|
|
#11
4th Oct 2009, 20:44
| |||
| |||
| Since the behavior in my last reply seemed odd, I aborted the win32kdiag.exe window, rebooted and ran it again. This time, an error box immediately came up with the message, "16-bit MS-DOS subsystem: The NTDVM CPU has encountered an illegal instruction. CS:0565 IP:02d1 OP:63 73 2e 63 73. Choose close to terminate." I tried once more, and got the same rror. Shall I just move on to work with The Avenger? |
|
#12
5th Oct 2009, 09:46
| |||
| |||
| Let's try to get a log from Win32Diag. Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
__________________  |
|
#13
5th Oct 2009, 17:52
| |||
| |||
| Great, thanks. Here are the Win32kDiag.txt and Avenger logs. Win32kDiag.txt: -------------------------------------------------------------------- Running from: C:\Documents and Settings\Administrator\Desktop\Win32k.exe Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished! Avenger.txt: -------------------------------------------------------------------- Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "c:\eventlog.dll|C:\WINDOWS\system32\eventlog. dll" completed successfully. Completed script processing. ******************* Finished! Terminate. |
|
#14
5th Oct 2009, 18:38
| |||
| |||
| Hopefully things will begin to move along smoothly now. If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix
__________________ |
|
#15
5th Oct 2009, 19:09
| |||
| |||
| Okay, we ran ComboFix, and the log is below. Two items to mention. First, we couldn't find how to disable AVG Free 8.5 while in safe mode, so we first rebooted to enter normal mode under the usual user account (i.e. this was not run as administrator). Second, after ComboFix started and appeared to be running normally, we walked away for a minute or two. When we came back, we noticed that the PC rebooted, after which ComboFix continued and finally wrote the log. Is it normal for the PC to be automatically rebooted when ComboFix runs? Here is the log file: ComboFix 09-10-04.01 - Alex 10/05/2009 18:57.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2730 [GMT -7:00] Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Win32kDiag.exe c:\windows\system32\hupojoyu.dll c:\windows\system32\rayefeku.dll c:\windows\system32\tagetega.dll c:\windows\system32\vivodiha.dll c:\windows\system32\wogisewo.dll c:\windows\system32\worusego.dll c:\windows\system32\zanamalo.dll F:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 ))))))))))))))))))))))))))))))) . 2009-10-04 18:05 . 2009-10-04 18:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-10-04 15:25 . 2009-10-04 15:25 -------- d-----w- C:\VundoFix Backups 2009-10-04 15:13 . 2009-10-04 15:13 -------- d-----w- c:\program files\Trend Micro 2009-10-04 15:12 . 2009-10-04 15:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-04 15:04 . 2009-10-04 15:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-10-04 14:38 . 2009-10-04 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-04 14:34 . 2009-10-04 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-04 14:34 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-04 14:34 . 2009-10-04 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.bak 2009-10-04 14:34 . 2009-10-04 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-04 14:34 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-04 04:37 . 2009-10-04 04:39 -------- d-----w- c:\program files\Windows Live Safety Center 2009-10-04 04:08 . 2009-10-04 04:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-04 03:45 . 2009-10-04 03:45 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes 2009-09-08 17:29 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-10-03 15:29 . 2009-07-07 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-10-03 15:29 . 2009-07-07 14:39 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-18 01:49 . 2009-03-19 00:50 -------- d-----w- c:\program files\LokProgrammer 2009-08-17 01:01 . 2009-02-10 04:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-17 01:01 . 2009-02-10 04:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-17 01:01 . 2009-02-10 04:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-10 02:20 . 2009-08-10 02:20 -------- d-----w- c:\documents and settings\Alex\Application Data\Media Player Classic 2009-08-10 01:16 . 2009-08-10 01:15 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-08-10 01:10 . 2009-05-03 17:35 -------- d-----w- c:\program files\Xvid 2009-08-05 09:01 . 2004-08-04 05:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 2004-08-04 05:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-04 03:04 . 2009-07-04 03:04 49664 --sha-w- c:\windows\system32\gahejeyu.dll 2009-07-04 19:06 . 2009-07-04 19:06 1047587 --sha-w- c:\windows\system32\tohuzeno.exe 2009-07-04 03:04 . 2009-07-04 03:04 1048099 --sha-w- c:\windows\system32\yefanopa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "LaunchApp"="Alaunch" [X] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE " [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-06-24 342528] "AdminWorks Tray"="c:\acer\LANScope Agent\awtray.exe" [2007-05-22 1459992] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-28 137752] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-21 16860672] c:\documents and settings\Alex\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-17 01:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "9999:UDP"= 9999:UDP:LANScope UDP Port "2804:TCP"= 2804:TCP:LANScope TCP Port "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/9/2009 9:06 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/9/2009 9:06 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/16/2009 6:01 PM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/16/2009 6:00 PM 297752] R2 netlimiter;netlimiter;c:\windows\system32\drivers\ NetLimiter.sys [10/3/2006 12:03 PM 18072] R2 netlock;netlock;c:\windows\system32\drivers\NetLoc k.sys [5/30/2007 4:30 PM 14616] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 4:03 AM 7808] S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [4/14/2006 11:07 AM 28933976] S3 Acer ODDSpeedControl;Acer ODDSpeedControl;c:\acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2/9/2009 7:56 PM 81920] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://en.us.acer.yahoo.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\45811q05.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{3ec455ee-d0cb-4e15-9ddc-98ec14f5ff64} - nukiyofi.dll HKLM-Run-installnet.exe - c:\acer\LANScope Agent\Installnet.exe HKLM-Run-somawofom - c:\windows\system32\tagetega.dll HKLM-Run-gazebuseka - wogisewo.dll SharedTaskScheduler-{46ee6beb-22c9-4790-aa43-92bc40939bb9} - c:\windows\system32\tagetega.dll SSODL-bufohifob-{46ee6beb-22c9-4790-aa43-92bc40939bb9} - c:\windows\system32\tagetega.dll AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-05 19:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(768) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(3352) c:\windows\system32\WININET.dll c:\windows\system32\MSNCHATHOOK.DLL c:\windows\system32\sysenv.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\MFC71U.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\windows\system32\igfxsrvc.exe c:\acer\LANScope Agent\awServ.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\acer\LANScope Agent\lockkm.exe c:\windows\system32\wscntfy.exe . ************************************************** ************************ . Completion time: 2009-10-06 19:04 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-06 02:04 Pre-Run: 43,670,953,984 bytes free Post-Run: 43,538,857,984 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect 200 --- E O F --- 2009-09-09 03:52 |
|
#16
5th Oct 2009, 19:24
| |||
| |||
| Quote:
Quote:
It looks like ComboFix did a good job although we should do another full virus scan to make sure we didn't miss anything. First, DDS log(s) for extra measure. Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply.
__________________ |
|
#17
5th Oct 2009, 19:50
| |||
| |||
| Thanks. Here are dds.txt and attach.txt. dds.txt: DDS (Ver_09-09-29.01) - NTFSx86 Run by Alex at 19:45:14.90 on Mon 10/05/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2792 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\SysMonitor.exe svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\LANScope Agent\awtray.exe C:\WINDOWS\system32\igfxtray.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Acer\LANScope Agent\awServ.exe C:\Program Files\Secunia\PSI\psi.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Acer\LANScope Agent\LockKM.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Documents and Settings\Alex\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://en.us.acer.yahoo.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll mRun: [LaunchApp] Alaunch mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [RTHDCPL] RTHDCPL.EXE mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0 mRun: [AdminWorks Tray] "c:\acer\lanscope agent\awtray.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.ex e" -launchedbylogin mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alex\startm~1\programs\startup\secuni~ 1.lnk - c:\program files\secunia\psi\psi.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ace rem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles \45811q05.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-9 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-9 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-9 108552] R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaF sLoc.sys [2007-8-24 26768] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-16 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-16 297752] R2 AWService;AdminWorks Agent X6;c:\acer\lanscope agent\awServ.exe [2007-4-26 75032] R2 netlimiter;netlimiter;c:\windows\system32\drivers\ NetLimiter.sys [2006-10-3 18072] R2 netlock;netlock;c:\windows\system32\drivers\NetLoc k.sys [2007-5-30 14616] R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2007-6-12 15640] R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.s ys [2006-11-8 10944] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808] S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976] S3 Acer ODDSpeedControl;Acer ODDSpeedControl;c:\acer\empowering technology\eacoustics\oddspeedctl\speedcontrol.exe [2009-2-9 81920] =============== Created Last 30 ================ 2009-10-05 18:55 <DIR> a-dshr-- C:\cmdcons 2009-10-05 18:54 229,888 a------- c:\windows\PEV.exe 2009-10-05 18:54 161,792 a------- c:\windows\SWREG.exe 2009-10-05 18:54 98,816 a------- c:\windows\sed.exe 2009-10-04 12:06 7,680 ac-sh--- c:\windows\system32\dllcache\Thumbs.db 2009-10-04 08:25 <DIR> --d----- C:\VundoFix Backups 2009-10-04 08:13 <DIR> --d----- c:\program files\Trend Micro 2009-10-04 08:12 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-10-04 07:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-04 07:34 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-04 07:34 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-04 07:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware.bak 2009-10-04 07:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-03 20:45 <DIR> --d----- c:\docume~1\alex\applic~1\Malwarebytes 2009-09-08 10:29 153,088 -c------ c:\windows\system32\dllcache\triedit.dll ==================== Find3M ==================== 2009-08-16 18:01 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-08-16 18:01 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-03 20:04 49,664 a--sh--- c:\windows\system32\gahejeyu.dll 2009-07-04 12:06 1,047,587 a--sh--- c:\windows\system32\tohuzeno.exe 2009-07-03 20:04 1,048,099 a--sh--- c:\windows\system32\yefanopa.exe ============= FINISH: 19:45:20.70 =============== attach.txt: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume3 Install Date: 2/9/2009 6:54:43 PM System Uptime: 10/5/2009 7:00:25 PM (0 hours ago) Motherboard: ACER | | EG31M Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | CPU 1 | 2394/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 71 GiB total, 40.551 GiB free. D: is FIXED (FAT32) - 72 GiB total, 67.821 GiB free. E: is CDROM () F: is FIXED (FAT32) - 466 GiB total, 214.127 GiB free. G: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&EDAA9BC&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&EDAA9BC&0 Service: i8042prt ==== System Restore Points =================== RP150: 7/6/2009 4:57:20 PM - System Checkpoint RP151: 7/7/2009 6:07:09 PM - System Checkpoint RP152: 7/8/2009 8:18:31 AM - Avg8 Update RP153: 7/9/2009 8:53:23 AM - System Checkpoint RP154: 7/10/2009 2:25:13 PM - System Checkpoint RP155: 8/4/2009 3:56:15 PM - System Checkpoint RP156: 8/4/2009 8:21:25 PM - Software Distribution Service 3.0 RP157: 8/6/2009 7:32:37 AM - System Checkpoint RP158: 8/6/2009 9:27:48 AM - Avg8 Update RP159: 8/7/2009 10:48:00 AM - System Checkpoint RP160: 8/9/2009 10:34:59 AM - System Checkpoint RP161: 8/10/2009 10:52:35 AM - System Checkpoint RP162: 8/11/2009 7:52:24 PM - Software Distribution Service 3.0 RP163: 8/13/2009 9:25:26 AM - System Checkpoint RP164: 8/14/2009 11:39:30 AM - System Checkpoint RP165: 8/15/2009 5:42:26 PM - System Checkpoint RP166: 8/16/2009 6:00:25 PM - Avg8 Update RP167: 8/16/2009 6:01:21 PM - Avg8 Update RP168: 8/17/2009 7:18:04 PM - System Checkpoint RP169: 8/18/2009 8:04:17 PM - System Checkpoint RP170: 8/20/2009 9:40:44 AM - System Checkpoint RP171: 8/24/2009 8:30:10 AM - System Checkpoint RP172: 8/25/2009 7:26:33 PM - System Checkpoint RP173: 8/26/2009 8:06:46 PM - Software Distribution Service 3.0 RP174: 8/27/2009 8:11:39 PM - System Checkpoint RP175: 8/30/2009 8:40:31 PM - System Checkpoint RP176: 9/1/2009 4:06:19 PM - System Checkpoint RP177: 9/2/2009 4:43:28 PM - System Checkpoint RP178: 9/3/2009 5:53:15 PM - System Checkpoint RP179: 9/4/2009 5:44:29 PM - Software Distribution Service 3.0 RP180: 9/5/2009 6:42:59 PM - System Checkpoint RP181: 9/7/2009 5:03:47 PM - System Checkpoint RP182: 9/8/2009 6:48:07 PM - System Checkpoint RP183: 9/8/2009 8:50:19 PM - Software Distribution Service 3.0 RP184: 9/10/2009 5:04:32 PM - System Checkpoint RP185: 9/11/2009 8:09:12 PM - System Checkpoint RP186: 9/13/2009 7:11:53 AM - System Checkpoint RP187: 9/14/2009 3:32:50 PM - System Checkpoint RP188: 9/15/2009 3:46:33 PM - System Checkpoint RP189: 9/16/2009 4:27:03 PM - System Checkpoint RP190: 9/17/2009 4:32:22 PM - System Checkpoint RP191: 9/18/2009 5:35:25 PM - System Checkpoint RP192: 9/19/2009 6:34:35 PM - System Checkpoint RP193: 9/20/2009 7:31:39 PM - System Checkpoint RP194: 9/21/2009 8:32:18 PM - System Checkpoint RP195: 9/22/2009 8:51:32 PM - System Checkpoint RP196: 9/24/2009 4:11:08 PM - System Checkpoint RP197: 9/25/2009 4:18:08 PM - System Checkpoint RP198: 9/26/2009 11:39:43 PM - System Checkpoint RP199: 9/28/2009 3:56:24 PM - System Checkpoint RP200: 9/29/2009 4:36:38 PM - System Checkpoint RP201: 9/30/2009 5:15:10 PM - System Checkpoint RP202: 10/1/2009 6:17:11 PM - System Checkpoint RP203: 10/2/2009 7:36:22 PM - System Checkpoint RP204: 10/3/2009 8:37:13 PM - System Checkpoint RP205: 10/5/2009 7:22:25 PM - System Checkpoint ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) Acer eAcoustics Management Acer eDataSecurity Management Acer eDataSecurity Management 2.0.4093 Acer Empowering Technology Acer ePerformance Management Acer eProtection Acer eSettings Management Acer LANScope Agent Adobe AIR Adobe Anchor Service CS3 Adobe Anchor Service CS4 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Common File Installer Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS3 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Elements 4.0 Adobe Premiere Elements 4.0 Templates Adobe Reader 8.1.0 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player 11.5 Adobe Type Support CS4 Adobe Update Manager CS3 Adobe Update Manager CS4 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Apple Software Update AVG Free 8.5 Bonjour Business Contact Manager for Outlook 2007 commercial Connect Critical Update for Windows Media Player 11 (KB959772) Digital Media Converter Pro 2.4 EPSON Printer Software eSobi v2 FolderMatch v3.5.5 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Java(TM) 6 Update 13 K-Lite Codec Pack 5.0.0 (Full) kuler LDraw LightScribe 1.4.142.1 LokProgrammer v2 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.14) Mpeg2Decoder 1.3 MSXML 6.0 Parser NTI Backup NOW! 4.7 NTI CD & DVD-Maker OCA Client history tool install PDF Settings CS4 Photoshop Camera Raw PL-2303 USB-to-Serial PowerDVD QuickTime Realtek High Definition Audio Driver Secunia PSI Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Suite Shared Configuration CS4 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB968220) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 9/30/2009 6:43:12 AM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 17058 (0x42A2). 9/30/2009 3:27:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AdminWorks Agent X6 service to connect. 9/29/2009 8:02:36 PM, error: PlugPlayManager [12] - The device 'WD My Bo ok SCSI Disk Device' (SCSI\Disk&Ven_WD_My_Bo&Prod_ok&Rev_01.0\5&3859dd4 6&0&000) disappeared from the system without first being prepared for removal. 9/29/2009 8:02:36 PM, error: Disk [15] - The device, \Device\Harddisk1\D, is not ready for access yet. 9/29/2009 8:02:33 PM, error: SI3132 [9] - The device, \Device\Scsi\SI31321, did not respond within the timeout period. 10/5/2009 6:57:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. 10/5/2009 6:55:09 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 10/5/2009 5:48:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss Tcpip 10/3/2009 9:08:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 10/3/2009 9:08:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 10/3/2009 9:08:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 10/3/2009 9:08:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/3/2009 9:08:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/3/2009 9:08:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 10/3/2009 9:08:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/3/2009 9:08:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 10/3/2009 9:08:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/3/2009 8:29:01 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} ==== End Of File =========================== |
|
#18
5th Oct 2009, 20:30
| |||
| |||
| Looks good. Most of this is pretty fast but the ESET scan will take a while. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close all browser windows before beginning the install. Remove the old version(s) Download JavaRa * Unzip the file and open the JavaRa.exe * Click Remove Older Versions * JavaRa will search for and remove any outdated version of Java and remove any that are found. * Click Additional Tasks * Place a check next to Remove Useless JRE Files and click Go * Exit JavaRa * Delete the JavaRa files from the Desktop Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer. ---------- * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan archives. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan Log
__________________ |
|
#19
6th Oct 2009, 06:33
| |||
| |||
| We ended up running an ESET scan twice -- the first time I inadvertently neglected to have it save a log. Here is the log from the second run, which just completed: Quote:
In addition, each of them found one file reported as infected in "c:\System Volume Information" -- I believe AVG Free 8.5 reported on a file named A000013.exe, whereas as you can see above, ESET found a file named A0000012.exe. In each of the cases in which an infected file was reported, ESET or AVG Free 8.5 stated it would be deleted. I also note that there are a number of files remaining in c:\windows\system32 that have a datestamp of the same creation date as many of the infected files, 7-3-09: iedkcs32.dll iepeers.dll iertutil.dll inetcpl jsproxy.dll msfeeds.dll msfeedsbs.dll occache.dll urlmon.dll wininet.dll In addition, the following files have more recent dates: wmp.dll wmpdxm.dll tzchange avgrsstx.dll And finally, the following file has a date/timestamp of last night, during the time that the cleaning was taking place: deploytk.dll Are any of these files cause for concern? |
|
#20
6th Oct 2009, 09:16
| |||
| |||
| Quote:
Quote:
Let me know if you have any questions. Disable/Enable the System Restore Utility to flush old infected restore points 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software. Out of date software has security vulnerabilities that malware can exploit.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Make sure all of your security programs are up to date and run scans with them regularly. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________ |
