Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can you please help interpret HiJackTHis log file?


  • This topic is locked This topic is locked
18 replies to this topic

#1 kenki

kenki

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 25 February 2010 - 07:28 AM

Hi

My Windows 7 (64bit) Computer shuts down (no blue screen of death) suddenly when I try and virus/spyware/malware FULL Scan using several programs like Microsoft Securities Essential, AVG, Spybot S & D and online virus checkers like Panda

I have used HighJack THis from Trend micro and generated a log file. Can you please interpret it for me? How do I send the log in text format. Do I just copy and paste it to this message?

Please reply

Here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:28, on 25/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ken\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7728 bytes

Edited by kenki, 26 February 2010 - 12:21 AM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:12 AM

Posted 27 February 2010 - 06:54 PM

Hi kenki,

Welcome to Bleeping Computer.

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few guidelines so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Please keep in mind that I am still in training and so there may be a slight delay between replies. This is so that a resident expert can check my responses to ensure we get your computer fixed as quickly and effectively as possible.

Please follow the instructions in the Preparation Guide and post back with the following logs:
  • DDS Log
  • GMER Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 kenki

kenki
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 March 2010 - 05:02 AM

QUOTE(mpascal @ Feb 27 2010, 06:54 PM) View Post
Hi kenki,

Welcome to Bleeping Computer.

My name is mpascal, and I will be helping you fix your problem.

"...Before we begin, I would like to make a few guidelines so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Please keep in mind that I am still in training and so there may be a slight delay between replies. This is so that a resident expert can check my responses to ensure we get your computer fixed as quickly and effectively as possible.

Please follow the instructions in the Preparation Guide and post back with the following logs:
  • DDS Log
  • GMER Log......."


Hi mpascal,

I have generated the DDR logs; Attach.txt is uploaded and DDS.txt is pasted here:(Quite Huge!!) The GMER log will be uploaded shortly - I had a bit of a problem in extracting and gettting a scan done.


DDS (Ver_09-12-01.01) - NTFSX64
Run by Ken at 8:25:18.70 on 02/03/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.2667 [GMT 0:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ken\Desktop\Bleeping Computers\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Sony Ericsson PC Suite] "c:\program files (x86)\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Google Update] "c:\users\ken\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

================= FIREFOX ===================

FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\4zi3zv5n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\users\ken\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\ken\appdata\roaming\mozilla\firefox\profiles\4zi3zv5n.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox 3.6 beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-24 69152]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-22 90112]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-22 34032]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-1-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-11-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-11-22 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-11-22 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-11-22 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-11-22 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-11-22 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-11-22 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-11-22 146472]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-02-25 08:26:43 0 d-----w- c:\program files (x86)\Trend Micro
2010-02-24 11:10:56 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-02-24 11:10:54 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-24 10:34:30 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-24 10:34:30 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 07:05:23 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-24 06:57:24 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-24 06:56:06 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-24 06:56:01 0 d-----w- c:\program files (x86)\Lavasoft
2010-02-23 13:46:55 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-02-22 18:10:05 0 d-----w- c:\windows\CheckSur
2010-02-22 07:59:46 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-22 07:51:29 65536 --sha-w- c:\users\ken\ntuser.dat{b42a1151-1f84-11df-ac2c-001a92824a6f}.TM.blf
2010-02-22 07:51:29 524288 --sha-w- c:\users\ken\ntuser.dat{b42a1151-1f84-11df-ac2c-001a92824a6f}.TMContainer00000000000000000002.regtrans-ms
2010-02-22 07:51:29 524288 --sha-w- c:\users\ken\ntuser.dat{b42a1151-1f84-11df-ac2c-001a92824a6f}.TMContainer00000000000000000001.regtrans-ms
2010-02-22 05:51:53 524288 --sha-w- c:\users\ken\ntuser.dat{3c06208a-1f71-11df-8e5b-001a92824a6f}.TMContainer00000000000000000002.regtrans-ms
2010-02-22 05:51:53 524288 --sha-w- c:\users\ken\ntuser.dat{3c06208a-1f71-11df-8e5b-001a92824a6f}.TMContainer00000000000000000001.regtrans-ms
2010-02-22 05:51:52 65536 --sha-w- c:\users\ken\ntuser.dat{3c06208a-1f71-11df-8e5b-001a92824a6f}.TM.blf
2010-02-21 06:34:59 0 d-----w- c:\programdata\Avira
2010-02-21 06:34:59 0 d-----w- c:\program files (x86)\Avira
2010-02-21 06:26:49 0 d-----w- c:\users\ken\appdata\roaming\Uniblue
2010-02-20 11:30:21 0 d-----w- c:\program files (x86)\Panda Security
2010-02-20 10:34:44 65536 --sha-w- c:\users\ken\ntuser.dat{4e54c62a-1e0a-11df-87e7-001a92824a6f}.TM.blf
2010-02-20 10:34:44 524288 --sha-w- c:\users\ken\ntuser.dat{4e54c62a-1e0a-11df-87e7-001a92824a6f}.TMContainer00000000000000000002.regtrans-ms
2010-02-20 10:34:44 524288 --sha-w- c:\users\ken\ntuser.dat{4e54c62a-1e0a-11df-87e7-001a92824a6f}.TMContainer00000000000000000001.regtrans-ms
2010-02-14 09:13:30 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-11 12:08:59 0 d-----w- c:\users\ken\appdata\roaming\ABBYY
2010-02-11 12:01:53 0 d-----w- c:\programdata\ABBYY
2010-02-11 12:01:53 0 d-----w- c:\program files (x86)\ABBYY FineReader 10
2010-02-11 11:59:35 0 d-----w- c:\temp\ABBYY FineReader 10
2010-02-11 11:59:35 0 d-----w- C:\Temp
2010-02-10 12:59:42 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-02-09 14:57:13 0 d-----w- c:\program files (x86)\common files\Hewlett-Packard
2010-02-09 14:16:41 0 d-----w- c:\program files (x86)\HP
2010-02-09 14:14:47 0 d-----w- c:\programdata\HP
2010-02-08 14:40:28 0 d-----w- c:\users\ken\appdata\roaming\Softi Software

==================== Find3M ====================

2010-02-24 09:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 06:57:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-12-22 08:36:19 243200 ----a-w- c:\windows\system32\wow64.dll
2009-12-22 08:24:35 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
2009-12-22 08:23:35 25600 ----a-w- c:\windows\syswow64\setup16.exe
2009-12-22 08:22:10 5120 ----a-w- c:\windows\syswow64\wow32.dll
2009-12-22 04:28:10 7680 ----a-w- c:\windows\syswow64\instnm.exe
2009-12-22 04:28:08 2048 ----a-w- c:\windows\syswow64\user.exe
2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:53 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\syswow64\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\syswow64\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\syswow64\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\syswow64\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\syswow64\msrle32.dll
2009-12-19 09:02:42 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-12-19 09:02:42 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\syswow64\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\syswow64\iyuv_32.dll
2009-12-19 09:02:38 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\syswow64\avifil32.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\syswow64\GPhotos.scr
2009-12-13 09:46:36 960512 ----a-w- c:\windows\system32\CPFilters.dll
2009-12-13 09:46:36 613888 ----a-w- c:\windows\system32\psisdecd.dll
2009-12-13 09:46:34 552960 ----a-w- c:\windows\system32\msdri.dll
2009-12-13 09:30:50 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2009-12-13 09:30:50 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 8:25:47.52 ===============

Attached Files



#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:12 AM

Posted 02 March 2010 - 01:06 PM

Hi kenki,

STEP 1 - MBAM

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

STEP 2 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 3 - Reply

Please reply with the following:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 kenki

kenki
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 03 March 2010 - 11:16 AM

QUOTE(mpascal @ Mar 2 2010, 01:06 PM) View Post
............
Please reply with the following:
  • MBAM Log
  • Kaspersky Log



I have posted below the log file from MalwareBytes scan. Shall do the same for Kaspersky online scan soon. BTW, do you find any infection from the other 3 logs( including Hijackthis) posted earlier? I could not run GMER on my Win7. Every time I click on the extracted exe file, I get the response "could not find the specified file", even when trying to run it with Admin rights.

Malwarebytes' Anti-Malware 1.44
Database version: 3817
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03/03/2010 08:50:56
mbam-log-2010-03-03 (08-50-34).txt

Scan type: Quick Scan
Objects scanned: 98961
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:12 AM

Posted 03 March 2010 - 01:47 PM

GMER has some problems with 64-bit systems, that's probably why you couldn't get it to work.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 kenki

kenki
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 04 March 2010 - 09:54 AM

Hi

Unable to do Kaspersky Log as the PC crashes during download repeatedly. Can you please give me your analysis and solution using the existing various scan log reports already provided. Thank you

Kenki

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:12 AM

Posted 05 March 2010 - 02:33 AM

Hi kenki,

What do you mean it crashes? Do you get a bluescreen? Or is it one of the crashes you said you got in your first post?

Please download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep Rootkit Search then choose ok.
Then choose OK again then you are back to the main screen.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 kenki

kenki
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 05 March 2010 - 05:04 AM

Hi MPascal,

I did as you said: downloaded Virus removal Tool and did all the settings changes and ran it in SAFE MODE (without Network connections) and the PC shut down 11% in to scan. When it crashes, it does not show a blue screen but simply shuts the PC down electrically, asif the plug has been pulled or the power switched off. THis happens ONLY when I run Antivirus programs. What do I do next? As requested in previous posts could you please advice m based on the scan results so far from various tools?

THanks

Kenki




#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:12 AM

Posted 05 March 2010 - 10:21 AM

The logs you have given me so far look fine, the shutdown problem is what I'm worried about. Does it always crash at 11%, or is it random?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 kenki

kenki
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 05 March 2010 - 10:30 AM

I think the sudden shut down is random. With Micorsoft Securities Essentials it was always 8 minutes and 20 seconds in to a scan when it cut power. Different time and percentages with different scan software. Any further ideas???

KenKi

#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:12 AM

Posted 06 March 2010 - 02:06 PM

Hi kenki,

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Once you have done that, try running AVP again with the instructions in my previous post.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 kenki

kenki
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 07 March 2010 - 05:08 AM

HI

Thank you for persisting. I did as you instructed: i.e downloaded and ran TFC and rebooted in to SAFE MODE and ran AVP tool from Kasperasky.. However, the scan just crashed the PC around 15% progress. BY CRASH I do not mean a Blue screen of death. BUT a sudden power cutout.

I noticed during the scan that it could not read certain files and folders as they were "password protected" eg: backup.db and and a .bmp file.

I do no know if we are dealing with a stubborn virus, malware or if this is a hardware problem. I would appreciate a new evaluation and advice

Kenki

#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:12 AM

Posted 07 March 2010 - 05:33 PM

Hi kenki,

I'm starting to think more and more that this is not a malware problem. Can you try uninstalling Super AntiSpyware from your system by going Start -> -> Control Panel -> Add/Remove Programs and removing it there. After that, try and see if you still get crashes.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 kenki

kenki
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 08 March 2010 - 05:33 AM

Hi

I removed Super AntiSpyware via Add - Remove Programs in the Control Panel and did a full scan in SAFE MODE without network using Microsoft Securities Essentials and I am afraid, the PC switched off just 9 minutes into the scan in safe mode!


Some one suggested that may be CPU is getting overheated due to intense processing during a Viral scan and switches off the PC as a protective short circuit? DO you deal with problems like these?

Or may be the virus is stubborn and invisible and a challenge to you and me

Thanks

Kenki




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users