Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"System Check" removal


  • This topic is locked This topic is locked
74 replies to this topic

#1 les54

les54

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 14 January 2012 - 07:53 PM

I tried to remove system check but I suspect there is still some corrupt files.
I am running latest version of Avira free but cannot turn on realtime protection nor do updates on Avira. Avira message says scheduler not turned on.
Thanks in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Les at 17:31:43 on 2012-01-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.735.289 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\V0220Mon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [VTTimer] VTTimer.exe
mRun: [V0220Mon.exe] c:\windows\V0220Mon.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg"&"inst=NzYtOTU2MzAzMDU3LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1834"&"mid=18acbeb0361f47d1b9b2d14427a7e17d-06ce4fc639803a2e3563922518183d8e94088cb9
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\les\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\windows\installer\{649c4b1a-6a76-499a-9aec-0c9530fa7d2c}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262629585109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
TCP: Interfaces\{ABD6FF1D-8E54-400D-AFCB-E0187E6AFF99} : DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-10 14776]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2010-1-4 75904]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-11 36000]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-10 497496]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-11 74640]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-2-19 106496]
R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2010-1-4 146112]
R3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2010-1-4 6272]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-11 86224]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-11 110032]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-12 40776]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
.
=============== Created Last 30 ================
.
2012-01-14 07:51:03 -------- d-----w- C:\sh4ldr
2012-01-14 07:51:03 -------- d-----w- c:\program files\Enigma Software Group
2012-01-14 07:50:30 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2012-01-13 18:50:11 -------- d-----w- c:\documents and settings\les\application data\Panda Security
2012-01-13 18:48:28 -------- d-----w- c:\program files\Toolbar Cleaner
2012-01-13 18:48:26 -------- d-----w- c:\documents and settings\les\local settings\application data\panda2_0dn
2012-01-13 18:48:17 -------- d-----w- c:\documents and settings\all users\application data\Panda Security URL Filtering
2012-01-13 18:48:12 -------- d-----w- c:\documents and settings\les\application data\pandasecuritytb
2012-01-13 18:47:23 -------- d-----w- c:\program files\Panda Security
2012-01-13 18:47:23 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2012-01-12 22:07:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-12 21:02:21 -------- d-----w- c:\documents and settings\les\application data\Search Settings
2012-01-12 21:02:19 -------- d-----w- c:\program files\IObit Toolbar
2012-01-12 21:02:19 -------- d-----w- c:\program files\common files\Spigot
2012-01-12 21:02:19 -------- d-----w- c:\program files\Application Updater
2012-01-12 18:09:23 -------- d-----w- c:\program files\ACW
2012-01-12 03:38:51 -------- d-----w- c:\documents and settings\les\application data\ElevatedDiagnostics
2012-01-12 03:37:56 -------- d-----w- c:\program files\Microsoft ATS
2012-01-11 19:00:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 18:34:40 -------- d-----w- c:\documents and settings\les\application data\Wise Registry Cleaner
2012-01-11 18:31:42 -------- d-----w- c:\program files\Wise Registry Cleaner
2012-01-11 17:36:32 -------- d-----w- c:\documents and settings\les\application data\Avira
2012-01-11 17:35:07 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-11 17:35:07 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-11 17:25:47 -------- d-----w- c:\program files\CCleaner
2012-01-11 05:46:01 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-11 05:31:13 -------- d-----w- c:\documents and settings\les\application data\IObit
2012-01-11 05:02:18 -------- d-----w- c:\program files\Avira
2012-01-11 01:27:17 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2012-01-11 01:27:17 176128 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-01-11 01:26:18 386048 -c----w- c:\windows\system32\dllcache\qdvd.dll
2012-01-11 01:25:37 60416 -c----w- c:\windows\system32\dllcache\packager.exe
2012-01-11 00:07:57 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-11 00:07:57 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-10 20:07:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-11-27 18:27:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 12:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 10:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 17:32:44.37 ===============



Sorry,I could not see how to zip this file and it did not appear in desktop so I couldn't send it as an attachment.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 04/01/2010 9:14:33 AM
System Uptime: 14/01/2012 9:20:21 AM (8 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-7VM400AM(F)
Processor: AMD Athlon™ XP 2500+ | Socket A | 1831/167mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 442.061 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (NTFS) - 76 GiB total, 67.552 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP441: 17/10/2011 5:14:01 PM - System Checkpoint
RP442: 19/10/2011 6:34:47 PM - System Checkpoint
RP443: 21/10/2011 1:12:34 PM - System Checkpoint
RP444: 22/10/2011 1:23:11 PM - System Checkpoint
RP445: 23/10/2011 5:35:55 PM - System Checkpoint
RP446: 24/10/2011 6:58:12 PM - System Checkpoint
RP447: 25/10/2011 7:19:36 PM - System Checkpoint
RP448: 25/10/2011 10:18:28 PM - Software Distribution Service 3.0
RP449: 26/10/2011 12:59:05 PM - Installed AVG 2012
RP450: 26/10/2011 12:59:31 PM - Installed AVG 2012
RP451: 26/10/2011 1:22:25 PM - Restore Operation
RP452: 26/10/2011 1:28:47 PM - Restore Operation
RP453: 26/10/2011 1:33:56 PM - Restore Operation
RP454: 27/10/2011 12:04:36 PM - Removed AVG 2012
RP455: 27/10/2011 12:05:31 PM - Removed AVG 2012
RP456: 28/10/2011 10:07:57 PM - System Checkpoint
RP457: 30/10/2011 3:28:20 PM - System Checkpoint
RP458: 02/11/2011 5:30:57 PM - System Checkpoint
RP459: 03/11/2011 10:08:39 PM - System Checkpoint
RP460: 05/11/2011 9:15:15 AM - System Checkpoint
RP461: 07/11/2011 7:58:06 AM - System Checkpoint
RP462: 08/11/2011 9:07:55 PM - System Checkpoint
RP463: 08/11/2011 11:04:27 PM - Software Distribution Service 3.0
RP464: 10/11/2011 5:34:11 PM - System Checkpoint
RP465: 10/11/2011 8:17:25 PM - Software Distribution Service 3.0
RP466: 26/11/2011 11:44:52 AM - System Checkpoint
RP467: 27/11/2011 12:13:34 PM - System Checkpoint
RP468: 29/11/2011 8:37:52 PM - System Checkpoint
RP469: 30/11/2011 9:07:22 PM - System Checkpoint
RP470: 04/12/2011 4:55:40 PM - System Checkpoint
RP471: 08/12/2011 8:47:15 PM - System Checkpoint
RP472: 09/12/2011 9:52:54 PM - System Checkpoint
RP473: 11/12/2011 12:56:15 PM - System Checkpoint
RP474: 12/12/2011 5:48:36 PM - System Checkpoint
RP475: 14/12/2011 4:57:37 PM - System Checkpoint
RP476: 15/12/2011 3:00:17 AM - Software Distribution Service 3.0
RP477: 16/12/2011 9:38:29 PM - System Checkpoint
RP478: 18/12/2011 3:33:52 PM - System Checkpoint
RP479: 19/12/2011 4:03:26 PM - System Checkpoint
RP480: 20/12/2011 4:58:49 PM - System Checkpoint
RP481: 21/12/2011 5:55:37 PM - System Checkpoint
RP482: 27/12/2011 3:39:49 PM - System Checkpoint
RP483: 28/12/2011 8:01:05 PM - System Checkpoint
RP484: 29/12/2011 8:30:36 PM - System Checkpoint
RP485: 02/01/2012 7:15:57 PM - System Checkpoint
RP486: 03/01/2012 7:20:18 PM - System Checkpoint
RP487: 05/01/2012 4:46:56 PM - System Checkpoint
RP488: 07/01/2012 4:46:34 PM - System Checkpoint
RP489: 08/01/2012 5:22:19 PM - System Checkpoint
RP490: 09/01/2012 7:34:30 PM - System Checkpoint
RP491: 10/01/2012 6:20:07 PM - Installed Windows XP KB2598845.
RP492: 10/01/2012 6:26:07 PM - Installed Windows XP KB2584146.
RP493: 10/01/2012 6:26:30 PM - Installed Windows XP KB2631813.
RP494: 10/01/2012 6:26:50 PM - Installed Windows XP KB2585542.
RP495: 10/01/2012 6:27:11 PM - Installed Windows XP KB2603381.
RP496: 10/01/2012 6:27:29 PM - Installed Windows XP KB2598479.
RP497: 10/01/2012 6:27:47 PM - Installed Windows XP KB2646524.
RP498: 10/01/2012 6:28:07 PM - Installed Windows XP KB2632503.
RP499: 10/01/2012 8:35:09 PM - Installed Java™ 6 Update 30
RP500: 10/01/2012 9:50:29 PM - Removed IObit Toolbar v4.9.
RP501: 10/01/2012 10:07:56 PM - Restore Operation
RP502: 10/01/2012 10:20:41 PM - Restore Operation
RP503: 10/01/2012 10:23:37 PM - Restore Operation
RP504: 10/01/2012 10:26:28 PM - Restore Operation
RP505: 10/01/2012 10:29:38 PM - Restore Operation
RP506: 10/01/2012 10:34:04 PM - Restore Operation
RP507: 10/01/2012 11:10:55 PM - Installed AVG 2012
RP508: 10/01/2012 11:12:20 PM - Installed AVG 2012
RP509: 10/01/2012 11:12:25 PM - Removed AVG 2012
RP510: 10/01/2012 11:58:42 PM - Installed AVG 2012
RP511: 11/01/2012 12:02:02 AM - Installed AVG 2012
RP512: 11/01/2012 12:02:07 AM - Removed AVG 2012
RP513: 11/01/2012 12:20:22 AM - Installed AVG 2012
RP514: 11/01/2012 12:21:36 AM - Installed AVG 2012
RP515: 11/01/2012 12:21:41 AM - Removed AVG 2012
RP516: 11/01/2012 12:38:08 AM - Installed Windows XP KB915800-v4.
RP517: 11/01/2012 12:38:16 AM - Installed Windows XP Windows Search 4.0.
RP518: 11/01/2012 11:35:04 AM - Created by Wise Registry Cleaner
RP519: 11/01/2012 9:22:53 PM - before windows xp disk
RP520: 12/01/2012 12:10:31 AM - before delete
RP521: 12/01/2012 12:22:11 AM - Software Distribution Service 3.0
RP522: 12/01/2012 11:14:04 AM - registry back-up
RP523: 12/01/2012 12:15:59 PM - Software Distribution Service 3.0
RP524: 13/01/2012 1:21:39 PM - System Checkpoint
RP525: 14/01/2012 12:50:56 AM - Installed SpyHunter
RP526: 14/01/2012 1:01:07 AM - Removed SpyHunter
RP527: 14/01/2012 10:09:55 AM - before sys check removal
.
==== Installed Programs ======================
.
$APPNAME> 2.31
@BIOS
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Advanced SystemCare 5
Advanced Video FX Engine
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Ask Toolbar Updater
Avira Free Antivirus
Brother HL-5150D
C-Media WDM Audio Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon CanoScan Toolbox 5.0
Canon EOS 5D WIA Driver
Canon iP6700D
Canon iP6700D Memory Card Utility
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan 4400F
CCleaner
CD-LabelPrint
Compatibility Pack for the 2007 Office system
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam Manager
Creative Live! Cam Video IM Driver (1.01.01.00)
Creative Live! Cam Video IM User's Guide (English)
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
DVD Suite
Easy-WebPrint
Enable S3 for USB Device
FUJIFILM USB Driver
Get Yahoo! Messenger
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
IObit Toolbar v4.9
Java Auto Updater
Java™ 6 Update 30
KM400 Display Driver and Utilities
LG ODD Auto Firmware Update
LightScribe System Software 1.10.27.1
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 7.1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Essentials
neroxml
OOo Associator
OpenOffice.org 3.2
Panda Security Toolbar
Panda Security URL Filtering
Picasa 3
PowerDVD
PowerProducer
Presto! PageManager 7.15.14
RAW FILE CONVERTER LE
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanSoft OmniPage SE 4.0
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923789)
Segoe UI
SightSpeed
Smart Defrag 2
SolidWorks eDrawings 2011
Spelling Dictionaries Support For Adobe Reader 9
Toolbar Cleaner 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2641690)
VIA Integrated Setup Wizard
WD Anywhere Backup
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Windows Imaging Component
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Wise Registry Cleaner 6.21
.
==== Event Viewer Messages From Past Week ========
.
14/01/2012 10:25:41 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
12/01/2012 2:01:05 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
12/01/2012 1:09:13 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name MS XPS document writer.
11/01/2012 6:47:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi
11/01/2012 6:47:22 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
11/01/2012 6:47:22 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147942405 (0x80070005).
11/01/2012 6:47:22 PM, error: Service Control Manager [7024] - The Avira Scheduler service terminated with service-specific error 305 (0x131).
11/01/2012 6:47:22 PM, error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error 303 (0x12F).
11/01/2012 6:47:22 PM, error: Service Control Manager [7002] - The BrPar service depends on the Parallel arbitrator group and no member of this group started.
11/01/2012 6:47:22 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/01/2012 11:01:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/01/2012 10:51:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 avipbb avkmgr Cdrom Fips Imapi
11/01/2012 10:16:34 AM, error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The system cannot find the file specified.
10/01/2012 9:51:23 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

Attached Files

  • Attached File  ark.txt   16.64KB   4 downloads


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:06 PM

Posted 16 January 2012 - 11:58 AM

Do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 les54

les54
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 17 January 2012 - 08:29 PM

Yes I am still having the same issue. Here is latest log copy

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Les at 18:22:20 on 2012-01-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.735.155 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\V0220Mon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Canon\CAL\CALMAIN.exe
svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={C06F0FE8-118A-4B99-841A-33396B5688C3}&mid=18acbeb0361f47d1b9b2d14427a7e17d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=ins10&pr=sa&d=2012-01-15 21:49:17&v=9.0.0.23&sap=hp
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [VTTimer] VTTimer.exe
mRun: [V0220Mon.exe] c:\windows\V0220Mon.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg"&"inst=NzYtOTU2MzAzMDU3LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1834"&"mid=18acbeb0361f47d1b9b2d14427a7e17d-06ce4fc639803a2e3563922518183d8e94088cb9
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\les\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\windows\installer\{649c4b1a-6a76-499a-9aec-0c9530fa7d2c}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262629585109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
TCP: Interfaces\{ABD6FF1D-8E54-400D-AFCB-E0187E6AFF99} : DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-10 14776]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2010-1-4 75904]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-15 36000]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-15 74640]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2012-1-15 869216]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-2-19 106496]
R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2010-1-4 146112]
R3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2010-1-4 6272]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-15 86224]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-15 110032]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
.
=============== Created Last 30 ================
.
2012-01-16 04:49:17 -------- d-----w- c:\documents and settings\les\application data\AVG Secure Search
2012-01-16 04:49:17 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-01-16 04:49:14 -------- d-----w- c:\program files\AVG Secure Search
2012-01-16 03:39:42 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND
2012-01-16 03:11:01 -------- d-----w- c:\documents and settings\les\application data\IObit
2012-01-15 22:35:30 -------- d-----w- c:\documents and settings\les\application data\Avira
2012-01-15 22:31:43 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-15 22:31:43 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-15 22:31:42 -------- d-----w- c:\program files\Avira
2012-01-14 07:51:03 -------- d-----w- C:\sh4ldr
2012-01-14 07:51:03 -------- d-----w- c:\program files\Enigma Software Group
2012-01-14 07:50:30 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2012-01-13 18:50:11 -------- d-----w- c:\documents and settings\les\application data\Panda Security
2012-01-13 18:47:23 -------- d-----w- c:\program files\Panda Security
2012-01-13 18:47:23 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2012-01-12 18:09:23 -------- d-----w- c:\program files\ACW
2012-01-12 03:38:51 -------- d-----w- c:\documents and settings\les\application data\ElevatedDiagnostics
2012-01-12 03:37:56 -------- d-----w- c:\program files\Microsoft ATS
2012-01-11 19:00:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 17:25:47 -------- d-----w- c:\program files\CCleaner
2012-01-11 05:46:01 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-11 01:27:17 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2012-01-11 01:27:17 176128 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-01-11 01:26:18 386048 -c----w- c:\windows\system32\dllcache\qdvd.dll
2012-01-11 01:25:37 60416 -c----w- c:\windows\system32\dllcache\packager.exe
2012-01-11 00:07:57 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-11 00:07:57 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-10 20:07:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-11-27 18:27:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 12:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 10:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 18:23:09.65 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 04/01/2010 9:14:33 AM
System Uptime: 17/01/2012 9:40:28 AM (9 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-7VM400AM(F)
Processor: AMD Athlon™ XP 2500+ | Socket A | 1831/167mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 440.892 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP442: 19/10/2011 6:34:47 PM - System Checkpoint
RP443: 21/10/2011 1:12:34 PM - System Checkpoint
RP444: 22/10/2011 1:23:11 PM - System Checkpoint
RP445: 23/10/2011 5:35:55 PM - System Checkpoint
RP446: 24/10/2011 6:58:12 PM - System Checkpoint
RP447: 25/10/2011 7:19:36 PM - System Checkpoint
RP448: 25/10/2011 10:18:28 PM - Software Distribution Service 3.0
RP449: 26/10/2011 12:59:05 PM - Installed AVG 2012
RP450: 26/10/2011 12:59:31 PM - Installed AVG 2012
RP451: 26/10/2011 1:22:25 PM - Restore Operation
RP452: 26/10/2011 1:28:47 PM - Restore Operation
RP453: 26/10/2011 1:33:56 PM - Restore Operation
RP454: 27/10/2011 12:04:36 PM - Removed AVG 2012
RP455: 27/10/2011 12:05:31 PM - Removed AVG 2012
RP456: 28/10/2011 10:07:57 PM - System Checkpoint
RP457: 30/10/2011 3:28:20 PM - System Checkpoint
RP458: 02/11/2011 5:30:57 PM - System Checkpoint
RP459: 03/11/2011 10:08:39 PM - System Checkpoint
RP460: 05/11/2011 9:15:15 AM - System Checkpoint
RP461: 07/11/2011 7:58:06 AM - System Checkpoint
RP462: 08/11/2011 9:07:55 PM - System Checkpoint
RP463: 08/11/2011 11:04:27 PM - Software Distribution Service 3.0
RP464: 10/11/2011 5:34:11 PM - System Checkpoint
RP465: 10/11/2011 8:17:25 PM - Software Distribution Service 3.0
RP466: 26/11/2011 11:44:52 AM - System Checkpoint
RP467: 27/11/2011 12:13:34 PM - System Checkpoint
RP468: 29/11/2011 8:37:52 PM - System Checkpoint
RP469: 30/11/2011 9:07:22 PM - System Checkpoint
RP470: 04/12/2011 4:55:40 PM - System Checkpoint
RP471: 08/12/2011 8:47:15 PM - System Checkpoint
RP472: 09/12/2011 9:52:54 PM - System Checkpoint
RP473: 11/12/2011 12:56:15 PM - System Checkpoint
RP474: 12/12/2011 5:48:36 PM - System Checkpoint
RP475: 14/12/2011 4:57:37 PM - System Checkpoint
RP476: 15/12/2011 3:00:17 AM - Software Distribution Service 3.0
RP477: 16/12/2011 9:38:29 PM - System Checkpoint
RP478: 18/12/2011 3:33:52 PM - System Checkpoint
RP479: 19/12/2011 4:03:26 PM - System Checkpoint
RP480: 20/12/2011 4:58:49 PM - System Checkpoint
RP481: 21/12/2011 5:55:37 PM - System Checkpoint
RP482: 27/12/2011 3:39:49 PM - System Checkpoint
RP483: 28/12/2011 8:01:05 PM - System Checkpoint
RP484: 29/12/2011 8:30:36 PM - System Checkpoint
RP485: 02/01/2012 7:15:57 PM - System Checkpoint
RP486: 03/01/2012 7:20:18 PM - System Checkpoint
RP487: 05/01/2012 4:46:56 PM - System Checkpoint
RP488: 07/01/2012 4:46:34 PM - System Checkpoint
RP489: 08/01/2012 5:22:19 PM - System Checkpoint
RP490: 09/01/2012 7:34:30 PM - System Checkpoint
RP491: 10/01/2012 6:20:07 PM - Installed Windows XP KB2598845.
RP492: 10/01/2012 6:26:07 PM - Installed Windows XP KB2584146.
RP493: 10/01/2012 6:26:30 PM - Installed Windows XP KB2631813.
RP494: 10/01/2012 6:26:50 PM - Installed Windows XP KB2585542.
RP495: 10/01/2012 6:27:11 PM - Installed Windows XP KB2603381.
RP496: 10/01/2012 6:27:29 PM - Installed Windows XP KB2598479.
RP497: 10/01/2012 6:27:47 PM - Installed Windows XP KB2646524.
RP498: 10/01/2012 6:28:07 PM - Installed Windows XP KB2632503.
RP499: 10/01/2012 8:35:09 PM - Installed Java™ 6 Update 30
RP500: 10/01/2012 9:50:29 PM - Removed IObit Toolbar v4.9.
RP501: 10/01/2012 10:07:56 PM - Restore Operation
RP502: 10/01/2012 10:20:41 PM - Restore Operation
RP503: 10/01/2012 10:23:37 PM - Restore Operation
RP504: 10/01/2012 10:26:28 PM - Restore Operation
RP505: 10/01/2012 10:29:38 PM - Restore Operation
RP506: 10/01/2012 10:34:04 PM - Restore Operation
RP507: 10/01/2012 11:10:55 PM - Installed AVG 2012
RP508: 10/01/2012 11:12:20 PM - Installed AVG 2012
RP509: 10/01/2012 11:12:25 PM - Removed AVG 2012
RP510: 10/01/2012 11:58:42 PM - Installed AVG 2012
RP511: 11/01/2012 12:02:02 AM - Installed AVG 2012
RP512: 11/01/2012 12:02:07 AM - Removed AVG 2012
RP513: 11/01/2012 12:20:22 AM - Installed AVG 2012
RP514: 11/01/2012 12:21:36 AM - Installed AVG 2012
RP515: 11/01/2012 12:21:41 AM - Removed AVG 2012
RP516: 11/01/2012 12:38:08 AM - Installed Windows XP KB915800-v4.
RP517: 11/01/2012 12:38:16 AM - Installed Windows XP Windows Search 4.0.
RP518: 11/01/2012 11:35:04 AM - Created by Wise Registry Cleaner
RP519: 11/01/2012 9:22:53 PM - before windows xp disk
RP520: 12/01/2012 12:10:31 AM - before delete
RP521: 12/01/2012 12:22:11 AM - Software Distribution Service 3.0
RP522: 12/01/2012 11:14:04 AM - registry back-up
RP523: 12/01/2012 12:15:59 PM - Software Distribution Service 3.0
RP524: 13/01/2012 1:21:39 PM - System Checkpoint
RP525: 14/01/2012 12:50:56 AM - Installed SpyHunter
RP526: 14/01/2012 1:01:07 AM - Removed SpyHunter
RP527: 14/01/2012 10:09:55 AM - before sys check removal
RP528: 15/01/2012 12:04:52 PM - System Checkpoint
RP529: 15/01/2012 8:02:14 PM - Removed IObit Toolbar v4.9.
RP530: 16/01/2012 12:08:32 AM - Configured WD Anywhere Backup
.
==== Installed Programs ======================
.
$APPNAME> 2.31
@BIOS
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Advanced Video FX Engine
ArcSoft PhotoStudio 5.5
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Ask Toolbar Updater
AVG Security Toolbar
Avira Free Antivirus
Brother HL-5150D
C-Media WDM Audio Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon CanoScan Toolbox 5.0
Canon EOS 5D WIA Driver
Canon iP6700D
Canon iP6700D Memory Card Utility
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan 4400F
CCleaner
CD-LabelPrint
Compatibility Pack for the 2007 Office system
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam Manager
Creative Live! Cam Video IM Driver (1.01.01.00)
Creative Live! Cam Video IM User's Guide (English)
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
DVD Suite
Easy-WebPrint
Enable S3 for USB Device
FUJIFILM USB Driver
Get Yahoo! Messenger
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Java Auto Updater
Java™ 6 Update 30
KM400 Display Driver and Utilities
LG ODD Auto Firmware Update
LightScribe System Software 1.10.27.1
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 7.1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Essentials
neroxml
OOo Associator
OpenOffice.org 3.2
Picasa 3
PowerDVD
PowerProducer
Presto! PageManager 7.15.14
RAW FILE CONVERTER LE
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanSoft OmniPage SE 4.0
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923789)
Segoe UI
SightSpeed
Smart Defrag 2
SolidWorks eDrawings 2011
Spelling Dictionaries Support For Adobe Reader 9
UBCD4Win 3.50
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2641690)
VIA Integrated Setup Wizard
WD Anywhere Backup
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Windows Imaging Component
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Wise Registry Cleaner 6.21
.
==== Event Viewer Messages From Past Week ========
.
15/01/2012 9:11:13 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
15/01/2012 8:18:36 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name MS XPS document writer.
15/01/2012 8:00:59 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
15/01/2012 6:49:06 PM, error: Service Control Manager [7024] - The Avira Scheduler service terminated with service-specific error 305 (0x131).
15/01/2012 6:49:06 PM, error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error 303 (0x12F).
15/01/2012 6:49:06 PM, error: Service Control Manager [7002] - The BrPar service depends on the Parallel arbitrator group and no member of this group started.
15/01/2012 6:49:06 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15/01/2012 3:14:07 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
15/01/2012 12:12:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/01/2012 6:52:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 avipbb avkmgr Fips ssmdrv
14/01/2012 11:37:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
14/01/2012 11:32:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 avipbb avkmgr Fips
14/01/2012 11:28:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
14/01/2012 11:16:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Fips
14/01/2012 11:12:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
14/01/2012 1:01:28 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:06 PM

Posted 17 January 2012 - 09:56 PM

One of the identified infection is ZeroAccess Rootkit, it's very nasty but curable. The removal process may take time so please be patient.



:step1: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: Do not install Avast anti virus when offered.



:step2: Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 les54

les54
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 18 January 2012 - 01:47 AM

I ran aswMBR

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-17 22:01:05
-----------------------------
22:01:05.203 OS Version: Windows 5.1.2600 Service Pack 3
22:01:05.203 Number of processors: 1 586 0xA00
22:01:05.203 ComputerName: GRAY-HOME-PC UserName: Les
22:01:07.093 Initialize success
22:01:35.921 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
22:01:35.921 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 78166MB BusType: 3
22:01:35.921 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\viasraid1Port2Path0Target0Lun0
22:01:35.921 Disk 1 Vendor: ST350041 CC37 Size: 476938MB BusType: 1
22:01:35.921 Device \Driver\viasraid -> DriverStartIo SCSIPORT.SYS f771940e
22:01:35.937 Disk 1 MBR read successfully
22:01:35.937 Disk 1 MBR scan
22:01:35.937 Disk 1 Windows XP default MBR code
22:01:35.937 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
22:01:35.953 Disk 1 scanning sectors +976768065
22:01:36.015 Disk 1 scanning C:\WINDOWS\system32\drivers
22:01:42.390 Service scanning
22:01:44.203 Modules scanning
22:02:02.812 Disk 1 trace - called modules:
22:02:03.281 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viasraid.sys
22:02:03.281 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x82b6aab8]
22:02:03.281 3 CLASSPNP.SYS[f7818fd7] -> nt!IofCallDriver -> \Device\Scsi\viasraid1Port2Path0Target0Lun0[0x82bd6a38]
22:02:03.281 Scan finished successfully
22:03:39.906 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Les\Desktop\MBR.dat"
22:03:39.921 The log file has been saved successfully to "C:\Documents and Settings\Les\Desktop\aswMBR.txt"


I downloaded ComboFix and ran it.
It installed Recovery Console then continued to run until a Rootkit window appeared saying Rootkit is detected. The screen froze there. The system clock even stopped running. I left it alone for over 30 minutes. No change. Did a hard shutdown. Restarted computer and ran ComboFix again. It said there was an update. Loaded update then ComboFix screen disappeared and did not reappear. No logs appeared on desktop.

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:06 PM

Posted 18 January 2012 - 07:32 AM

Please double check if there's a log located at C:\ComboFix.txt.


:step1: Click Start > Run then copy/paste the following bolded text below. A log file will open, please post the contents in your next reply.

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt



:step2: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 les54

les54
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 18 January 2012 - 12:58 PM

I do not see a log at C:\ComboFix.txt.

I do see an icon that looks like a monitor labelled ComboFix under C: but do not see a log file there either.

Volume in drive C has no label.
Volume Serial Number is 60C5-CDC8

Directory of C:\QooBox

17/01/2012 10:19 PM <DIR> .
17/01/2012 10:19 PM <DIR> ..
17/01/2012 10:22 PM <DIR> BackEnv
17/01/2012 10:24 PM <DIR> LastRun
17/01/2012 10:24 PM <DIR> Quarantine
17/01/2012 10:19 PM <DIR> Test
17/01/2012 10:19 PM <DIR> TestC
0 File(s) 0 bytes

Directory of C:\QooBox\BackEnv

17/01/2012 10:22 PM <DIR> .
17/01/2012 10:22 PM <DIR> ..
17/01/2012 10:22 PM 347 AppData.folder.dat
17/01/2012 10:22 PM 404 Cache.folder.dat
17/01/2012 10:22 PM 194 Cookies.folder.dat
17/01/2012 10:22 PM 139 Desktop.folder.dat
17/01/2012 10:22 PM 251 Favorites.folder.dat
17/01/2012 10:22 PM 254 History.folder.dat
17/01/2012 10:22 PM 290 LocalAppData.folder.dat
17/01/2012 10:22 PM 281 LocalSettings.folder.dat
17/01/2012 10:22 PM 113 Music.folder.dat
17/01/2012 10:22 PM 92 NetHood.folder.dat
17/01/2012 10:22 PM 151 Personal.folder.dat
17/01/2012 10:22 PM 119 Pictures.folder.dat
17/01/2012 10:22 PM 96 PrintHood.folder.dat
17/01/2012 10:22 PM 337 Profiles.Folder.dat
17/01/2012 10:22 PM 611 Profiles.Folder.folder.dat
17/01/2012 10:22 PM 301 Programs.folder.dat
17/01/2012 10:22 PM 90 Recent.folder.dat
17/01/2012 10:22 PM 90 SendTo.folder.dat
17/01/2012 10:19 PM 6,820 SetPath.bat
17/01/2012 10:22 PM 256 StartMenu.folder.dat
17/01/2012 10:22 PM 269 StartUp.folder.dat
17/01/2012 10:19 PM 2,042 SysPath.dat
17/01/2012 10:22 PM 145 Templates.folder.dat
17/01/2012 10:22 PM 2,187 VikPev00
24 File(s) 15,879 bytes

Directory of C:\QooBox\LastRun

17/01/2012 10:24 PM <DIR> .
17/01/2012 10:24 PM <DIR> ..
17/01/2012 10:24 PM 13 Gateway
1 File(s) 13 bytes

Directory of C:\QooBox\Quarantine

17/01/2012 10:24 PM <DIR> .
17/01/2012 10:24 PM <DIR> ..
17/01/2012 10:24 PM <DIR> C
17/01/2012 11:11 PM 380 catchme.log
17/01/2012 10:19 PM <DIR> Registry_backups
1 File(s) 380 bytes

Directory of C:\QooBox\Quarantine\C

17/01/2012 10:25 PM <DIR> .
17/01/2012 10:25 PM <DIR> ..
17/01/2012 10:25 PM <DIR> WINDOWS
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS

17/01/2012 10:25 PM <DIR> .
17/01/2012 10:25 PM <DIR> ..
17/01/2012 10:25 PM <DIR> $NtUninstallKB60894$
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB60894$

17/01/2012 10:25 PM <DIR> .
17/01/2012 10:25 PM <DIR> ..
17/01/2012 10:25 PM <DIR> 742834584
17/01/2012 10:25 PM 120 _1156935256_.zip
1 File(s) 120 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB60894$\742834584

17/01/2012 10:25 PM <DIR> .
17/01/2012 10:25 PM <DIR> ..
10/01/2012 10:39 AM 2,048 @.vir
10/01/2012 01:46 PM 862 bckfg.tmp.vir
10/01/2012 01:09 PM 175 cfg.ini.vir
10/01/2012 01:09 PM 4,608 Desktop.ini.vir
10/01/2012 01:14 PM 212 keywords.vir
10/01/2012 01:09 PM 223,744 kwrd.dll.vir
17/01/2012 10:25 PM <DIR> L
17/01/2012 10:25 PM <DIR> U
6 File(s) 231,649 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB60894$\742834584\L

17/01/2012 10:25 PM <DIR> .
17/01/2012 10:25 PM <DIR> ..
10/01/2012 10:39 AM 62,976 amdudsde.vir
1 File(s) 62,976 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\$NtUninstallKB60894$\742834584\U

17/01/2012 10:25 PM <DIR> .
17/01/2012 10:25 PM <DIR> ..
10/01/2012 10:40 AM 2,048 00000001.@.vir
10/01/2012 10:40 AM 224,768 00000002.@.vir
10/01/2012 10:40 AM 1,024 00000004.@.vir
10/01/2012 10:40 AM 11,264 80000000.@.vir
10/01/2012 10:40 AM 12,800 80000004.@.vir
10/01/2012 10:40 AM 77,312 80000032.@.vir
6 File(s) 329,216 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

17/01/2012 10:19 PM <DIR> .
17/01/2012 10:19 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Test

17/01/2012 10:19 PM <DIR> .
17/01/2012 10:19 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\TestC

17/01/2012 10:19 PM <DIR> .
17/01/2012 10:19 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
40 File(s) 640,233 bytes
38 Dir(s) 473,328,697,344 bytes free
Farbar Service Scanner Version: 18-01-2012
Ran by Les (administrator) on 18-01-2012 at 10:53:27
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000600000007000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

Edited by les54, 18 January 2012 - 01:27 PM.


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:06 PM

Posted 18 January 2012 - 07:58 PM

Please delete your copy of Combofix (do not uninstall) and download a new copy. Then run the new copy in Safe Mode, kindly monitor it while running and when it reboots your machine during its run... make sure to boot it again in safe mode to complete the process. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 les54

les54
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 18 January 2012 - 10:12 PM

What was on my desktop was Combofix NSIS Installer File Version 12.1.18.4. I deleted that and reloaded it to the desktop. I rebooted in safe mode, lgged in as adminitrator and Combofix is not on the desk. Tried safe mode with networking and no Combofix.

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:06 PM

Posted 18 January 2012 - 10:17 PM

You can re-download combofix from the links below:

Link 1
Link 2


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 les54

les54
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 19 January 2012 - 12:08 AM

ComboFix 12-01-18.04 - Les 18/01/2012 20:56:15.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.735.603 [GMT -7:00]
Running from: c:\documents and settings\Les\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\Les\Start Menu\Programs\System Check
c:\documents and settings\Les\WINDOWS
c:\windows\alcrmv.exe
c:\windows\system32\ndisapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-16 04:49 . 2012-01-16 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-16 04:49 . 2012-01-16 04:49 -------- d-----w- c:\documents and settings\Les\Application Data\AVG Secure Search
2012-01-16 04:49 . 2012-01-16 04:49 -------- d-----w- c:\program files\AVG Secure Search
2012-01-16 03:39 . 2012-01-16 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND
2012-01-16 03:11 . 2012-01-16 03:18 -------- d-----w- c:\documents and settings\Les\Application Data\IObit
2012-01-15 22:35 . 2012-01-15 22:35 -------- d-----w- c:\documents and settings\Les\Application Data\Avira
2012-01-15 22:31 . 2011-12-15 22:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-15 22:31 . 2011-12-15 22:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-15 22:31 . 2011-12-15 22:00 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-15 22:31 . 2012-01-15 22:31 -------- d-----w- c:\program files\Avira
2012-01-15 02:05 . 2012-01-15 02:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-15 01:47 . 2012-01-15 01:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-14 07:51 . 2012-01-14 08:01 -------- d-----w- C:\sh4ldr
2012-01-14 07:51 . 2012-01-14 07:51 -------- d-----w- c:\program files\Enigma Software Group
2012-01-14 07:50 . 2012-01-14 08:01 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2012-01-13 18:50 . 2012-01-13 18:50 -------- d-----w- c:\documents and settings\Les\Application Data\Panda Security
2012-01-13 18:47 . 2012-01-15 22:02 -------- d-----w- c:\program files\Panda Security
2012-01-13 18:47 . 2012-01-13 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2012-01-12 18:09 . 2012-01-12 18:09 -------- d-----w- c:\program files\ACW
2012-01-12 03:38 . 2012-01-12 03:38 -------- d-----w- c:\documents and settings\Les\Application Data\ElevatedDiagnostics
2012-01-12 03:37 . 2012-01-12 03:37 -------- d-----w- c:\program files\Microsoft ATS
2012-01-11 19:00 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 17:25 . 2012-01-11 17:25 -------- d-----w- c:\program files\CCleaner
2012-01-11 05:46 . 2011-10-20 05:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-11 03:36 . 2012-01-11 05:31 -------- d-----w- c:\program files\Common Files\Java
2012-01-11 01:40 . 2012-01-11 01:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-01-11 01:27 . 2011-10-14 14:47 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2012-01-11 01:27 . 2011-10-14 14:47 176128 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-01-11 01:26 . 2011-11-03 15:28 386048 -c----w- c:\windows\system32\dllcache\qdvd.dll
2012-01-11 01:25 . 2011-11-18 12:35 60416 -c----w- c:\windows\system32\dllcache\packager.exe
2012-01-11 00:08 . 2012-01-11 00:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2012-01-11 00:07 . 2011-12-17 00:21 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-11 00:07 . 2010-11-27 01:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-10 20:07 . 2012-01-10 20:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-10 19:43 . 2012-01-10 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 18:27 . 2011-05-16 20:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-03-31 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-03-31 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-01-04 16:47 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-03-31 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 12:54 . 2010-06-25 13:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 10:27 . 2010-06-25 13:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2003-03-31 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2003-03-31 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2003-03-31 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2003-03-31 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 04:49 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 23:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-16 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 39408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-04-15 36864]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-10-03 75376]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-20 20480]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-01-17 557056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 1505144]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 892768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg&inst=NzYtOTU2MzAzMDU3LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1834&mid=18acbeb0361f47d1b9b2d14427a7e17d-06ce4fc639803a2e3563922518183d8e94088cb9" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Les\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WD Anywhere Backup Launcher.lnk - c:\windows\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2010-1-7 9662]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10/01/2012 5:07 PM 14776]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [04/01/2010 2:04 PM 75904]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15/01/2012 3:31 PM 36000]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/01/2012 3:31 PM 86224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 10:07 PM 135664]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [15/01/2012 9:49 PM 869216]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [19/02/2008 2:15 AM 106496]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 10:07 PM 135664]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [04/01/2010 2:45 PM 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [04/01/2010 2:45 PM 6272]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31/03/2003 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 19:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 05:07]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 05:07]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-261478967-725345543-1005Core.job
- c:\documents and settings\Bev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-09 02:17]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-261478967-725345543-1005UA.job
- c:\documents and settings\Bev\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-09 02:17]
.
2012-01-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 23:31]
.
2012-01-19 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-09-18 21:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={C06F0FE8-118A-4B99-841A-33396B5688C3}&mid=18acbeb0361f47d1b9b2d14427a7e17d-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=ins10&pr=sa&d=2012-01-15 21:49&v=9.0.0.23&sap=hp
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-Wise Registry Cleaner_is1 - c:\program files\Wise Registry Cleaner\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-01-18 21:07:55
ComboFix-quarantined-files.txt 2012-01-19 04:07
.
Pre-Run: 473,331,695,616 bytes free
Post-Run: 474,610,872,320 bytes free
.
- - End Of File - - AF30F09DDB94533118211D0D7007A8C5

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:06 PM

Posted 19 January 2012 - 12:22 AM

How's the computer running?


Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 les54

les54
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 19 January 2012 - 02:07 AM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Les :: GRAY-HOME-PC [administrator]

18/01/2012 11:06:08 PM
mbam-log-2012-01-18 (23-06-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330348
Time elapsed: 51 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:06 PM

Posted 19 January 2012 - 02:52 AM

How's the computer running?


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 les54

les54
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 19 January 2012 - 01:44 PM

After running Malwarebytes every thing looked ok. Avira free still would not allow me to turn on realtime protection or update. I did uninstall of Avira and tried to install latest version of AVG free. AVG partially installed then error message appeared saying AVG software installer setup error severity error error cose 0xC0070643 error message general internal error additional message: MSI engine: failed to install product @AVGMSI_error27028 writing config value failed at(0xE0010058) context:AVG product installation,msi action failed.
AVG does not appear in programs so I cannot uninstall the partial installation.
Ran ESET scanner

C:\TDSSKiller_Quarantine\10.01.2012_13.04.25\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP529\A0075004.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP529\A0074991.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP500\A0067632.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP500\A0067619.rbf a variant of Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065482.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065473.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065468.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065463.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065456.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065448.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065424.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065381.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0065349.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\System Volume Information\_restore{BE057C9B-2920-4EF5-92A5-13310DCB0387}\RP490\A0064349.sys a variant of Win32/Rootkit.Kryptik.HQ trojan
C:\Documents and Settings\Les\My Documents\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users