Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winfix - i need a fix for the "restarts in 60 seconds error message"


  • This topic is locked This topic is locked
2 replies to this topic

#1 bowiewhite

bowiewhite

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 21 January 2014 - 12:09 PM

Hello! Im currently have the "winfix" malware (not sure if that's the name of the malware). I got this error message that says that the computer are going to restart in 60 seconds. I knew this malware from waaay back, that it helped me to stop the countdown to type in "shutdown -a" in the RUN. Now i want a  some kind of cleanup-tool or any tip i can get so it doesn't happen again!

 

This malware does really slows my computer down!

 

Thanks

 

Christoffer

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by chrilles dator at 17:50:15 on 2014-01-21
Microsoft Windows XP Professional  5.1.2600.4.1252.1.1033.18.1023.391 [GMT 1:00]
.
AV: AVG AntiVirus 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\JulaPan.Exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Mobile Broadband\Mobile Broadband.exe
C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\ouc.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DWPersistentQueuedReporting] c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE -a
mRun: [JulaPan] JulaPan.Exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
dRun: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{7EBD0DE4-E780-48E9-91EF-39A887CB6656} : DHCPNameServer = 195.67.199.18 195.67.199.19
Notify: AtiExtEvent - Ati2evxx.dll
Notify: RailNotification - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2013-12-13 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2013-12-13 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2013-12-13 14184]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2014-1-6 16640]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2014-1-6 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2014-1-6 95616]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2014-1-6 70016]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2014-1-6 76544]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2014-1-6 27520]
R3 JULA_01;Service for Juli@ 1;c:\windows\system32\drivers\JulaWdm.sys [2008-6-24 22912]
R3 JULA_AA;Service for Juli@ Audio Driver (EWDM);c:\windows\system32\drivers\Jula.sys [2008-6-24 29600]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-8-18 9472]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-1-6 130384]
S2 Mobile Broadband. RunOuc;Mobile Broadband. OUC;c:\program files\mobile broadband\updatedog\ouc.exe [2014-1-6 655712]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2014-1-6 102784]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-10-3 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2014-1-6 754856]
.
=============== Created Last 30 ================
.
2014-01-19 20:05:04 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-01-19 20:05:04 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-01-19 20:05:04 14976 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2014-01-19 20:05:04 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-01-18 21:43:15 -------- d-----w- c:\program files\CCleaner
2014-01-18 21:39:04 -------- d-----w- c:\documents and settings\chrilles dator\application data\TS3Client
2014-01-18 21:38:12 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-01-18 21:11:26 -------- d-----w- c:\documents and settings\chrilles dator\application data\Personal
2014-01-18 21:11:23 -------- d-----w- c:\program files\Personal
2014-01-18 21:07:48 -------- d-----w- c:\windows\system32\appmgmt
2014-01-18 20:51:39 -------- d-----w- c:\documents and settings\chrilles dator\application data\BankID
2014-01-18 20:51:20 -------- d-----w- c:\program files\BankID
2014-01-06 22:29:25 -------- d-----w- c:\documents and settings\chrilles dator\local settings\application data\Identities
2014-01-06 22:04:59 -------- d-----w- c:\documents and settings\chrilles dator\application data\foobar2000
2014-01-06 22:04:55 -------- d-----w- c:\program files\foobar2000
2014-01-06 22:02:56 60416 ----a-w- c:\windows\ALCFDRTM.VER
2014-01-06 22:02:56 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2014-01-06 22:02:50 -------- d-----w- c:\windows\system32\Lang
2014-01-06 22:00:39 -------- d-----w- c:\program files\Steam
2014-01-06 21:57:43 -------- d-----w- c:\documents and settings\chrilles dator\application data\AVG2014
2014-01-06 21:57:04 -------- d-----w- c:\documents and settings\chrilles dator\application data\TuneUp Software
2014-01-06 21:56:34 -------- d--h--w- C:\$AVG
2014-01-06 21:56:34 -------- d-----w- c:\documents and settings\all users\application data\AVG2014
2014-01-06 21:56:05 -------- d-----w- c:\program files\AVG
2014-01-06 21:53:09 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2014-01-06 21:53:09 -------- d-----w- c:\documents and settings\chrilles dator\local settings\application data\MFAData
2014-01-06 21:53:09 -------- d-----w- c:\documents and settings\chrilles dator\local settings\application data\Avg2014
2014-01-06 21:53:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2014-01-06 21:50:45 -------- d-----w- c:\documents and settings\chrilles dator\application data\uTorrent
2014-01-06 21:27:32 -------- d-----w- c:\documents and settings\chrilles dator\local settings\application data\ATI
2014-01-06 21:26:36 0 ----a-w- c:\windows\ativpsrm.bin
2014-01-06 21:22:59 593920 ------w- c:\windows\system32\ati2sgag.exe
2014-01-06 21:22:24 -------- d-----w- c:\program files\ATI Technologies
2014-01-06 21:22:10 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2014-01-06 21:22:10 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2014-01-06 21:22:10 221184 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2014-01-06 21:22:10 217088 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2014-01-06 21:22:10 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2014-01-06 21:21:49 -------- d-----w- C:\ATI
.
==================== Find3M  ====================
.
2014-01-06 21:09:44 65536 ----a-w- c:\windows\system32\JulaAsio.dll
2014-01-06 21:09:44 421888 ----a-w- c:\windows\system32\JulaPan.exe
2014-01-06 21:09:44 29600 ----a-w- c:\windows\system32\drivers\Jula.sys
2014-01-06 21:09:44 22912 ----a-w- c:\windows\system32\drivers\JulaWdm.sys
2014-01-06 20:34:32 172032 ----a-w- c:\windows\system32\nvusmb.exe
2013-12-13 18:05:26 3186 ----a-w- c:\windows\system32\presetup.cmd
2013-12-13 18:05:26 28672 ----a-w- c:\windows\system32\setupold.exe
2013-12-13 18:03:10 5632 ----a-w- c:\windows\system32\drivers\mv64xxmm.sys
2013-12-13 18:03:09 14184 ----a-w- c:\windows\system32\drivers\mvxxmm.sys
2013-12-13 18:03:09 14184 ----a-w- c:\windows\system32\drivers\mv61xxmm.sys
2013-12-13 17:59:56 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2013-12-13 17:59:51 990208 ----a-w- c:\windows\system32\syssetup.dll
2013-12-13 17:53:37 756224 ----a-w- c:\windows\system32\winntbbu.dll
2013-12-10 20:01:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 20:01:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 01:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 04:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 00:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-11-05 20:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 20:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-31 22:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-10-31 21:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-30 01:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 06:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 06:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 06:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 06:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-28 23:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-24 21:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-23 22:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
.
============= FINISH: 17:51:02,45 ===============
 


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 26 January 2014 - 10:56 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 01 February 2014 - 11:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users