Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Check dics virus! Had hdd virus n after a week tis comes...


  • Please log in to reply
80 replies to this topic

#1 Ch6li3

Ch6li3

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 22 April 2012 - 04:48 AM

I need help removiing tis virus check dics virus! Got infected again after a week at first by hdd virus! I tried using r kill n all those renamed ones but doesnt allow 2 run! Some error!

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:42 AM

Posted 22 April 2012 - 12:53 PM

Hello,

I will be helping you with your problems

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2

Please download Farbar Service Scanner to your Desktop and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE:When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 4

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

NOTE: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 23 April 2012 - 06:11 AM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#4 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 23 April 2012 - 06:32 AM

Farbar Service Scanner Version: 16-04-2012
Ran by CHOW (administrator) on 23-04-2012 at 19:12:19
Running from "C:\Users\CHOW\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

#5 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 23 April 2012 - 06:45 AM

Farbar Service Scanner Version: 16-04-2012
Ran by CHOW (administrator) on 23-04-2012 at 19:12:19
Running from "C:\Users\CHOW\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

#6 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 23 April 2012 - 07:22 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
CHOW :: CHOW-PC [administrator]

23/4/2012 7:46:46 PM
mbam-log-2012-04-23 (19-46-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218012
Time elapsed: 9 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

i dont think d virus has gone....

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:42 AM

Posted 23 April 2012 - 07:40 AM

Hi Ch6li3,

The FSS log you posted was incomplete, and the Minitoolbox log was not posted.

Please both the full logs in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 23 April 2012 - 09:41 AM

oh ill do it again tomoro....i thought i posted everything...thx for d help, is it normal for almost d same virus to strike again?

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:42 AM

Posted 23 April 2012 - 10:18 AM

is it normal for almost d same virus to strike again?

Unlikely but possible

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 24 April 2012 - 06:01 AM

Farbar Service Scanner Version: 16-04-2012
Ran by CHOW (administrator) on 24-04-2012 at 19:00:20
Running from "C:\Users\CHOW\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#11 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 24 April 2012 - 06:04 AM

MiniToolBox by Farbar Version: 18-01-2012
Ran by CHOW (administrator) on 24-04-2012 at 19:01:59
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CHOW-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-DB-42-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5944:15b9:2c22:29c9%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, 24 April, 2012 6:27:42 PM
Lease Expires . . . . . . . . . . : Wednesday, 25 April, 2012 6:27:42 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 246983791
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-59-8E-10-B8-AC-6F-DB-42-9D
DNS Servers . . . . . . . . . . . : 202.188.0.133
202.188.1.5
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30aa:1ab6:3f57:fe98(Preferred)
Link-local IPv6 Address . . . . . : fe80::30aa:1ab6:3f57:fe98%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{BB5B78FE-17E4-4E36-B408-445B19BA33CF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns3.tm.net.my
Address: 202.188.0.133

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 209.85.175.138
209.85.175.139
209.85.175.100
209.85.175.101
209.85.175.102
209.85.175.113


Pinging google.com [209.85.175.101] with 32 bytes of data:
Reply from 209.85.175.101: bytes=32 time=33ms TTL=56
Reply from 209.85.175.101: bytes=32 time=31ms TTL=56

Ping statistics for 209.85.175.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 33ms, Average = 32ms
Server: cns3.tm.net.my
Address: 202.188.0.133

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=251ms TTL=54
Reply from 209.191.122.70: bytes=32 time=260ms TTL=54

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 251ms, Maximum = 260ms, Average = 255ms
Server: cns3.tm.net.my
Address: 202.188.0.133

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...b8 ac 6f db 42 9d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 276
192.168.1.103 255.255.255.255 On-link 192.168.1.103 276
192.168.1.255 255.255.255.255 On-link 192.168.1.103 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:30aa:1ab6:3f57:fe98/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::30aa:1ab6:3f57:fe98/128
On-link
10 276 fe80::5944:15b9:2c22:29c9/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)
x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)
x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)
x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/24/2012 06:57:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:57:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)

Error: (04/24/2012 06:52:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:52:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)

Error: (04/24/2012 06:47:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:47:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)

Error: (04/24/2012 06:42:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:42:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)

Error: (04/24/2012 06:37:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:37:44 PM) (Source: Bonjour Service) (User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)


System errors:
=============
Error: (04/24/2012 06:29:06 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer CKCHOW-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB5B78FE-17E4-4E36-B408-445B19BA33CF}.
The master browser is stopping or an election is being forced.

Error: (04/24/2012 06:28:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (04/24/2012 06:27:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LightScribeService Direct Disc Labeling Service service to connect.

Error: (04/24/2012 06:27:44 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (04/24/2012 06:27:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

Error: (04/24/2012 10:33:39 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error %%-1.

Error: (04/24/2012 09:50:33 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/24/2012 09:50:33 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/24/2012 09:50:26 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (04/24/2012 09:49:55 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LightScribeService Direct Disc Labeling Service service to connect.


Microsoft Office Sessions:
=========================
Error: (04/24/2012 06:57:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:57:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)

Error: (04/24/2012 06:52:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:52:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)

Error: (04/24/2012 06:47:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:47:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)

Error: (04/24/2012 06:42:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:42:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)

Error: (04/24/2012 06:37:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: udsserver_init: 0 (The operation completed successfully.)

Error: (04/24/2012 06:37:44 PM) (Source: Bonjour Service)(User: )
Description: ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr)); failed: 10048 (Only one usage of each socket address (protocol/network address/port) is normally permitted.)


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.7)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (Version: 5.5)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.233)
Adobe Reader 9.1.2 (Version: 9.1.2)
Adobe Story (Version: 1.0.571)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Avira Internet Security 2012 (Version: 12.0.0.860)
Bing Bar (Version: 7.1.361.0)
BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.28)
BlackBerry® Media Sync (Version: 2.0.28)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-7030 (Version: 1.0.1.0)
calibre (Version: 0.8.21)
Coupon Printer for Windows (Version: 5.0.0.0)
CyberLink PowerDVD 9.5 (Version: 9.5.0.2829)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.47)
Dell DataSafe Online (Version: 2.1.19634)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Free File Opener version 2011.6.0 (Version: 2011.6.0)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
GoToAssist Corporate (Version: 9.1.0.615)
HP Deskjet 2000 J210 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 2000 J210 series Help (Version: 140.0.65.65)
HP Deskjet 2000 J210 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 30 (Version: 6.0.300)
LightScribe 1.4.136.1 (Version: 1.4.136.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.02.5017)
PaperPort Image Printer 64-bit (Version: 1.00.0000)
PDF Settings CS5 (Version: 10.0)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.5963)
Roxio Burn (Version: 1.01)
Roxio Media Manager (Version: 9.4.067)
SanDiskSecureAccess_Manager.exe (Version: 1.0.0)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Skype™ 4.2 (Version: 4.2.169)
THX TruStudio PC (Version: 1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VD64Inst (Version: 1.00.0000)
WinRAR 4.00 (32-bit) (Version: 4.00.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 72%
Total physical RAM: 2012.98 MB
Available physical RAM: 555.12 MB
Total Pagefile: 4025.97 MB
Available Pagefile: 2075.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.38 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:288.36 GB) (Free:204.05 GB) NTFS
3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32

========================= Users: ========================================

User accounts for \\CHOW-PC

Administrator CHOW Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#12 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 24 April 2012 - 06:24 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
CHOW :: CHOW-PC [administrator]

24/4/2012 7:12:49 PM
mbam-log-2012-04-24 (19-12-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218015
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:42 AM

Posted 24 April 2012 - 03:39 PM

Hi Ch613,

I tried using r kill n all those renamed ones but doesnt allow 2 run!


Let's try running rkill again:

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.

If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Please describe any problems / error messages that show.
Screenshots of the issue(s) are often helpful. - If it is too large to attach, please upload the screenshot to a site like Mediafire, and post the link to it in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 Ch6li3

Ch6li3
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 24 April 2012 - 08:40 PM

tis keeps appearing when i run rkill n d renamed 1s or its closed by skype,brothers thing(my printer),etc n instalation failed keeps popping up...

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 25/04/2012 at 9:38:45.
Operating System: Windows 7 Home Basic


Processes terminated by Rkill or while it was running:



Rkill completed on 25/04/2012 at 9:38:53.

#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:42 AM

Posted 25 April 2012 - 12:16 PM

Hi Ch6li3,

There is no need to send me a PM after you post unless requested by me

tis keeps appearing when i run rkill n d renamed 1s or its closed by skype,brothers thing(my printer),etc n instalation failed keeps popping up...

Sorry I don't understand:

- What keeps appearing when you run rkill?

n d renamed 1s

- please explain?

or its closed by skype,brothers thing(my printer)


- what is wrong with skype / your printer when rkill is running?

instalation failed keeps popping up

- Please give the full error message.

Screenshots of any issues would help here - how to take a screenshot

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users