BleepingComputer.com: Window restore virus removed but pc still crashes in normal mode

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Window restore virus removed but pc still crashes in normal mode windows restore removeed pc not working in normal!!!!

#1 User is offline   Darren35 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 21-April 11

Posted 22 April 2011 - 07:15 AM

Hi,
Can someone please help????
My Pc was infected with the window restore virus, and I removed it by following the uninstall guide on this site,however the PC still crashes on normal mode

Please find below a copy of my DDS Log
Cheers!!!!!!!!
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Darren at 17:39:17.20 on 22/04/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.651 [GMT 1:00]
.
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Trend Micro Internet Security Pro *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Kaspersky Internet Security *Enabled*
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Darren\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.euro.dell.com/countries/ie/enu/gen/default.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Trend Micro Toolbar BHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - TSToolbarBHO
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} -
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\documents and settings\darren\desktop\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\documents and settings\darren\desktop\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mgafakfp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\darren\applic~1\mozilla\firefox\profiles\ildjg7nh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 CFRPD;cfrpd;c:\windows\system32\drivers\CFRPD.sys [2009-8-4 56736]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-17 13496]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-10-11 339984]
S0 Ekp51;Ekp51;c:\windows\system32\drivers\ekp51.sys --> c:\windows\system32\drivers\Ekp51.sys [?]
S0 ieophd;ieophd;c:\windows\system32\drivers\kalb.sys --> c:\windows\system32\drivers\kalb.sys [?]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-26 475736]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\darren\desktop\sasdifsv.sys --> c:\documents and settings\darren\desktop\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\darren\desktop\saskutil.sys --> c:\documents and settings\darren\desktop\SASKUTIL.SYS [?]
S1 StarPortLite;StarPort Storage Controller (Lite); [x]
S2 AVP;Kaspersky Anti-Virus Service;"c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe" -r --> c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [?]
S2 evftjacp;NDIS System Helper;c:\windows\system32\svchost.exe -k netsvcs [2011-4-13 14336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-10-11 36368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-2-18 1517376]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-10-11 50704]
S3 TmPfw;Trend Micro Personal Firewall; [x]
S3 TmProxy;Trend Micro Proxy Service; [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
=============== Created Last 30 ================
.
2011-04-22 11:34:10 -------- d-s---w- C:\ComboFix
2011-04-21 22:51:29 -------- d-----w- c:\docume~1\darren\applic~1\SUPERAntiSpyware.com
2011-04-21 22:51:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-21 21:30:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2011-04-20 21:30:36 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-20 18:45:28 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-04-20 18:43:36 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-04-20 18:43:35 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-04-20 18:42:54 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-04-20 18:30:17 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-04-18 20:26:07 -------- d-sha-r- C:\cmdcons
2011-04-18 19:33:39 98816 ----a-w- c:\windows\sed.exe
2011-04-18 19:33:39 89088 ----a-w- c:\windows\MBR.exe
2011-04-18 19:33:39 256512 ----a-w- c:\windows\PEV.exe
2011-04-18 19:33:39 161792 ----a-w- c:\windows\SWREG.exe
2011-04-17 20:29:29 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-04-17 20:29:28 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-04-17 18:21:46 -------- d-----w- c:\program files\Disk Heal
2011-04-17 16:37:15 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-04-17 16:35:47 357888 ------w- c:\windows\system32\dllcache\srv.sys
2011-04-17 16:33:50 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-04-17 16:33:37 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-04-17 16:30:39 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-04-17 16:30:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-04-17 16:30:25 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-04-17 16:30:22 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-04-17 16:30:20 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-04-17 16:30:17 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-04-17 16:30:15 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-04-17 16:30:13 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-04-17 16:30:10 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2011-04-17 16:30:08 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-04-17 16:30:06 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-04-17 16:30:01 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-04-17 16:29:51 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-04-17 16:29:40 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-04-17 16:27:33 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-04-17 16:20:25 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-04-17 16:15:49 -------- d-----w- c:\windows\LastGood.Tmp
2011-04-15 19:00:47 -------- d-----w- c:\documents and settings\darren\DoctorWeb
2011-04-14 20:44:50 -------- d-----w- c:\docume~1\darren\applic~1\Malwarebytes
2011-04-14 20:44:17 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-04-14 20:05:42 63663 ------w- c:\windows\system32\drivers\ati1rvxx.sys
2011-04-14 18:44:25 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4342.dll
2011-04-13 19:55:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 19:55:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-13 19:54:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 19:54:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 19:35:53 33656 ----a-w- c:\windows\system32\sprecovr.exe
2011-04-13 19:27:19 33792 ----a-w- c:\program files\messenger\custsat.dll
2011-04-13 19:27:16 180224 ----a-w- c:\program files\messenger\msgslang.dll
2011-04-13 19:27:13 1695232 ----a-w- c:\program files\messenger\msmsgs.exe
2011-04-13 19:27:08 79872 ----a-w- c:\windows\system32\msxml6r.dll
2011-04-13 19:27:02 59392 ----a-w- c:\windows\system32\logman.exe
2011-04-13 19:26:59 9216 ----a-w- c:\windows\system32\proxycfg.exe
2011-04-13 19:26:13 14336 ----a-w- c:\windows\system32\auditusr.exe
2011-04-13 19:26:10 8192 ----a-w- c:\windows\system32\bitsprx2.dll
2011-04-13 19:26:06 7168 ----a-w- c:\windows\system32\bitsprx3.dll
2011-04-13 19:26:03 71680 ----a-w- c:\windows\system32\blastcln.exe
2011-04-13 19:26:00 20992 ----a-w- c:\windows\system32\bthci.dll
2011-04-13 19:24:58 120320 ----a-w- c:\windows\system32\ir41_qc.dll
2011-04-13 19:23:57 7168 ----a-w- c:\windows\system32\kbdukx.dll
2011-04-13 19:22:59 270848 ----a-w- c:\windows\system32\sbe.dll
2011-04-13 19:21:58 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2011-04-13 19:21:55 6656 ----a-w- c:\windows\system32\wuauserv.dll
2011-04-13 19:21:48 129024 ----a-w- c:\windows\system32\xmlprov.dll
2011-04-13 19:21:44 50176 ----a-w- c:\windows\system32\xmlprovi.dll
2011-04-13 19:21:41 438784 ----a-w- c:\windows\system32\xpob2res.dll
2011-04-13 19:21:37 187392 ----a-w- c:\windows\system32\xpsp1res.dll
2011-04-13 19:21:26 229376 ----a-w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2011-04-13 19:21:22 966656 ----a-w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2011-04-13 19:21:19 77824 ----a-w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2011-04-13 19:21:16 86016 ----a-w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2011-04-13 19:20:58 167936 ----a-w- c:\program files\movie maker\wmm2ae.dll
2011-04-13 19:20:53 4096 ----a-w- c:\program files\movie maker\wmm2eres.dll
2011-04-13 19:20:50 7680 ----a-w- c:\program files\movie maker\wmm2ext.dll
2011-04-13 19:20:46 402432 ----a-w- c:\program files\movie maker\wmm2filt.dll
2011-04-13 19:20:42 502272 ----a-w- c:\program files\movie maker\wmm2fxa.dll
2011-04-13 19:20:39 325632 ----a-w- c:\program files\movie maker\wmm2fxb.dll
2011-04-13 19:20:35 4256768 ----a-w- c:\program files\movie maker\wmm2res.dll
2011-04-13 19:20:32 5632 ----a-w- c:\program files\movie maker\wmm2res2.dll
2011-04-13 19:20:09 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2011-04-13 19:20:05 44928 ----a-w- c:\windows\system32\drivers\agpcpq.sys
2011-04-13 19:20:01 42752 ----a-w- c:\windows\system32\drivers\alim1541.sys
2011-04-13 19:18:43 18432 ----a-w- c:\program files\internet explorer\iedw.exe
2011-04-13 19:18:39 16896 ----a-w- c:\windows\system32\fltlib.dll
2011-04-13 19:18:31 25088 ----a-w- c:\windows\system32\httpapi.dll
2011-04-13 19:18:28 265728 ----a-w- c:\windows\system32\drivers\http.sys
2011-04-13 19:18:24 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2011-04-13 19:18:20 23040 ----a-w- c:\windows\system32\fltmc.exe
2011-04-13 19:18:16 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-04-13 19:18:11 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-04-13 19:18:07 75776 ----a-w- c:\windows\system32\strmfilt.dll
2011-04-13 19:17:28 38912 ----a-w- c:\program files\internet explorer\hmmapi.dll
2011-04-13 19:17:25 93184 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-04-13 19:17:22 281088 ----a-w- c:\program files\windows nt\pinball\pinball.exe
2011-04-13 19:15:27 741376 ----a-w- c:\program files\common files\microsoft shared\speech\sapi.dll
2011-04-13 19:15:03 385024 ----a-w- c:\program files\netmeeting\callcont.dll
2011-04-13 19:13:30 61440 ----a-w- c:\program files\internet explorer\connection wizard\icwconn.dll
2011-04-13 19:13:26 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2011-04-13 19:13:22 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
2011-04-13 19:13:19 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2011-04-13 19:13:16 172032 ----a-w- c:\program files\internet explorer\connection wizard\icwhelp.dll
2011-04-13 19:13:12 24576 ----a-w- c:\program files\internet explorer\connection wizard\icwrmind.exe
2011-04-13 19:13:09 49152 ----a-w- c:\program files\internet explorer\connection wizard\icwutil.dll
2011-04-13 19:13:06 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
2011-04-13 19:13:02 4639 ----a-w- c:\program files\windows media player\mplayer2.exe
2011-04-13 19:11:55 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2011-04-13 19:11:52 57344 ----a-w- c:\program files\common files\system\ado\msadrh15.dll
2011-04-13 19:11:38 249856 ----a-w- c:\program files\common files\system\wab32res.dll
2011-04-13 19:11:19 86528 ----a-w- c:\program files\common files\system\directdb.dll
2011-04-13 19:11:12 536576 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-04-13 19:11:08 180224 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-04-13 19:11:00 200704 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-04-13 19:10:55 102400 ----a-w- c:\program files\common files\system\ado\msjro.dll
2011-04-13 19:10:50 1315328 ----a-w- c:\program files\outlook express\msoe.dll
2011-04-13 19:10:33 851968 ----a-w- c:\program files\common files\microsoft shared\vgx\vgx.dll
2011-04-13 19:10:30 510976 ----a-w- c:\program files\common files\system\wab32.dll
2011-04-13 19:10:27 85504 ----a-w- c:\program files\outlook express\wabimp.dll
2011-04-13 19:10:23 218112 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-04-13 19:10:20 1358848 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2011-04-13 19:10:15 247808 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-04-13 19:10:11 21504 ----a-w- c:\windows\system32\wbem\evntrprv.dll
2011-04-13 19:10:08 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-13 19:10:05 185344 ----a-w- c:\windows\system32\wbem\framedyn.dll
2011-04-13 19:10:01 24576 ----a-w- c:\windows\system32\wbem\krnlprov.dll
2011-04-13 19:08:58 116224 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2011-04-13 19:07:14 4096 ----a-w- c:\program files\common files\system\ole db\msdadc.dll
2011-04-13 19:07:11 4096 ----a-w- c:\program files\common files\system\ole db\msdaenum.dll
2011-04-13 19:07:07 4096 ----a-w- c:\program files\common files\system\ole db\msdaer.dll
2011-04-13 19:07:04 233472 ----a-w- c:\program files\common files\system\ole db\msdaora.dll
2011-04-13 19:07:00 16384 ----a-w- c:\program files\common files\system\ole db\msdaorar.dll
2011-04-13 19:05:59 10752 ----a-w- c:\windows\hh.exe
2011-04-13 19:05:56 146432 ------w- c:\windows\regedit.exe
2011-04-13 19:05:53 50688 ----a-w- c:\windows\twain_32.dll
2011-04-13 19:05:50 283648 ----a-w- c:\windows\winhlp32.exe
2011-04-13 19:03:57 70656 ----a-w- c:\windows\system32\amstream.dll
2011-04-13 19:02:59 17408 ----a-w- c:\windows\system32\bidispl.dll
2011-04-13 19:01:57 148480 ----a-w- c:\windows\system32\cic.dll
2011-04-13 19:00:57 39424 ----a-w- c:\windows\system32\cmutil.dll
2011-04-13 18:59:58 33280 ----a-w- c:\windows\system32\cryptdll.dll
2011-04-13 18:58:56 640000 ----a-w- c:\windows\system32\dbghelp.dll
2011-04-13 18:57:58 379904 ----a-w- c:\windows\system32\dhcpmon.dll
2011-04-13 18:56:56 23552 ----a-w- c:\windows\system32\dmserver.dll
2011-04-13 18:55:57 212480 ----a-w- c:\windows\system32\dpvoice.dll
2011-04-13 18:54:59 138752 ----a-w- c:\windows\system32\dssenh.dll
2011-04-13 18:53:59 193024 ----a-w- c:\windows\system32\eudcedit.exe
2011-04-13 18:52:59 285184 ----a-w- c:\windows\system32\fxscomex.dll
2011-04-13 18:51:56 265728 ----a-w- c:\windows\system32\h323.tsp
2011-04-13 18:50:59 254976 ----a-w- c:\windows\system32\icm32.dll
2011-04-13 18:49:59 36921 ----a-w- c:\windows\system32\imeshare.dll
2011-04-13 18:48:57 331264 ----a-w- c:\windows\system32\ipnathlp.dll
2011-04-13 18:47:57 68608 ----a-w- c:\windows\system32\joy.cpl
2011-04-13 18:46:58 220672 ----a-w- c:\windows\system32\logon.scr
2011-04-13 18:45:59 60928 ----a-w- c:\windows\system32\miglibnt.dll
2011-04-13 18:44:56 123392 ----a-w- c:\windows\system32\mplay32.exe
2011-04-13 18:43:57 14336 ----a-w- c:\windows\system32\msdmo.dll
2011-04-13 18:42:59 2843136 ----a-w- c:\windows\system32\msi.dll
2011-04-13 18:41:57 29696 ----a-w- c:\windows\system32\mspatcha.dll
2011-04-13 18:40:56 72704 ----a-w- c:\windows\system32\msw3prt.dll
2011-04-13 18:39:56 42496 ----a-w- c:\windows\system32\net.exe
2011-04-13 18:38:57 98304 ----a-w- c:\windows\system32\nlhtml.dll
2011-04-13 18:37:58 249856 ----a-w- c:\windows\system32\odbc32.dll
2011-04-13 18:36:59 20510 ----a-w- c:\windows\system32\odpdx32.dll
2011-04-13 18:35:57 176128 ----a-w- c:\windows\system32\photowiz.dll
2011-04-13 18:34:56 562176 ----a-w- c:\windows\system32\qedit.dll
2011-04-13 18:33:58 35840 ----a-w- c:\windows\system32\rcimlby.exe
2011-04-13 18:32:57 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2011-04-13 18:31:59 192512 ----a-w- c:\windows\system32\schedsvc.dll
2011-04-13 18:30:53 549376 ----a-w- c:\windows\system32\shdoclc.dll
2011-04-13 18:29:59 13312 ----a-w- c:\windows\system32\sigtab.dll
2011-04-13 18:28:58 67584 ----a-w- c:\windows\system32\srclient.dll
2011-04-13 18:27:57 121856 ----a-w- c:\windows\system32\stobject.dll
2011-04-13 18:26:57 94208 ----a-w- c:\windows\system32\timedate.cpl
2011-04-13 18:24:57 175104 ----a-w- c:\windows\system32\w32time.dll
2011-04-13 18:23:59 507904 ----a-w- c:\windows\system32\winlogon.exe
2011-04-13 18:22:59 258048 ----a-w- c:\windows\system32\wmvds32.ax
2011-04-13 18:21:59 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2011-04-13 18:20:58 617472 ----a-w- c:\windows\system32\advapi32.dll
2011-04-13 18:19:58 14848 ----a-w- c:\windows\system32\mgmtapi.dll
2011-04-13 18:18:59 58368 ----a-w- c:\windows\system32\rastapi.dll
2011-04-13 18:17:58 102400 ----a-w- c:\windows\system32\win32spl.dll
2011-04-13 18:16:58 799744 ----a-w- c:\windows\system32\drivers\dmboot.sys
2011-04-13 18:15:58 152832 ----a-w- c:\windows\system32\drivers\ipnat.sys
2011-04-13 18:14:58 105344 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-13 18:13:59 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-04-13 18:12:58 73472 ----a-w- c:\windows\system32\drivers\sr.sys
2011-04-13 18:11:59 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-04-13 17:44:46 -------- d-----w- c:\program files\Free Window Registry Repair
2011-04-09 21:43:00 -------- d-----w- c:\docume~1\darren\locals~1\applic~1\AVG Security Toolbar
2011-04-09 21:22:49 -------- d-----w- c:\docume~1\darren\applic~1\AVG10
2011-04-09 14:31:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Common Files
2011-04-09 13:51:22 -------- d-----w- c:\docume~1\darren\applic~1\updates
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-18 13:29:12 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-18 13:24:34 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 19:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2008-12-03 16:07:15 200846 ----a-w- c:\program files\RuntimeSetup.exe
.
============= FINISH: 17:39:42.62 ===============

This post has been edited by Darren35: 22 April 2011 - 11:49 AM

#2 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,999
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 01 May 2011 - 04:15 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)


Thanks and again sorry for the delay.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#3 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,999
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 07 May 2011 - 10:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users