32dllcachekbd106.dll

2012-03-07 22:07:29 6144 -c--a-w- c:windowssystem32dllcachekbd101c.dll

2012-03-07 22:07:29 5632 -c--a-w- c:windowssystem32dllcachekbd103.dll

2012-03-07 22:07:28 6144 -c--a-w- c:windowssystem32dllcachekbd101b.dll

2012-03-07 22:07:09 26624 -c--a-w- c:windowssystem32dllcacheirstusb.sys

2012-03-07 22:07:08 18688 -c--a-w- c:windowssystem32dllcacheirsir.sys

2012-03-07 22:07:06 27136 -c--a-w- c:windowssystem32dllcacheirmon.dll

2012-03-07 22:07:05 23552 -c--a-w- c:windowssystem32dllcacheirmk7.sys

2012-03-07 22:07:04 152576 -c--a-w- c:windowssystem32dllcacheirftp.exe

2012-03-07 22:07:01 87424 -c--a-w- c:windowssystem32dllcacheirda.sys

2012-03-07 22:05:57 372824 -c--a-w- c:windowssystem32dllcacheiconf32.dll

2012-03-07 22:04:54 488383 -c--a-w- c:windowssystem32dllcachehsf_v124.sys

2012-03-07 22:03:57 28288 -c--a-w- c:windowssystem32dllcachegrserial.sys

2012-03-07 22:02:54 27165 -c--a-w- c:windowssystem32dllcachefetnd5.sys

2012-03-07 22:01:59 144896 -c--a-w- c:windowssystem32dllcacheepcfw2k.sys

2012-03-07 22:00:59 28062 -c--a-w- c:windowssystem32dllcachedp83820.sys

2012-03-07 21:59:19 419357 -c--a-w- c:windowssystem32dllcachedgconfig.dll

2012-03-07 21:59:17 29531 -c--a-w- c:windowssystem32dllcachedgapci.sys

2012-03-07 21:57:52 117760 -c--a-w- c:windowssystem32dllcached100ib5.sys

2012-03-07 21:56:54 6656 -c--a-w- c:windowssystem32dllcachecmdide.sys

2012-03-07 21:55:59 7680 -c--a-w- c:windowssystem32dllcachecd20xrnt.sys

2012-03-07 21:55:56 714698 -c--a-w- c:windowssystem32dllcachecbmdmkxx.sys

2012-03-07 21:55:55 46108 -c--a-w- c:windowssystem32dllcachecben5.sys

2012-03-07 21:55:54 39680 -c--a-w- c:windowssystem32dllcachecb325.sys

2012-03-07 21:55:52 37916 -c--a-w- c:windowssystem32dllcachecb102.sys

2012-03-07 21:55:48 32256 -c--a-w- c:windowssystem32dllcachediapi2NT.dll

2012-03-07 21:55:47 164923 -c--a-w- c:windowssystem32dllcachediapi2.sys

2012-03-07 21:55:44 119296 -c--a-w- c:windowssystem32dllcachecamext30.dll

2012-03-07 21:55:42 236032 -c--a-w- c:windowssystem32dllcachecamext20.dll

2012-03-07 21:55:40 74240 -c--a-w- c:windowssystem32dllcachecamexo20.dll

2012-03-07 21:55:38 171264 -c--a-w- c:windowssystem32dllcachecamdrv30.sys

2012-03-07 21:55:37 223232 -c--a-w- c:windowssystem32dllcachecamdrv21.sys

2012-03-07 21:55:35 314752 -c--a-w- c:windowssystem32dllcachecamdro21.sys

2012-03-07 21:53:59 14080 -c--a-w- c:windowssystem32dllcachebattc.sys

2012-03-07 21:52:59 281600 -c--a-w- c:windowssystem32dllcacheatimtai.sys

2012-03-07 21:51:51 101888 -c--a-w- c:windowssystem32dllcacheadpu160m.sys

2012-03-07 21:50:03 66048 -c--a-w- c:windowssystem32dllcaches3legacy.dll

2012-03-05 06:13:22 -------- d-----w- c:windowssystem32wbemrepositoryFS

2012-03-05 06:13:22 -------- d-----w- c:windowssystem32wbemRepository

2012-03-04 21:13:28 -------- d-----w- C:$AVG

2012-03-04 20:45:42 101720 ----a-w- c:windowssystem32driversSBREDrv.sys

2012-03-04 20:37:51 -------- d-----w- c:program filesLavasoft

2012-03-04 04:54:55 151078792 ----a-w- c:program filesmozilla firefoxavg internet security 2012 12.0 build 1891 final incl keysavg_isct_x86_all_2012_1901a4695.exe

2012-03-04 04:35:43 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataMozilla

2012-03-04 02:23:07 -------- d-----w- c:documents and settingsadministratorapplication dataAVG2012

2012-03-04 02:18:19 -------- d-----w- c:documents and settingsall usersapplication dataAVG2012

2012-03-04 02:16:14 -------- d-----w- c:program filesAVG

2012-03-03 16:38:49 -------- d-----w- c:documents and settingsadministratorapplication dataMalwarebytes

2012-03-03 16:38:37 -------- d-----w- c:documents and settingsall usersapplication dataMalwarebytes

2012-03-03 16:38:34 20464 ----a-w- c:windowssystem32driversmbam.sys

2012-03-03 16:38:34 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2012-03-03 00:26:56 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataAdobe

2012-03-03 00:18:44 435032 ----a-w- c:windowssystem32driversaswSnx.sys

2012-03-03 00:17:47 41184 ----a-w- c:windowsavastSS.scr

2012-03-02 18:46:44 -------- d--h--w- c:documents and settingsall usersapplication dataSpybot - Search & Destroy

2012-03-02 18:32:31 -------- d-----w- c:windowsSxsCaPendDel

2012-03-02 17:40:26 -------- d--h--w- c:documents and settingsall usersapplication dataCommon Files

2012-03-02 17:39:55 -------- d--h--w- c:documents and settingsall usersapplication dataMFAData

2012-03-02 16:14:48 -------- d-s---w- c:documents and settingsadministratorUserData

2012-03-02 05:43:56 -------- d-----w- c:program files6E48F

2012-03-02 05:42:30 -------- d-----w- c:program filesLP

2012-02-15 07:18:20 -------- d-----w- c:windowsSmartPack

2012-02-15 07:18:20 -------- d-----w- c:program filesSmartPack

2012-02-13 02:13:58 -------- d--h--w- c:documents and settingsall usersapplication datavsosdk

2012-02-12 22:29:32 47360 ----a-w- c:windowssystem32driverspcouffin.sys

2012-02-12 22:27:42 102439 ----a-w- c:windowssystem32sipr3260.dll

2012-02-12 22:27:41 65602 ----a-w- c:windowssystem32cook3260.dll

2012-02-12 22:27:41 217127 ----a-w- c:windowssystem32drv43260.dll

2012-02-12 22:27:41 208935 ----a-w- c:windowssystem32drv33260.dll

2012-02-12 22:27:41 176165 ----a-w- c:windowssystem32drv23260.dll

2012-02-12 22:27:39 626688 ----a-w- c:windowssystem32vp7vfw.dll

2012-02-12 22:27:38 1184984 ----a-w- c:windowssystem32wvc1dmod.dll

2012-02-12 22:27:29 -------- d-----w- c:program filesVSO

.

==================== Find3M ====================

.

2012-03-08 04:05:03 4694 ----a-w- c:windowscompaq.reg

2012-01-28 21:58:34 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-01-28 08:26:58 499712 ----a-w- c:windowssystem32msvcp71.dll

2012-01-28 08:26:58 348160 ----a-w- c:windowssystem32msvcr71.dll

2012-01-25 18:00:00 79360 ----a-w- c:windowssystem32ff_vfw.dll

2012-01-05 00:25:40 335 ----a-w- c:windowsINET.reg

2011-12-21 18:14:02 151552 ----a-w- c:windowssystem32ac3acm.acm

.

============= FINISH: 18:10:40.43 ===============

Share this post


Link to post
Share on other sites
me82   

attach log

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: DeviceHarddiskVolume1

Install Date: 1/2/2012 6:31:09 PM

System Uptime: 3/9/2012 6:02:28 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P4G533LA

Processor: Intel® Celeron® CPU 1.80GHz | PGA 478 | 1793/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 20.883 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP9: 1/27/2012 3:48:16 PM - avast! Free Antivirus Setup

RP10: 1/27/2012 9:33:41 PM - Removed Norton AntiVirus 2002

RP11: 1/27/2012 9:52:00 PM - Installed Kaspersky Anti-Virus 2012.

RP12: 1/27/2012 11:43:53 PM - First Restore Point

RP13: 1/28/2012 2:00:17 PM - Software Distribution Service 3.0

RP14: 1/28/2012 5:05:39 PM - Software Distribution Service 3.0

RP15: 1/29/2012 2:22:10 PM - Software Distribution Service 3.0

RP16: 1/29/2012 3:25:13 PM - Software Distribution Service 3.0

RP17: 1/30/2012 2:39:09 PM - Software Distribution Service 3.0

RP18: 1/31/2012 3:46:39 PM - Software Distribution Service 3.0

RP19: 2/2/2012 9:42:07 PM - System Checkpoint

RP20: 2/5/2012 3:46:36 PM - System Checkpoint

RP21: 2/6/2012 6:54:31 PM - System Checkpoint

RP22: 2/7/2012 2:36:24 PM - Installed Adobe Reader 8

RP23: 2/8/2012 4:07:58 PM - System Checkpoint

RP24: 2/9/2012 6:41:07 PM - System Checkpoint

RP25: 2/10/2012 7:19:24 PM - System Checkpoint

RP26: 2/11/2012 8:21:50 PM - System Checkpoint

RP27: 2/12/2012 10:20:11 PM - System Checkpoint

RP28: 2/13/2012 10:37:13 PM - System Checkpoint

RP29: 2/14/2012 11:03:59 PM - System Checkpoint

RP30: 2/15/2012 4:24:39 PM - Software Distribution Service 3.0

RP31: 2/17/2012 6:29:35 PM - System Checkpoint

RP32: 2/18/2012 6:55:06 PM - System Checkpoint

RP33: 2/19/2012 7:23:20 PM - System Checkpoint

RP34: 2/21/2012 10:44:26 PM - System Checkpoint

RP35: 2/24/2012 2:55:29 PM - System Checkpoint

RP36: 2/26/2012 1:41:22 PM - System Checkpoint

RP37: 3/2/2012 1:21:01 PM - Removed Kaspersky Anti-Virus 2012.

RP38: 3/3/2012 4:19:24 PM - Restore Operation

RP39: 3/3/2012 4:49:07 PM - Restore Operation

RP40: 3/3/2012 4:57:49 PM - Restore Operation

RP41: 3/3/2012 4:58:50 PM - Feb.10

RP42: 3/3/2012 5:09:19 PM - Restore Operation

RP43: 3/4/2012 5:24:17 PM - System Checkpoint

RP44: 3/4/2012 9:17:06 PM - Restore Operation

RP45: 3/4/2012 9:27:36 PM - Restore Operation

RP46: 3/5/2012 1:06:10 AM - Removed Ad-Aware

RP47: 3/5/2012 1:11:41 AM - march uninstall ad aware ,alware scan

RP48: 3/5/2012 1:12:24 AM - Restore Operation

.

==== Installed Programs ======================

.

Adobe Acrobat 5.0

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader 8

America Online

AOL Coach Version 1.0(Build:20011028.1)

Atomic Pop

avast! Free Antivirus

Blackhawk Striker

Blasterball 2

Blasterball Wild

Coloreal

Compaq Advisor

CompuServe 2000

ConvertXtoDVD 4.1.19.365

Coupon Printer for Windows

D-Link DFE-530TX+

D-Link PCI Fast Ethernet Adapter

Dark Orbit

Disney's Lilo and Stitch Pinball

DLA

Driver Genius Professional Edition

Easy Access Button Support

GemMaster 2

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB981793)

HP Deskjet 1050 J410 series Basic Device Software

HP Deskjet 1050 J410 series Help

HP Deskjet 1050 J410 series Product Improvement Study

HP Photo Creations

HP Update

Inactive HP Printer Drivers (Remove only)

Intel® 845G Chipset Graphics Driver Software

Java 2 Runtime Environment Standard Edition v1.3.1

K-Lite Codec Pack 8.2.0 (Full)

Kublox

Malwarebytes Anti-Malware version 1.60.1.1000

Men In Black II Crossfire Trial Version

Microsoft Money 2002

Microsoft Money 2002 System Pack

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works 6.0

Microsoft Works and Money 2002 Setup Launcher

Mozilla Firefox 5.0 (x86 en-US)

Netscape 6 (6.2.1)

Operation Mania (remove only)

PowerDVD

Python 2.2 combined Win32 extensions

Python 2.2.1

Quicken 2002 New User Edition

Quicken Financial Center

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RecordNow

RecordNow Update Manager

S3Display

S3Gamma2

S3Info2

S3Overlay

SabreWing 2

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981350)

Security Update for Windows XP (KB982381)

SmartPack 1.21.0

Snowboard Extreme

Space Rocks

StartNow Toolbar

Super DVD Creator 9.5

Update for Windows XP (KB898461)

Update for Windows XP (KB914882)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player (Remove Only)

Virtual Warfare

WebFldrs XP

WildTangent Channel Manager

WildTangent Updater

WildTangent Web Driver

Windows Installer 3.1 (KB893803)

Windows XP Service Pack 2

WinRAR 4.10 (32-bit)

Works Suite OS Pack

Yahoo! Companion Toolbar

Yahoo! Essentials

Yahoo! Internet Mail

Yahoo! Login

Yahoo! Messenger

Yahoo! Messenger Explorer Bar

.

==== Event Viewer Messages From Past Week ========

.

3/7/2012 4:06:32 PM, error: System Error [1003] - Error code 00000077, parameter1 c000000e, parameter2 c000000e, parameter3 00000000, parameter4 0692d000.

3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The Windows Time service hung on starting.

3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The Terminal Services service hung on starting.

3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The Server service hung on starting.

3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The Distributed Link Tracking Client service hung on starting.

3/7/2012 12:57:39 PM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.

3/7/2012 12:57:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TapiSrv service.

3/7/2012 12:57:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

3/7/2012 12:57:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

3/7/2012 12:57:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.

3/7/2012 12:57:39 PM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: After starting, the service hung in a start-pending state.

3/7/2012 12:57:39 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The System Event Notification service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/7/2012 12:57:39 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/7/2012 11:24:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/5/2012 12:53:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the vToolbarUpdater service to connect.

3/5/2012 12:53:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.

3/5/2012 12:53:12 AM, error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/5/2012 12:53:12 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/5/2012 1:07:12 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

3/5/2012 1:01:50 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/3/2012 9:25:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Fips Processor

3/3/2012 6:02:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde viaagp1 ViaIde

3/3/2012 6:02:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.

3/3/2012 6:02:58 PM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/3/2012 4:21:39 PM, error: System Error [1003] - Error code 1000000a, parameter1 ec6db008, parameter2 00000005, parameter3 00000001, parameter4 806f48ee.

3/3/2012 12:31:57 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

3/3/2012 11:27:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips Processor

3/2/2012 8:11:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WAN Miniport (ATW) Service service to connect.

3/2/2012 7:50:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.

3/2/2012 7:50:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.

3/2/2012 7:50:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Virtual NIC Service service to connect.

3/2/2012 7:50:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Updater Service for StartNow Toolbar service to connect.

3/2/2012 7:50:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.

3/2/2012 7:50:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Compaq Advisor service to connect.

3/2/2012 7:50:44 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/2/2012 7:50:44 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/2/2012 7:50:44 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/2/2012 7:50:44 PM, error: Service Control Manager [7000] - The Virtual NIC Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/2/2012 7:50:44 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/2/2012 7:50:44 PM, error: Service Control Manager [7000] - The Compaq Advisor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/2/2012 7:37:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/2/2012 7:20:06 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

3/2/2012 7:18:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/2/2012 7:15:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor

3/2/2012 7:15:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

3/2/2012 6:45:43 PM, error: System Error [1003] - Error code 0000007a, parameter1 c03e24c4, parameter2 c000009d, parameter3 f8931fb2, parameter4 0bb32860.

3/2/2012 6:41:12 PM, error: System Error [1003] - Error code 00000077, parameter1 c000000e, parameter2 c000000e, parameter3 00000000, parameter4 084b5000.

3/2/2012 4:10:26 PM, error: atapi [9] - The device, DeviceIdeIdePort0, did not respond within the timeout period.

3/2/2012 12:50:45 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

3/2/2012 11:11:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips KLIF Processor

3/2/2012 11:07:16 AM, error: Service Control Manager [7034] - The Compaq Advisor service terminated unexpectedly. It has done this 1 time(s).

3/2/2012 11:06:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus Service service to connect.

3/2/2012 11:06:59 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

3/2/2012 11:06:59 AM, error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
me82   

ckfiles

 

 

CKScanner - Additional Security Risks - These are not necessarily bad

c:program filesmozilla firefoxmore crack software free download.html.url

scanner sequence 3.AP.11.JUNAKE

----- EOF -----

Share this post


Link to post
Share on other sites
JonTom   

Hello me82

 

The aswMBR log does not appear to be complete.

 

Please post the whole aswMBR log along with the MGADiag log in your next reply.

Share this post


Link to post
Share on other sites
me82   

MGADiag

 

 

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Validation Control not Installed

Validation Code: 0

Cached Validation Code: N/A

Windows Product Key: *****-*****-2CXKV-GMP22-HF2BQ

Windows Product Key Hash: 25dG7mX6zCS/Ri0MYOSCvb3ct0w=

Windows Product ID: 55277-OEM-2111907-00101

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 5.1.2600.2.00010300.2.0.hom

ID: {4B73A2D2-79C7-401E-BB66-64FCFABBEB10}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Resolution Status: N/A

 

Vista WgaER Data-->

ThreatID(s): N/A

Version: N/A

 

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)

Default Browser: C:Program FilesMozilla Firefoxfirefox.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{4B73A2D2-79C7-401E-BB66-64FCFABBEB10}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HF2BQ</PKey><PID>55277-OEM-2111907-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-1482789601-782189750-1497286466</SID><SYSTEM><Manufacturer>Compaq Presario 05</Manufacturer><Model>DA208A-ABA 6301RSH NA850</Model></SYSTEM><BIOS><Manufacturer>Award Software, Inc.</Manufacturer><Version>3.03</Version><SMBIOSVersion major="2" minor="3"/><Date>20021008000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>8E15374F0184206E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Compaq Computer Corporation</name><model>Compaq Presario</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

 

Licensing Data-->

N/A

 

Windows Activation Technologies-->

N/A

 

HWID Data-->

N/A

 

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 14A20:ASUSTeK Computer Inc|12F83:Compaq Computer Corporation|1301D:Compaq Computer Corporation|1301D:Compaq Computer Corporation|13063:GENUINE C&C INC|1301D:Hewlett-Packard Company|1DFC0:Hewlett-Packard Company

Marker string from OEMBIOS.DAT: HP PAVILION

 

OEM Activation 2.0 Data-->

N/A

Share this post


Link to post
Share on other sites
me82   

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-03-09 18:47:53

-----------------------------

18:47:53.234 OS Version: Windows 5.1.2600 Service Pack 2

18:47:53.234 Number of processors: 1 586 0x103

18:47:53.234 ComputerName: YOUR-PA86Z1I3G7 UserName: Administrator

18:47:54.218 Initialize success

18:47:57.515 AVAST engine defs: 12030700

18:48:14.328 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-3

18:48:14.328 Disk 0 Vendor: WDC_WD400EB-11CPF0 06.04G06 Size: 38166MB BusType: 3

18:48:14.359 Disk 0 MBR read successfully

18:48:14.375 Disk 0 MBR scan

18:48:16.093 Disk 0 unknown MBR code

18:48:16.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63

18:48:17.625 Disk 0 scanning sectors +78140160

18:48:18.625 Disk 0 scanning C:WINDOWSsystem32drivers

18:49:07.718 Service scanning

18:49:16.421 Service ACPI C:WINDOWSSystem32DRIVERSACPI.sys **LOCKED** 32

18:49:54.625 Modules scanning

18:50:13.125 Disk 0 trace - called modules:

18:50:13.171 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8314d531]<<

18:50:13.703 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x83377ab8]

18:50:13.734 3 CLASSPNP.SYS[f896505b] -> nt!IofCallDriver -> Device0000005c[0x833db338]

18:50:13.750 5 ACPI.sys[f88db620] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-3[0x83391940]

18:50:14.578 AVAST engine scan C:WINDOWS

18:50:29.781 AVAST engine scan C:WINDOWSsystem32

18:55:05.062 AVAST engine scan C:WINDOWSsystem32drivers

18:55:35.890 AVAST engine scan C:Documents and SettingsAdministrator

18:59:18.859 AVAST engine scan C:Documents and SettingsAll Users

19:00:22.468 Scan finished successfully

19:02:07.515 Disk 0 MBR has been saved successfully to "C:Documents and SettingsAdministratorDesktopMBR.dat"

19:02:07.531 The log file has been saved successfully to "C:Documents and SettingsAdministratorDesktopaswMBR.txt"

 

 

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-03-09 18:47:53

-----------------------------

18:47:53.234 OS Version: Windows 5.1.2600 Service Pack 2

18:47:53.234 Number of processors: 1 586 0x103

18:47:53.234 ComputerName: YOUR-PA86Z1I3G7 UserName: Administrator

18:47:54.218 Initialize success

18:47:57.515 AVAST engine defs: 12030700

18:48:14.328 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-3

18:48:14.328 Disk 0 Vendor: WDC_WD400EB-11CPF0 06.04G06 Size: 38166MB BusType: 3

18:48:14.359 Disk 0 MBR read successfully

18:48:14.375 Disk 0 MBR scan

18:48:16.093 Disk 0 unknown MBR code

18:48:16.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63

18:48:17.625 Disk 0 scanning sectors +78140160

18:48:18.625 Disk 0 scanning C:WINDOWSsystem32drivers

18:49:07.718 Service scanning

18:49:16.421 Service ACPI C:WINDOWSSystem32DRIVERSACPI.sys **LOCKED** 32

18:49:54.625 Modules scanning

18:50:13.125 Disk 0 trace - called modules:

18:50:13.171 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8314d531]<<

18:50:13.703 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x83377ab8]

18:50:13.734 3 CLASSPNP.SYS[f896505b] -> nt!IofCallDriver -> Device0000005c[0x833db338]

18:50:13.750 5 ACPI.sys[f88db620] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-3[0x83391940]

18:50:14.578 AVAST engine scan C:WINDOWS

18:50:29.781 AVAST engine scan C:WINDOWSsystem32

18:55:05.062 AVAST engine scan C:WINDOWSsystem32drivers

18:55:35.890 AVAST engine scan C:Documents and SettingsAdministrator

18:59:18.859 AVAST engine scan C:Documents and SettingsAll Users

19:00:22.468 Scan finished successfully

19:02:07.515 Disk 0 MBR has been saved successfully to "C:Documents and SettingsAdministratorDesktopMBR.dat"

19:02:07.531 The log file has been saved successfully to "C:Documents and SettingsAdministratorDesktopaswMBR.txt"

19:41:27.734 Disk 0 MBR has been saved successfully to "C:Documents and SettingsAdministratorDesktopMBR.dat"

19:41:27.750 The log file has been saved successfully to "C:Documents and SettingsAdministratorDesktopaswMBR.txt"

Share this post


Link to post
Share on other sites
JonTom   

Hello me82

 

I see you have created a thread over at bleepingcomputer: http://www.bleepingc...opic445289.html

 

Please inform the good people there that you are being helped here so your issue does not take up the time of two helpers.

 

MGADiag

 

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Validation Control not Installed

Validation Code: 0

Cached Validation Code: N/A

It does not appear that your copy of Windows has been activated since you reinstalled it.

 

You must ensure that the copy of Windows you have has been activated before we continue:

 

Since you have an internet connection you can activate your copy of windows using the web:

  • Activation of Windows XP

  • Click Start, point to All Programs, Accessories, System Tools and then click Activate Windows. Alternatively you can click the Windows Activation icon in the notification area.
  • Click Yes, let's activate Windows over the Internet now.
  • Click Read the Windows Product Activation Privacy Statement, click Back, and then click Next.
  • Use one of the following methods:
  • If you want to register and activate Windows at the same time, click Yes, I want to register and activate Windows at the same time, click Read the Windows Registration Privacy Statement, click Back, click Next, type your contact information in the appropriate boxes in the registration form, and then click Next. An asterisk (*) appears next to required information.
  • If you only want to activate Windows, click No, I don't want to register now; let's just activate Windows, and then click Next.
  • The wizard establishes a connection with an activation server, and then processes the activation request.
  • When activation is completed and you receive the following message: You have successfully activated your copy of Windows, click OK.
  • More information and alternative methods of activations can be found here: http://support.microsoft.com/kb/307890

Once you have activated your windows please run MGADiag again and post the new log in your next reply.

Share this post


Link to post
Share on other sites
me82   

I can't activate it thru the first steps because in all programs everything is missing except for when i downloaded malwarebytes

there is no accessories or system tools. I right clicked my computer and went to properties

and i don't see activate windows where would it be?

Share this post


Link to post
Share on other sites
JonTom   

Hello me82

 

There appears to be a great deal of system corruption on this machine which is why you are unable to activate your copy of Windows.

 

We can address your malware issues, but this may not fix the corruption problems.

 

If you have any important data on this machine it would be wise to back it up now.

 

The quickest way to deal with both the malware infection and the system instability would be to perofrm a complete reformat and reinstallation of Windows.

 

If you are happy to do this let me know in your next reply.

 

Alternatively, we can clean the machine but as i mentioned, this may not take care of the system corruption.

 

 

Please let me know what you would like to do in your next reply.

Share this post


Link to post
Share on other sites
JonTom   

Hello me82

 

Let me activate windows by phone tommorrow, because tonight they were close.

 

and we will go from there

 

Sounds good :)

 

Let me know how it goes.

Share this post


Link to post
Share on other sites
me82   

can you help me to get on internet in normal mode and clean it. I removed whatever came up in the scans for avast avg and malwarebytes. Also there is a c:documents and settings/administrator winloginexe. at start up saying it cannot find.

everything scanned i moved to chest in case i needed to restore it.

Share this post


Link to post
Share on other sites
JonTom   

Hello me82

 

OEM versions are activated automatically, should not have to activate

Your Windows needs to be activated and presently it is not.

 

Lets make a start and see where we end up.

 

First of all, since you only have SP2 installed at this time please keep all internet use to an absolute minimum (you are an easy target for malware without SP3).

 

Download the following fom safe mode with networking and post the log created:

 

  • TDSS Killer

  • Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and double click on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Please post the TDSSKiller log in your next reply and also the MBAM and AVG logs.

Share this post


Link to post
Share on other sites
me82   

22:27:48.0796 0608 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

22:27:49.0250 0608 ============================================================

22:27:49.0250 0608 Current date / time: 2012/03/12 22:27:49.0250

22:27:49.0250 0608 SystemInfo:

22:27:49.0250 0608

22:27:49.0250 0608 OS Version: 5.1.2600 ServicePack: 2.0

22:27:49.0250 0608 Product type: Workstation

22:27:49.0250 0608 ComputerName: YOUR-PA86Z1I3G7

22:27:49.0250 0608 UserName: Administrator

22:27:49.0250 0608 Windows directory: C:WINDOWS

22:27:49.0250 0608 System windows directory: C:WINDOWS

22:27:49.0250 0608 Processor architecture: Intel x86

22:27:49.0250 0608 Number of processors: 1

22:27:49.0250 0608 Page size: 0x1000

22:27:49.0250 0608 Boot type: Safe boot with network

22:27:49.0250 0608 ============================================================

22:27:55.0843 0608 Drive DeviceHarddisk0DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

22:27:55.0843 0608 DeviceHarddisk0DR0:

22:27:55.0843 0608 MBR used

22:27:55.0859 0608 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1

22:27:56.0031 0608 Initialize success

22:27:56.0031 0608 ============================================================

22:28:53.0906 1944 ============================================================

22:28:53.0906 1944 Scan started

22:28:53.0906 1944 Mode: Manual;

22:28:53.0906 1944 ============================================================

22:29:08.0671 0648 ============================================================

22:29:08.0671 0648 Scan started

22:29:08.0671 0648 Mode: Manual;

22:29:08.0671 0648 ============================================================

22:29:09.0187 0648 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:WINDOWSsystem32driversAavmker4.sys

22:29:09.0203 0648 Aavmker4 - ok

22:29:09.0562 0648 Abiosdsk - ok

22:29:09.0828 0648 abp480n5 - ok

22:29:10.0328 0648 ACPI (3b67b435fddf777c595f0ec736b03c37) C:WINDOWSsystem32DRIVERSACPI.sys

22:29:10.0390 0648 Suspicious file (Forged): C:WINDOWSsystem32DRIVERSACPI.sys. Real md5: 3b67b435fddf777c595f0ec736b03c37, Fake md5: a10c7534f7223f4a73a948967d00e69b

22:29:10.0406 0648 ACPI ( Virus.Win32.Rloader.a ) - infected

22:29:10.0406 0648 ACPI - detected Virus.Win32.Rloader.a (0)

22:29:10.0781 0648 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:WINDOWSsystem32driversACPIEC.sys

22:29:10.0796 0648 ACPIEC - ok

22:29:11.0140 0648 adpu160m - ok

22:29:11.0593 0648 aec (841f385c6cfaf66b58fbd898722bb4f0) C:WINDOWSsystem32driversaec.sys

22:29:11.0640 0648 aec - ok

22:29:12.0140 0648 AFD (55e6e1c51b6d30e54335750955453702) C:WINDOWSSystem32driversafd.sys

22:29:12.0187 0648 AFD - ok

22:29:12.0531 0648 Aha154x - ok

22:29:12.0796 0648 aic78u2 - ok

22:29:13.0062 0648 aic78xx - ok

22:29:14.0203 0648 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:WINDOWSsystem32driversALCXWDM.SYS

22:29:15.0156 0648 ALCXWDM - ok

22:29:15.0609 0648 AliIde - ok

22:29:15.0921 0648 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:WINDOWSsystem32DRIVERSamdk7.sys

22:29:15.0937 0648 AmdK7 - ok

22:29:16.0312 0648 amsint - ok

22:29:16.0593 0648 asc - ok

22:29:16.0843 0648 asc3350p - ok

22:29:17.0109 0648 asc3550 - ok

22:29:17.0609 0648 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:WINDOWSsystem32driversaswFsBlk.sys

22:29:17.0625 0648 aswFsBlk - ok

22:29:18.0093 0648 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:WINDOWSsystem32driversaswMon2.sys

22:29:18.0125 0648 aswMon2 - ok

22:29:18.0562 0648 aswRdr (352d5a48ebab35a7693b048679304831) C:WINDOWSsystem32driversaswRdr.sys

22:29:18.0578 0648 aswRdr - ok

22:29:19.0203 0648 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:WINDOWSsystem32driversaswSnx.sys

22:29:19.0390 0648 aswSnx - ok

22:29:19.0937 0648 aswSP (010012597333da1f46c3243f33f8409e) C:WINDOWSsystem32driversaswSP.sys

22:29:20.0078 0648 aswSP - ok

22:29:20.0546 0648 aswTdi (f9f84364416658e9786235904d448d37) C:WINDOWSsystem32driversaswTdi.sys

22:29:20.0562 0648 aswTdi - ok

22:29:20.0968 0648 AsyncMac (02000abf34af4c218c35d257024807d6) C:WINDOWSsystem32DRIVERSasyncmac.sys

22:29:20.0984 0648 AsyncMac - ok

22:29:21.0390 0648 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:WINDOWSsystem32DRIVERSatapi.sys

22:29:21.0390 0648 atapi - ok

22:29:21.0765 0648 Atdisk - ok

22:29:22.0140 0648 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:WINDOWSsystem32DRIVERSatmarpc.sys

22:29:22.0156 0648 Atmarpc - ok

22:29:22.0578 0648 audstub (d9f724aa26c010a217c97606b160ed68) C:WINDOWSsystem32DRIVERSaudstub.sys

22:29:22.0578 0648 audstub - ok

22:29:23.0062 0648 AX88772 (26a378d112677fb8ae08e1dfcecda44d) C:WINDOWSsystem32DRIVERSax88772.sys

22:29:23.0078 0648 AX88772 - ok

22:29:23.0515 0648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:WINDOWSsystem32driversBeep.sys

22:29:23.0515 0648 Beep - ok

22:29:24.0015 0648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32driverscbidf2k.sys

22:29:24.0031 0648 cbidf2k - ok

22:29:24.0390 0648 cd20xrnt - ok

22:29:24.0750 0648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:WINDOWSsystem32driversCdaudio.sys

22:29:24.0750 0648 Cdaudio - ok

22:29:25.0156 0648 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:WINDOWSsystem32driversCdfs.sys

22:29:25.0187 0648 Cdfs - ok

22:29:25.0609 0648 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:WINDOWSsystem32DRIVERScdrom.sys

22:29:25.0640 0648 Cdrom - ok

22:29:25.0968 0648 Changer - ok

22:29:26.0281 0648 CmdIde - ok

22:29:26.0703 0648 Cpqarray - ok

22:29:27.0046 0648 dac2w2k - ok

22:29:27.0359 0648 dac960nt - ok

22:29:27.0796 0648 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:WINDOWSsystem32DRIVERSdisk.sys

22:29:27.0812 0648 Disk - ok

22:29:28.0625 0648 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:WINDOWSsystem32driversdmboot.sys

22:29:29.0000 0648 dmboot - ok

22:29:29.0468 0648 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:WINDOWSsystem32driversdmio.sys

22:29:29.0531 0648 dmio - ok

22:29:29.0937 0648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:WINDOWSsystem32driversdmload.sys

22:29:29.0937 0648 dmload - ok

22:29:30.0375 0648 DMusic (a6f881284ac1150e37d9ae47ff601267) C:WINDOWSsystem32driversDMusic.sys

22:29:30.0406 0648 DMusic - ok

22:29:30.0859 0648 dpti2o - ok

22:29:31.0234 0648 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:WINDOWSsystem32driversdrmkaud.sys

22:29:31.0234 0648 drmkaud - ok

22:29:31.0656 0648 drvmcdb (a605a3d1a946d7b9b8e011a056445136) C:WINDOWSsystem32driversdrvmcdb.sys

22:29:31.0687 0648 drvmcdb - ok

22:29:32.0093 0648 drvnddm (394d65a0da6bd18eaca54ae4fef28054) C:WINDOWSsystem32driversdrvnddm.sys

22:29:32.0140 0648 drvnddm - ok

22:29:32.0578 0648 eaps2kbd (53ce0799c9384cac99942ff032285f21) C:WINDOWSsystem32DRIVERSeaps2kbd.sys

22:29:32.0578 0648 eaps2kbd - ok

22:29:33.0000 0648 EAWDMFD (e54e3a335b3a03ad0252e50bb92a633c) C:WINDOWSsystem32DRIVERSeawdmfd.sys

22:29:33.0015 0648 EAWDMFD - ok

22:29:33.0546 0648 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:WINDOWSsystem32driversFastfat.sys

22:29:33.0593 0648 Fastfat - ok

22:29:34.0078 0648 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:WINDOWSsystem32DRIVERSfdc.sys

22:29:34.0093 0648 Fdc - ok

22:29:34.0562 0648 FETNDISB (95bc4d8493fe30312f5e1ab57ef36083) C:WINDOWSsystem32DRIVERSdlkfet5b.sys

22:29:34.0578 0648 FETNDISB - ok

22:29:35.0031 0648 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:WINDOWSsystem32driversFips.sys

22:29:35.0046 0648 Fips - ok

22:29:35.0453 0648 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:WINDOWSsystem32DRIVERSflpydisk.sys

22:29:35.0453 0648 Flpydisk - ok

22:29:35.0937 0648 FltMgr (54fd90f0038f07920cb9fb6591bde82f) C:WINDOWSsystem32driversfltmgr.sys

22:29:35.0984 0648 FltMgr - ok

22:29:36.0390 0648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:WINDOWSsystem32driversFs_Rec.sys

22:29:36.0390 0648 Fs_Rec - ok

22:29:36.0828 0648 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:WINDOWSsystem32DRIVERSftdisk.sys

22:29:36.0875 0648 Ftdisk - ok

22:29:37.0328 0648 Gpc (c0f1d4a21de5a415df8170616703debf) C:WINDOWSsystem32DRIVERSmsgpc.sys

22:29:37.0343 0648 Gpc - ok

22:29:37.0796 0648 hpn - ok

22:29:38.0046 0648 hpt3xx - ok

22:29:38.0421 0648 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:WINDOWSsystem32DriversHTTP.sys

22:29:38.0515 0648 HTTP - ok

22:29:38.0875 0648 i2omgmt - ok

22:29:39.0125 0648 i2omp - ok

22:29:39.0484 0648 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:WINDOWSsystem32DRIVERSi8042prt.sys

22:29:39.0500 0648 i8042prt - ok

22:29:39.0937 0648 i81x (007dbb8f9c35df8f8a20b8e7c1204b8b) C:WINDOWSsystem32DRIVERSi81xnt5.sys

22:29:40.0000 0648 i81x - ok

22:29:40.0406 0648 iAimFP0 (19f03895ce0b9e7fb514e67bb17edcb5) C:WINDOWSsystem32DRIVERSwADV01nt.sys

22:29:40.0421 0648 iAimFP0 - ok

22:29:40.0796 0648 iAimFP1 (479278c265b596c4fc1a2e0f51e70736) C:WINDOWSsystem32DRIVERSwADV02NT.sys

22:29:40.0796 0648 iAimFP1 - ok

22:29:41.0156 0648 iAimFP2 (66317ecbed58d15541cad4ed60888430) C:WINDOWSsystem32DRIVERSwADV05NT.sys

22:29:41.0156 0648 iAimFP2 - ok

22:29:41.0500 0648 iAimFP3 (5807920dcd9fe760ffd733a1297d164a) C:WINDOWSsystem32DRIVERSwSiINTxx.sys

22:29:41.0515 0648 iAimFP3 - ok

22:29:41.0843 0648 iAimFP4 (afb6725ddf3f417495ab99198979ffb1) C:WINDOWSsystem32DRIVERSwVchNTxx.sys

22:29:41.0843 0648 iAimFP4 - ok

22:29:42.0203 0648 iAimTV0 (3de116fe9fc7f15b0a5e0e611b344236) C:WINDOWSsystem32DRIVERSwATV01nt.sys

22:29:42.0218 0648 iAimTV0 - ok

22:29:42.0578 0648 iAimTV1 (275b8ec3a1aa555e3f1586eaf1302ac5) C:WINDOWSsystem32DRIVERSwATV02NT.sys

22:29:42.0578 0648 iAimTV1 - ok

22:29:42.0906 0648 iAimTV2 - ok

22:29:43.0218 0648 iAimTV3 (31d5981e35d0f158cd1031e0ee74c6fe) C:WINDOWSsystem32DRIVERSwATV04nt.sys

22:29:43.0234 0648 iAimTV3 - ok

22:29:43.0578 0648 iAimTV4 (78b4456a11582a927e9b1eca87d1e4f6) C:WINDOWSsystem32DRIVERSwCh7xxNT.sys

22:29:43.0593 0648 iAimTV4 - ok

22:29:43.0953 0648 ialm (86ba1718dee415bcd63fbe35f425d874) C:WINDOWSsystem32DRIVERSialmnt5.sys

22:29:43.0984 0648 ialm - ok

22:29:44.0468 0648 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:WINDOWSsystem32DRIVERSimapi.sys

22:29:44.0484 0648 Imapi - ok

22:29:44.0875 0648 ini910u - ok

22:29:45.0156 0648 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:WINDOWSsystem32DRIVERSintelide.sys

22:29:45.0156 0648 IntelIde - ok

22:29:45.0578 0648 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:WINDOWSsystem32driversip6fw.sys

22:29:45.0593 0648 ip6fw - ok

22:29:45.0984 0648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:WINDOWSsystem32DRIVERSipfltdrv.sys

22:29:46.0000 0648 IpFilterDriver - ok

22:29:46.0421 0648 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:WINDOWSsystem32DRIVERSipinip.sys

22:29:46.0437 0648 IpInIp - ok

22:29:46.0890 0648 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:WINDOWSsystem32DRIVERSipnat.sys

22:29:46.0937 0648 IpNat - ok

22:29:47.0375 0648 IPSec (64537aa5c003a6afeee1df819062d0d1) C:WINDOWSsystem32DRIVERSipsec.sys

22:29:47.0406 0648 IPSec - ok

22:29:47.0843 0648 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:WINDOWSsystem32DRIVERSirenum.sys

22:29:47.0843 0648 IRENUM - ok

22:29:48.0250 0648 isapnp (e504f706ccb699c2596e9a3da1596e87) C:WINDOWSsystem32DRIVERSisapnp.sys

22:29:48.0265 0648 isapnp - ok

22:29:48.0687 0648 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:WINDOWSsystem32DRIVERSkbdclass.sys

22:29:48.0703 0648 Kbdclass - ok

22:29:49.0203 0648 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:WINDOWSsystem32driverskmixer.sys

22:29:49.0296 0648 kmixer - ok

22:29:49.0718 0648 KSecDD (674d3e5a593475915dc6643317192403) C:WINDOWSsystem32driversKSecDD.sys

22:29:49.0750 0648 KSecDD - ok

22:29:50.0156 0648 lbrtfdc - ok

22:29:50.0750 0648 ltmodem5 (1d1b1f856c5bec5e99367f50d00e5949) C:WINDOWSsystem32DRIVERSltmdmnt.sys

22:29:51.0000 0648 ltmodem5 - ok

22:29:51.0375 0648 mabd - ok

22:29:51.0734 0648 MBAMSwissArmy - ok

22:29:52.0078 0648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:WINDOWSsystem32driversmnmdd.sys

22:29:52.0078 0648 mnmdd - ok

22:29:52.0546 0648 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:WINDOWSsystem32driversModem.sys

22:29:52.0562 0648 Modem - ok

22:29:52.0968 0648 Mouclass (34e1f0031153e491910e12551400192c) C:WINDOWSsystem32DRIVERSmouclass.sys

22:29:52.0968 0648 Mouclass - ok

22:29:53.0375 0648 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:WINDOWSsystem32driversMountMgr.sys

22:29:53.0390 0648 MountMgr - ok

22:29:53.0781 0648 mraid35x - ok

22:29:54.0125 0648 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:WINDOWSsystem32DRIVERSmrxdav.sys

22:29:54.0187 0648 MRxDAV - ok

22:29:54.0765 0648 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:WINDOWSsystem32DRIVERSmrxsmb.sys

22:29:54.0937 0648 MRxSmb - ok

22:29:55.0375 0648 Msfs (561b3a4333ca2dbdba28b5b956822519) C:WINDOWSsystem32driversMsfs.sys

22:29:55.0390 0648 Msfs - ok

22:29:55.0843 0648 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:WINDOWSsystem32driversMSKSSRV.sys

22:29:55.0843 0648 MSKSSRV - ok

22:29:56.0234 0648 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:WINDOWSsystem32driversMSPCLOCK.sys

22:29:56.0234 0648 MSPCLOCK - ok

22:29:56.0640 0648 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:WINDOWSsystem32driversMSPQM.sys

22:29:56.0656 0648 MSPQM - ok

22:29:57.0046 0648 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:WINDOWSsystem32DRIVERSmssmbios.sys

22:29:57.0062 0648 mssmbios - ok

22:29:57.0515 0648 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:WINDOWSsystem32driversMup.sys

22:29:57.0546 0648 Mup - ok

22:29:58.0015 0648 NDIS (558635d3af1c7546d26067d5d9b6959e) C:WINDOWSsystem32driversNDIS.sys

22:29:58.0093 0648 NDIS - ok

22:29:58.0468 0648 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:WINDOWSsystem32DRIVERSndistapi.sys

22:29:58.0484 0648 NdisTapi - ok

22:29:58.0875 0648 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:WINDOWSsystem32DRIVERSndisuio.sys

22:29:58.0875 0648 Ndisuio - ok

22:29:59.0343 0648 NdisWan (0b90e255a9490166ab368cd55a529893) C:WINDOWSsystem32DRIVERSndiswan.sys

22:29:59.0375 0648 NdisWan - ok

22:29:59.0828 0648 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:WINDOWSsystem32driversNDProxy.sys

22:29:59.0843 0648 NDProxy - ok

22:30:00.0265 0648 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:WINDOWSsystem32DRIVERSnetbios.sys

22:30:00.0281 0648 NetBIOS - ok

22:30:00.0750 0648 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:WINDOWSsystem32DRIVERSnetbt.sys

22:30:00.0828 0648 NetBT - ok

22:30:01.0375 0648 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:WINDOWSsystem32driversNpfs.sys

22:30:01.0390 0648 Npfs - ok

22:30:02.0015 0648 Ntfs (b78be402c3f63dd55521f73876951cdd) C:WINDOWSsystem32driversNtfs.sys

22:30:02.0250 0648 Ntfs - ok

22:30:02.0734 0648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:WINDOWSsystem32driversNull.sys

22:30:02.0734 0648 Null - ok

22:30:03.0109 0648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:WINDOWSsystem32DRIVERSnwlnkflt.sys

22:30:03.0125 0648 NwlnkFlt - ok

22:30:03.0546 0648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:WINDOWSsystem32DRIVERSnwlnkfwd.sys

22:30:03.0562 0648 NwlnkFwd - ok

22:30:04.0031 0648 Parport (29744eb4ce659dfe3b4122deb45bc478) C:WINDOWSsystem32DRIVERSparport.sys

22:30:04.0062 0648 Parport - ok

22:30:04.0484 0648 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:WINDOWSsystem32driversPartMgr.sys

22:30:04.0500 0648 PartMgr - ok

22:30:04.0921 0648 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:WINDOWSsystem32driversParVdm.sys

22:30:04.0937 0648 ParVdm - ok

22:30:05.0359 0648 PCI (8086d9979234b603ad5bc2f5d890b234) C:WINDOWSsystem32DRIVERSpci.sys

22:30:05.0390 0648 PCI - ok

22:30:05.0781 0648 PCIDump - ok

22:30:06.0078 0648 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:WINDOWSsystem32DRIVERSpciide.sys

22:30:06.0093 0648 PCIIde - ok

22:30:06.0562 0648 Pcmcia (82a087207decec8456fbe8537947d579) C:WINDOWSsystem32driversPcmcia.sys

22:30:06.0593 0648 Pcmcia - ok

22:30:07.0015 0648 pcouffin (5b6c11de7e839c05248ced8825470fef) C:WINDOWSsystem32Driverspcouffin.sys

22:30:07.0046 0648 pcouffin - ok

22:30:07.0421 0648 PDCOMP - ok

22:30:07.0703 0648 PDFRAME - ok

22:30:07.0968 0648 PDRELI - ok

22:30:08.0218 0648 PDRFRAME - ok

22:30:08.0593 0648 perc2 - ok

22:30:08.0859 0648 perc2hib - ok

22:30:09.0375 0648 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:WINDOWSsystem32DRIVERSraspptp.sys

22:30:09.0406 0648 PptpMiniport - ok

22:30:09.0828 0648 Processor (0d97d88720a4087ec93af7dbb303b30a) C:WINDOWSsystem32DRIVERSprocessr.sys

22:30:09.0843 0648 Processor - ok

22:30:10.0281 0648 PSched (48671f327553dcf1d27f6197f622a668) C:WINDOWSsystem32DRIVERSpsched.sys

22:30:10.0312 0648 PSched - ok

22:30:10.0734 0648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:WINDOWSsystem32DRIVERSptilink.sys

22:30:10.0734 0648 Ptilink - ok

22:30:11.0140 0648 PxHelp20 (42d4c34300405d9f377e55f5ddadd720) C:WINDOWSsystem32DRIVERSPxHelp20.sys

22:30:11.0156 0648 PxHelp20 - ok

22:30:11.0484 0648 ql1080 - ok

22:30:11.0843 0648 Ql10wnt - ok

22:30:12.0156 0648 ql12160 - ok

22:30:12.0390 0648 ql1240 - ok

22:30:12.0656 0648 ql1280 - ok

22:30:12.0953 0648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:WINDOWSsystem32DRIVERSrasacd.sys

22:30:12.0953 0648 RasAcd - ok

22:30:13.0421 0648 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:WINDOWSsystem32DRIVERSrasl2tp.sys

22:30:13.0437 0648 Rasl2tp - ok

22:30:13.0890 0648 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:WINDOWSsystem32DRIVERSraspppoe.sys

22:30:13.0921 0648 RasPppoe - ok

22:30:14.0296 0648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:WINDOWSsystem32DRIVERSraspti.sys

22:30:14.0312 0648 Raspti - ok

22:30:14.0796 0648 Rdbss (29d66245adba878fff574cd66abd2884) C:WINDOWSsystem32DRIVERSrdbss.sys

22:30:14.0875 0648 Rdbss - ok

22:30:15.0281 0648 RDPCDD (4912d5b403614ce99c28420f75353332) C:WINDOWSsystem32DRIVERSRDPCDD.sys

22:30:15.0296 0648 RDPCDD - ok

22:30:15.0875 0648 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:WINDOWSsystem32driversRDPWD.sys

22:30:15.0921 0648 RDPWD - ok

22:30:16.0359 0648 redbook (b31b4588e4086d8d84adbf9845c2402b) C:WINDOWSsystem32DRIVERSredbook.sys

22:30:16.0375 0648 redbook - ok

22:30:16.0906 0648 rtl8139 (d507c1400284176573224903819ffda3) C:WINDOWSsystem32DRIVERSRTL8139.SYS

22:30:16.0906 0648 rtl8139 - ok

22:30:17.0343 0648 S3Psddr (6d9e6867f89a3b06cf317fc4c7ee5029) C:WINDOWSsystem32DRIVERSs3gnbm.sys

22:30:17.0406 0648 S3Psddr - ok

22:30:17.0859 0648 Secdrv (d26e26ea516450af9d072635c60387f4) C:WINDOWSsystem32DRIVERSsecdrv.sys

22:30:17.0875 0648 Secdrv - ok

22:30:18.0328 0648 Serenum (a2d868aeeff612e70e213c451a70cafb) C:WINDOWSsystem32DRIVERSserenum.sys

22:30:18.0328 0648 Serenum - ok

22:30:18.0765 0648 Serial (cd9404d115a00d249f70a371b46d5a26) C:WINDOWSsystem32DRIVERSserial.sys

22:30:18.0781 0648 Serial - ok

22:30:19.0218 0648 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:WINDOWSsystem32driversSfloppy.sys

22:30:19.0234 0648 Sfloppy - ok

22:30:19.0625 0648 Simbad - ok

22:30:19.0875 0648 Sparrow - ok

22:30:20.0171 0648 splitter (8e186b8f23295d1e42c573b82b80d548) C:WINDOWSsystem32driverssplitter.sys

22:30:20.0171 0648 splitter - ok

22:30:20.0687 0648 sr (e41b6d037d6cd08461470af04500dc24) C:WINDOWSsystem32DRIVERSsr.sys

22:30:20.0718 0648 sr - ok

22:30:21.0234 0648 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:WINDOWSsystem32DRIVERSsrv.sys

22:30:21.0359 0648 Srv - ok

22:30:21.0765 0648 sscdbhk5 (0885506bd787a1ae7041ea1d0e0f7922) C:WINDOWSsystem32driverssscdbhk5.sys

22:30:21.0765 0648 sscdbhk5 - ok

22:30:22.0171 0648 ssrtln (a9e4acee2d7c9736cd753d630e13a386) C:WINDOWSsystem32driversssrtln.sys

22:30:22.0171 0648 ssrtln - ok

22:30:22.0593 0648 swenum (03c1bae4766e2450219d20b993d6e046) C:WINDOWSsystem32DRIVERSswenum.sys

22:30:22.0593 0648 swenum - ok

22:30:23.0031 0648 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:WINDOWSsystem32driversswmidi.sys

22:30:23.0078 0648 swmidi - ok

22:30:23.0453 0648 symc810 - ok

22:30:23.0703 0648 symc8xx - ok

22:30:23.0953 0648 sym_hi - ok

22:30:24.0187 0648 sym_u3 - ok

22:30:24.0531 0648 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:WINDOWSsystem32driverssysaudio.sys

22:30:24.0562 0648 sysaudio - ok

22:30:25.0125 0648 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:WINDOWSsystem32DRIVERStcpip.sys

22:30:25.0250 0648 Tcpip - ok

22:30:25.0687 0648 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:WINDOWSsystem32driversTDPIPE.sys

22:30:25.0687 0648 TDPIPE - ok

22:30:26.0109 0648 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:WINDOWSsystem32driversTDTCP.sys

22:30:26.0109 0648 TDTCP - ok

22:30:26.0531 0648 TermDD (a540a99c281d933f3d69d55e48727f47) C:WINDOWSsystem32DRIVERStermdd.sys

22:30:26.0546 0648 TermDD - ok

22:30:26.0937 0648 tfsnboio (471b28101ee53b965b836033d8fe7955) C:WINDOWSsystem32dlatfsnboio.sys

22:30:26.0953 0648 tfsnboio - ok

22:30:27.0359 0648 tfsncofs (70766ef81e05ea358118468a722fa1f5) C:WINDOWSsystem32dlatfsncofs.sys

22:30:27.0375 0648 tfsncofs - ok

22:30:27.0765 0648 tfsndrct (66fd0aac1648bc38cd3cd130a4ea12e0) C:WINDOWSsystem32dlatfsndrct.sys

22:30:27.0765 0648 tfsndrct - ok

22:30:28.0140 0648 tfsndres (2b35fcaa75b1c475374d1474a1c2efe1) C:WINDOWSsystem32dlatfsndres.sys

22:30:28.0140 0648 tfsndres - ok

22:30:28.0562 0648 tfsnifs (7aaa22c17642d19c64b81caae888b43f) C:WINDOWSsystem32dlatfsnifs.sys

22:30:28.0578 0648 tfsnifs - ok

22:30:28.0953 0648 tfsnopio (a56ebc32e332f66488cbf9c5ef4e084a) C:WINDOWSsystem32dlatfsnopio.sys

22:30:28.0968 0648 tfsnopio - ok

22:30:29.0312 0648 tfsnpool (53809135b8eb9eb2b29525f125456741) C:WINDOWSsystem32dlatfsnpool.sys

22:30:29.0328 0648 tfsnpool - ok

22:30:29.0687 0648 tfsnudf (03e0ce19e5f6a8009ebdc3cc087a6c9c) C:WINDOWSsystem32dlatfsnudf.sys

22:30:29.0718 0648 tfsnudf - ok

22:30:30.0093 0648 tfsnudfa (3f8f05be8f1d68a598412927aeb57bd9) C:WINDOWSsystem32dlatfsnudfa.sys

22:30:30.0125 0648 tfsnudfa - ok

22:30:30.0500 0648 TosIde - ok

22:30:30.0937 0648 Udfs (12f70256f140cd7d52c58c7048fde657) C:WINDOWSsystem32driversUdfs.sys

22:30:30.0968 0648 Udfs - ok

22:30:31.0359 0648 ultra - ok

22:30:31.0718 0648 Update (aff2e5045961bbc0a602bb6f95eb1345) C:WINDOWSsystem32DRIVERSupdate.sys

22:30:31.0796 0648 Update - ok

22:30:32.0296 0648 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:WINDOWSsystem32DRIVERSusbccgp.sys

22:30:32.0312 0648 usbccgp - ok

22:30:32.0765 0648 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:WINDOWSsystem32DRIVERSusbehci.sys

22:30:32.0781 0648 usbehci - ok

22:30:33.0218 0648 usbhub (c72f40947f92cea56a8fb532edf025f1) C:WINDOWSsystem32DRIVERSusbhub.sys

22:30:33.0234 0648 usbhub - ok

22:30:33.0671 0648 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:WINDOWSsystem32DRIVERSusbprint.sys

22:30:33.0687 0648 usbprint - ok

22:30:34.0093 0648 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:WINDOWSsystem32DRIVERSusbscan.sys

22:30:34.0093 0648 usbscan - ok

22:30:34.0515 0648 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:WINDOWSsystem32DRIVERSUSBSTOR.SYS

22:30:34.0531 0648 USBSTOR - ok

22:30:34.0937 0648 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:WINDOWSsystem32DRIVERSusbuhci.sys

22:30:34.0953 0648 usbuhci - ok

22:30:35.0375 0648 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:WINDOWSSystem32driversvga.sys

22:30:35.0375 0648 VgaSave - ok

22:30:35.0781 0648 viaagp1 (099f10c7b9d4c7a2bf48d4c6eca1e7f1) C:WINDOWSsystem32DRIVERSviaagp1.sys

22:30:35.0796 0648 viaagp1 - ok

22:30:36.0203 0648 ViaIde (59cb1338ad3654417bea49636457f65d) C:WINDOWSsystem32DRIVERSviaide.sys

22:30:36.0203 0648 ViaIde - ok

22:30:36.0671 0648 VolSnap (ee4660083deba849ff6c485d944b379b) C:WINDOWSsystem32driversVolSnap.sys

22:30:36.0687 0648 VolSnap - ok

22:30:37.0156 0648 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:WINDOWSsystem32DRIVERSwanarp.sys

22:30:37.0156 0648 Wanarp - ok

22:30:37.0609 0648 wanatw (ba1d9278448cb26152a18b6a06b61ea3) C:WINDOWSsystem32DRIVERSwanatw4.sys

22:30:37.0625 0648 wanatw - ok

22:30:38.0031 0648 wandrv (30211add92098d4b5cfadbf3da01e69b) C:WINDOWSsystem32DRIVERSwandrv.sys

22:30:38.0031 0648 wandrv - ok

22:30:38.0421 0648 WDICA - ok

22:30:38.0750 0648 wdmaud (2797f33ebf50466020c430ee4f037933) C:WINDOWSsystem32driverswdmaud.sys

22:30:38.0796 0648 wdmaud - ok

22:30:39.0640 0648 {6080A529-897E-4629-A488-ABA0C29B635E} (5b3d453a2f38105bcd0c573b94dea346) C:WINDOWSsystem32driversialmsbw.sys

22:30:39.0671 0648 {6080A529-897E-4629-A488-ABA0C29B635E} - ok

22:30:40.0093 0648 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (e147bd61a697701096ca5c830a5adb90) C:WINDOWSsystem32driversialmkchw.sys

22:30:40.0125 0648 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok

22:30:40.0250 0648 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) DeviceHarddisk0DR0

22:30:40.0281 0648 DeviceHarddisk0DR0 - ok

22:30:40.0359 0648 Boot (0x1200) (e908ba9ef7fac04e8a885e6f734a6fa1) DeviceHarddisk0DR0Partition0

22:30:40.0359 0648 DeviceHarddisk0DR0Partition0 - ok

22:30:40.0390 0648 ============================================================

22:30:40.0390 0648 Scan finished

22:30:40.0390 0648 ============================================================

22:30:40.0468 1172 Detected object count: 1

22:30:40.0468 1172 Actual detected object count: 1

22:42:20.0406 1172 C:WINDOWSsystem32DRIVERSACPI.sys - copied to quarantine

22:42:28.0625 1172 Backup copy found, using it..

22:42:28.0765 1172 C:WINDOWSsystem32DRIVERSACPI.sys - will be cured on reboot

22:42:28.0765 1172 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure

22:42:43.0625 0496 Deinitialize success

Share this post


Link to post
Share on other sites
me82   

The last scan I did was on March 5, 2012

 

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.03.03.06

 

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 6.0.2900.2180

Administrator :: YOUR-PA86Z1I3G7 [administrator]

 

3/5/2012 12:13:13 AM

mbam-log-2012-03-05 (00-13-13).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 282101

Time elapsed: 27 minute(s), 41 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 2

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun|winlogon (Trojan.Agent) -> Data: C:Documents and SettingsAdministratorwinlogon.exe -> Quarantined and deleted successfully.

HKCUSoftwareMicrosoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 5

C:Documents and SettingsnikaMy DocumentsDownloadswrar401.exe (PUP.BundleInstaller.OI) -> No action taken.

C:Documents and SettingsAdministratorLocal SettingsTemp95ED.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5ASL73MP3installer_m_459[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratoruidsave.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:Documents and Settingsnikauidsave.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

(end)

Share this post


Link to post
Share on other sites
me82   

This one on March 3, 2012

 

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.03.03.06

 

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 6.0.2900.2180

Administrator :: YOUR-PA86Z1I3G7 [administrator]

 

3/3/2012 5:41:31 PM

mbam-log-2012-03-03 (17-41-31).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217442

Time elapsed: 12 minute(s), 47 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun|58511 (Trojan.Agent.Gen) -> Data: C:DOCUME~1ALLUSE~1LOCALS~1Tempmsdubm.com -> Delete on reboot.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 5

C:Documents and SettingsnikaMy DocumentsDownloadswrar401.exe (PUP.BundleInstaller.OI) -> No action taken.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58H2F8TURftp[1].exe (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58H2F8TURinstaller_m_459[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58XIBK92Jsoft[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5GPAN41UJsetup[1].exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully.

 

(end)

Share this post


Link to post
Share on other sites
me82   

another one from March 3, 2012

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.03.03.06

 

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 6.0.2900.2180

Administrator :: YOUR-PA86Z1I3G7 [administrator]

 

3/3/2012 11:41:25 AM

mbam-log-2012-03-03 (11-41-25).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213317

Time elapsed: 12 minute(s), 4 second(s)

 

Memory Processes Detected: 1

C:WINDOWSsystem32crrss.exe (Trojan.Agent) -> 1968 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 9

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|devicemob (Trojan.Downloader) -> Data: C:Documents and SettingsAll Usersdevicemob.exe -> Quarantined and deleted successfully.

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|mshsrv (Trojan.Downloader) -> Data: C:Documents and SettingsnikaApplication Datamshsrv.exe -> Quarantined and deleted successfully.

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|dplaysvr (Trojan.Downloader) -> Data: C:Documents and SettingsnikaApplication Datadplaysvr.exe -> Quarantined and deleted successfully.

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|38A.exe (Trojan.Dropper.PE4) -> Data: C:Program FilesLP015F38A.exe -> Quarantined and deleted successfully.

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|rkXkeRHrWQE.exe (Rogue.FakeHDD) -> Data: C:Documents and SettingsAll UsersApplication DatarkXkeRHrWQE.exe -> Quarantined and deleted successfully.

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun|winlogon (Trojan.Downloader) -> Data: C:Documents and SettingsAdministratorwinlogon.exe -> Quarantined and deleted successfully.

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|crrss (Trojan.Agent) -> Data: C:WINDOWSsystem32crrss.exe -> Quarantined and deleted successfully.

HKCUSoftwareMicrosoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully.

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun|58511 (Trojan.Agent.Gen) -> Data: C:DOCUME~1ALLUSE~1LOCALS~1Tempmsdubm.com -> Delete on reboot.

 

Registry Data Items Detected: 1

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon|Userinit (Trojan.Agent) -> Bad: (C:WINDOWSsystem32crrss.exe) Good: () -> Quarantined and repaired successfully.

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 52

C:Documents and SettingsnikaMy DocumentsDownloadswrar401.exe (PUP.BundleInstaller.OI) -> No action taken.

C:Documents and SettingsAll Usersdevicemob.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaApplication Datamshsrv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaApplication Datadplaysvr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Program FilesLP015F38A.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

C:Documents and SettingsAll UsersApplication DatarkXkeRHrWQE.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

C:Documents and SettingsAll UsersApplication DataoPgmLDH1TdsETm.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaApplication DataAntivirus Protection 2012AntivirusProtection2012.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaApplication DataAntivirus Protection 2012securityhelper.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaApplication DataAntivirus Protection 2012securitymanager.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaApplication DataFC96E00001.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaApplication DataVoopavowgookg.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemp3A70.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemp48B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTempD0D8.tmp (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp00054c33.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp0052ef14.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp0057c174.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp01113690.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp1D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp3391.tmp (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp3gctrl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp5DDA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp7A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemp7D.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTempF8CF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58H2F8TURftp[1].exe (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58H2F8TURinstaller_m_459[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE58XIBK92Jsoft[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorLocal SettingsTemporary Internet FilesContent.IE5GPAN41UJsetup[1].exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE54PAR09MVsetup2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5GBG8ZWUScf[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5GBG8ZWUSftp[1].exe (Trojan.Agent.CBCGen) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5GBG8ZWUSinstaller_m_459[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5GBG8ZWUSit9[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5JH85E9MLit9[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5JH85E9MLsetup[1].exe (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5YVY76JG7355[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5YVY76JG7pp[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTemporary Internet FilesContent.IE5YVY76JG7soft[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaApplication Datadplayx.dll (Trojan.QHost.BG) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaDesktopAntivirus Protection 2012.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTempppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTempw32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTempwrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAdministratorwinlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and Settingsnikawinlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsnikaLocal SettingsTempdf:filtered:.exe (Malware.Trace) -> Quarantined and deleted successfully.

C:WINDOWSsystem32crrss.exe (Trojan.Agent) -> Delete on reboot.

C:Documents and SettingsAdministratoruidsave.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:Documents and Settingsnikauidsave.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:Documents and SettingsAll UsersLocal SettingsTempmsdubm.com (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

 

(end)

Share this post


Link to post
Share on other sites
JonTom   

Hello me82

 

Thank you for the logs.

 

Are you able to boot into Normal Mode now?

 

If not, run the following from Safe Mode with Networking:

 

  • Combofix

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Please post the Combofix log in your next reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×