acofal1
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by acofal1
-
-
Hi Maniac,
Here is the farbar scan log;
Farbar Service Scanner Version: 07-11-2012
Ran by Apprenticeship Coord (administrator) on 08-11-2012 at 11:35:54
Running from "C:\Documents and Settings\Apprenticeship Coord\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Avgfwfd(9) Avgtdix(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A00000004000000010000000200000003000000090000000A00000005000000080000000600000007000000
IpSec Tag value is correct.
**** End of log ****
-
Hi Maniac,
Well that went well, no threats found.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17114 (vista_gdr.120824-1002)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8232a1327d40144aad284e8e6798a843
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-07 03:49:38
# local_time=2012-11-07 04:49:38 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777190 100 98 30408 95473243 0 0
# compatibility_mode=8192 67108863 100 0 4094 4094 0 0
# scanned=51934
# found=0
# cleaned=0
# scan_time=1481
-
Hi Maniac, that worked, here is the log..
ComboFix 12-11-06.03 - Apprenticeship Coord 07/11/2012 15:32:31.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1583 [GMT 1:00]
Running from: c:\documents and settings\Apprenticeship Coord\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\KS practice test (D)\AUTORUN.INF
c:\documents and settings\My Disc (D)\AUTORUN.INF
c:\windows\system32\avgfwdx.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\648c8834a1a7c6a2.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\823645d71b7ef076.fb
c:\windows\system32\Cache\9390fdcf1811c901.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cea29d9f2102be23.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f73b7f2a586dc0ff.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))
.
.
2012-11-06 15:28 . 2012-11-07 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-11-06 15:28 . 2012-11-06 15:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-17 10:58 . 2012-10-17 10:58 -------- d-----w- c:\documents and settings\Apprenticeship Coord\Application Data\Malwarebytes
2012-10-17 10:58 . 2012-10-17 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-17 10:58 . 2012-11-06 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 10:58 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-17 09:29 . 2012-04-26 06:33 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-17 09:29 . 2011-06-27 09:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 19:12 . 2004-08-11 17:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-08-11 17:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2004-08-11 17:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-08-11 17:00 17408 ------w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2004-08-11 17:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-11 17:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-20 07:21 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-20 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-03 7630848]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-20 1107552]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 06:23 61440 -c--a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 07:03 17920 -c--a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 16:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-03 14:28 7630848 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-03 14:28 86016 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 17:23 118784 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 09:00 1116920 -c--a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-02 12:51 282624 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 -c--a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 297168]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 03:33 30432]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 248656]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 18:25 65536]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [09/03/2011 18:24 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31/01/2012 15:02 7391072]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 04:33 269520]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [17/10/2012 11:58 399432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/10/2012 11:58 676936]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [20/07/2012 08:21 935008]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [19/05/2011 15:11 167264]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 03:33 30432]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 27216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/10/2012 11:58 22856]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 09:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thecollegespartnership.co.uk/content.asp?ContentID=1
uInternet Connection Wizard,ShellNext = hxxp://www.google.de/ig/dell?hl=en&client=dell-row-rel&channel=de&ibd=6080226
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {F7A6A812-80D5-4A24-856A-0312EE5A912E} - hxxp://onlineassessments.ediplc.com/activex/EDISecureAssessment.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-07 15:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-11-07 15:38:02
ComboFix-quarantined-files.txt 2012-11-07 14:38
.
Pre-Run: 148,511,297,536 bytes free
Post-Run: 148,474,765,312 bytes free
.
- - End Of File - - 496CD8E6F9F67CB20086BB6E27A228E0
-
Hi Maniac, ran combofix. First scan went to Stage 27 then caused BSOD. Re-started computer and re-ran scan. It has completed deleting files and has started deleting folders but seems to be hanging and not going onto preparing log report.......what do you think.....reboot????
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-07 13:55:35
-----------------------------
13:55:35.218 OS Version: Windows 5.1.2600 Service Pack 3
13:55:35.218 Number of processors: 2 586 0x6B01
13:55:35.218 ComputerName: LEARNER4 UserName:
13:55:36.187 Initialize success
13:56:28.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
13:56:28.171 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-22 Size: 152587MB BusType: 3
13:56:28.187 Disk 0 MBR read successfully
13:56:28.187 Disk 0 MBR scan
13:56:28.187 Disk 0 Windows XP default MBR code
13:56:28.187 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
13:56:28.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 96390
13:56:28.203 Disk 0 scanning sectors +312496380
13:56:28.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:56:34.484 Service scanning
13:56:42.468 Modules scanning
13:56:55.593 Disk 0 trace - called modules:
13:56:55.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
13:56:55.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a462ab8]
13:56:55.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a42ef18]
13:56:55.609 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\0000006b[0x8a4ed650]
13:56:55.609 Scan finished successfully
13:57:34.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Apprenticeship Coord\Desktop\MBR.dat"
13:57:34.640 The log file has been saved successfully to "C:\Documents and Settings\Apprenticeship Coord\Desktop\aswMBR.txt"
-
Hi Maniac,Completed MWB scan, nothing picked up.....now completing step 3 aswMBR.exe
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.07.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Apprenticeship Coord :: LEARNER4 [administrator]
07/11/2012 13:46:25
mbam-log-2012-11-07 (13-46-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216307
Time elapsed: 4 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hi Maniac, thanks for reply, we're going in..........
-
Hi all, keep getting 'Services.exe - Bad Image' messages. It appears more than >10 times on start up etc. AVG, AntiMalwarebytes didn't detect anything, Spybot indicated Firewall Disable notification? and deleted it. Problem still exists.
PFA DDS and Attach files.
Any help appreciated..
Thanks
services.exe - Bad Image problem
in Resolved Malware Removal Logs
Posted
Hi Maniac, no bad image faults
Any idea what the problem was??