Jump to content

stuartrobertson12345

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by stuartrobertson12345

  1. unfortunately it crashes before it finishes, then freezes the pc. ComboFix does run & complete, log attached. TDSKiller also runs and comes up clean. Any suggestions? ComboFix.txt TDSSKiller.2.5.19.0_06.09.2011_19.14.39_log.txt
  2. actually, what is normally a "C" drive is assigned to "h", is that causing the problem? Nothing is assigned to "C"
  3. hi guts - no luck with combo fix - it wont finish. i left it running over night in case it was just taking a really long time, but it just wont complete, then i have to power off the pc to get it working again. r we ready to give up?
  4. Hi Guys, been away on hioliday, back now and willing to continue to try and fix this issue with combo fix, will let you know how I get on, please dont close the thread
  5. just tried to run DDS in safe mode. same thing, pc just freezes. can this be problem be fixed?
  6. Still cannt get DDS to work, i will try in safe mode - here is TDSKiller log 2011/07/22 17:19:06.0328 1240 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/22 17:19:06.0890 1240 ================================================================================ 2011/07/22 17:19:06.0890 1240 SystemInfo: 2011/07/22 17:19:06.0890 1240 2011/07/22 17:19:06.0890 1240 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/22 17:19:06.0890 1240 Product type: Workstation 2011/07/22 17:19:06.0890 1240 ComputerName: SMALLXPS 2011/07/22 17:19:06.0890 1240 UserName: Stu 2011/07/22 17:19:06.0890 1240 Windows directory: H:\WINDOWS 2011/07/22 17:19:06.0890 1240 System windows directory: H:\WINDOWS 2011/07/22 17:19:06.0890 1240 Processor architecture: Intel x86 2011/07/22 17:19:06.0890 1240 Number of processors: 2 2011/07/22 17:19:06.0890 1240 Page size: 0x1000 2011/07/22 17:19:06.0890 1240 Boot type: Normal boot 2011/07/22 17:19:06.0890 1240 ================================================================================ 2011/07/22 17:19:07.0562 1240 Initialize success 2011/07/22 17:19:15.0875 4328 ================================================================================ 2011/07/22 17:19:15.0875 4328 Scan started 2011/07/22 17:19:15.0875 4328 Mode: Manual; 2011/07/22 17:19:15.0875 4328 ================================================================================ 2011/07/22 17:19:18.0031 4328 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/22 17:19:18.0078 4328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/22 17:19:18.0156 4328 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys 2011/07/22 17:19:18.0234 4328 AFD (355556d9e580915118cd7ef736653a89) H:\WINDOWS\System32\drivers\afd.sys 2011/07/22 17:19:18.0359 4328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) H:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/22 17:19:18.0437 4328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/22 17:19:18.0468 4328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\drivers\atapi.sys 2011/07/22 17:19:18.0578 4328 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/07/22 17:19:18.0687 4328 atidgllk (adf7ef046725442ba32c4aef12646fd0) H:\dell\drivers\R169419\atidgllk.sys 2011/07/22 17:19:18.0781 4328 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/22 17:19:18.0812 4328 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/22 17:19:18.0890 4328 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) H:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/07/22 17:19:18.0921 4328 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) H:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/07/22 17:19:18.0953 4328 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) H:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/07/22 17:19:18.0984 4328 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) H:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/07/22 17:19:19.0046 4328 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) H:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/07/22 17:19:19.0078 4328 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) H:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/07/22 17:19:19.0093 4328 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) H:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/07/22 17:19:19.0187 4328 Avgtdix (aaf0ebcad95f2164cffb544e00392498) H:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/07/22 17:19:19.0234 4328 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys 2011/07/22 17:19:19.0390 4328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/22 17:19:19.0421 4328 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/07/22 17:19:19.0468 4328 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/22 17:19:19.0500 4328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/22 17:19:19.0546 4328 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) H:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/22 17:19:19.0578 4328 cercsr6 (84853b3fd012251690570e9e7e43343f) H:\WINDOWS\system32\drivers\cercsr6.sys 2011/07/22 17:19:19.0703 4328 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/22 17:19:19.0750 4328 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys 2011/07/22 17:19:19.0781 4328 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys 2011/07/22 17:19:19.0828 4328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys 2011/07/22 17:19:19.0859 4328 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys 2011/07/22 17:19:19.0906 4328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/22 17:19:19.0953 4328 e1express (6f7ccd3c02b26d530900f06d98171a69) H:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/07/22 17:19:20.0031 4328 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/22 17:19:20.0062 4328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\drivers\Fdc.sys 2011/07/22 17:19:20.0093 4328 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys 2011/07/22 17:19:20.0109 4328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\drivers\Flpydisk.sys 2011/07/22 17:19:20.0140 4328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/22 17:19:20.0171 4328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/22 17:19:20.0218 4328 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/22 17:19:20.0265 4328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/07/22 17:19:20.0312 4328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/22 17:19:20.0375 4328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/22 17:19:20.0390 4328 hidusb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/22 17:19:20.0468 4328 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) H:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/07/22 17:19:20.0515 4328 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) H:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/07/22 17:19:20.0640 4328 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/22 17:19:20.0718 4328 iastor (294110966cedd127629c5be48367c8cf) H:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/07/22 17:19:20.0750 4328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/22 17:19:20.0828 4328 intelppm (8c953733d8f36eb2133f5bb58808b66b) H:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/22 17:19:20.0859 4328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/22 17:19:20.0906 4328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/22 17:19:20.0953 4328 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/22 17:19:21.0000 4328 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/22 17:19:21.0031 4328 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/22 17:19:21.0078 4328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/22 17:19:21.0109 4328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/22 17:19:21.0125 4328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/22 17:19:21.0171 4328 kbdhid (9ef487a186dea361aa06913a75b3fa99) H:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/07/22 17:19:21.0234 4328 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys 2011/07/22 17:19:21.0265 4328 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/22 17:19:21.0515 4328 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) H:\Program Files\LogMeIn\x86\RaInfo.sys 2011/07/22 17:19:21.0531 4328 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) H:\WINDOWS\system32\DRIVERS\lmimirr.sys 2011/07/22 17:19:21.0562 4328 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) H:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2011/07/22 17:19:21.0593 4328 mcdbus (8fd868e32459ece2a1bb0169f513d31e) H:\WINDOWS\system32\DRIVERS\mcdbus.sys 2011/07/22 17:19:21.0625 4328 mdmxsdk (3c318b9cd391371bed62126581ee9961) H:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/07/22 17:19:21.0687 4328 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) H:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/07/22 17:19:21.0734 4328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/22 17:19:21.0781 4328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys 2011/07/22 17:19:21.0812 4328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/22 17:19:21.0828 4328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) H:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/22 17:19:21.0859 4328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/22 17:19:21.0890 4328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/22 17:19:21.0968 4328 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/22 17:19:22.0046 4328 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys 2011/07/22 17:19:22.0062 4328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/22 17:19:22.0093 4328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/22 17:19:22.0125 4328 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/22 17:19:22.0171 4328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/22 17:19:22.0250 4328 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys 2011/07/22 17:19:22.0296 4328 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys 2011/07/22 17:19:22.0328 4328 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/07/22 17:19:22.0375 4328 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys 2011/07/22 17:19:22.0437 4328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/07/22 17:19:22.0453 4328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) H:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/22 17:19:22.0468 4328 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/22 17:19:22.0484 4328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/22 17:19:22.0531 4328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/22 17:19:22.0562 4328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/22 17:19:22.0609 4328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/22 17:19:22.0640 4328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) H:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/22 17:19:22.0656 4328 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys 2011/07/22 17:19:22.0718 4328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/22 17:19:22.0765 4328 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys 2011/07/22 17:19:22.0812 4328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/22 17:19:22.0828 4328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/22 17:19:22.0859 4328 ohci1394 (ca33832df41afb202ee7aeb05145922f) H:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/22 17:19:22.0921 4328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\drivers\Parport.sys 2011/07/22 17:19:22.0953 4328 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/22 17:19:22.0984 4328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/22 17:19:23.0015 4328 pavboot (3adb8bd6154a3ef87496e8fce9c22493) H:\WINDOWS\system32\drivers\pavboot.sys 2011/07/22 17:19:23.0031 4328 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/22 17:19:23.0109 4328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/22 17:19:23.0250 4328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/22 17:19:23.0281 4328 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/22 17:19:23.0296 4328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/22 17:19:23.0343 4328 PxHelp20 (617accada2e0a0f43ec6030bbac49513) H:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/07/22 17:19:24.0046 4328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/22 17:19:24.0296 4328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/22 17:19:24.0453 4328 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/22 17:19:24.0656 4328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/22 17:19:24.0703 4328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/22 17:19:24.0734 4328 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/22 17:19:24.0781 4328 rdpdr (15cabd0f7c00c47c70124907916af3f1) H:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/22 17:19:24.0828 4328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) H:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/22 17:19:24.0859 4328 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/22 17:19:24.0968 4328 RsFx0102 (fedd2710b75be3ecf078adace790c423) H:\WINDOWS\system32\DRIVERS\RsFx0102.sys 2011/07/22 17:19:25.0015 4328 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/22 17:19:25.0078 4328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\drivers\Serial.sys 2011/07/22 17:19:25.0125 4328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys 2011/07/22 17:19:25.0203 4328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/07/22 17:19:25.0328 4328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys 2011/07/22 17:19:25.0375 4328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/22 17:19:25.0421 4328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/22 17:19:25.0484 4328 STHDA (797fcc1d859b203958e915bb82528da9) H:\WINDOWS\system32\drivers\sthda.sys 2011/07/22 17:19:25.0531 4328 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/07/22 17:19:25.0578 4328 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/22 17:19:25.0609 4328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys 2011/07/22 17:19:25.0687 4328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/22 17:19:25.0750 4328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/22 17:19:25.0781 4328 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/22 17:19:25.0796 4328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/22 17:19:25.0828 4328 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/22 17:19:25.0875 4328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys 2011/07/22 17:19:26.0000 4328 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys 2011/07/22 17:19:26.0062 4328 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) H:\WINDOWS\system32\Drivers\usbaapl.sys 2011/07/22 17:19:26.0125 4328 usbaudio (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys 2011/07/22 17:19:26.0171 4328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/22 17:19:26.0187 4328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/22 17:19:26.0203 4328 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/22 17:19:26.0218 4328 usbprint (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/22 17:19:26.0250 4328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/22 17:19:26.0296 4328 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/22 17:19:26.0312 4328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) H:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/07/22 17:19:26.0343 4328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys 2011/07/22 17:19:26.0406 4328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/22 17:19:26.0546 4328 VX1000 (2fbf9e882fc28a315a86aa1f831c144e) H:\WINDOWS\system32\DRIVERS\VX1000.sys 2011/07/22 17:19:27.0078 4328 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/22 17:19:27.0515 4328 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/22 17:19:27.0562 4328 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) H:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/07/22 17:19:27.0640 4328 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/07/22 17:19:27.0687 4328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/07/22 17:19:27.0843 4328 Boot (0x1200) (5d1e0d42e83c3fdee354e20a11bb0b2f) \Device\Harddisk0\DR0\Partition0 2011/07/22 17:19:27.0859 4328 ================================================================================ 2011/07/22 17:19:27.0859 4328 Scan finished 2011/07/22 17:19:27.0859 4328 ================================================================================ 2011/07/22 17:19:27.0875 4804 Detected object count: 0 2011/07/22 17:19:27.0875 4804 Actual detected object count: 0 2011/07/22 17:19:32.0312 3524 Deinitialize success
  7. i am having no problems with th pc at all except that malwarebytes will not run, spam attack on my email also but unsure if this is pc related or security issue with hotmail
  8. many thanks for the reply, i am determined to sort this if its possible! The DDS wont finish, the pc locks up as its running (cant open any windows explorer or Iexplorer). I have run it twice now and waited 25 mins or so then rebooted via switching pc off at mains. On reboot there has been no text file to post the contents of. I did run TDSKiller a few days ago - shall I post that log? An==
  9. Hi, hope someone can help PLEASE- i am just about to re install windows as I cannot seem to fix this and its driving me (and in turn I am driving my family) mad A while back I had a Antivrus 2011 infection. I seemed to remove it all fine but I noticed I could not run the Malwarebytes program anymore. Last night I left my machine on and this morning discovered it has been emailing everyone in my hotmail address book a link. I don't know if it is related or not - i have changed my hotmail password. I have removed Malwarebytes and re installed it several times along with every other piece of advice I have found in forums, (renaming it, trying from safe mode with networking, running RKill, lookking for TDSxxx in registry, FixingMalwareProblem.reg) Antivirus comes up clean, Spybot comes up clean. None of the FAQ here http://forums.malwarebytes.org/index.php?showtopic=85715&st=0&p=434001entry434001 have worked Here is my HT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:10:01, on 22/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\PROGRA~1\AVG\AVG10\avgchsvx.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\brsvc01a.exe H:\WINDOWS\system32\brss01a.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\ehome\ehtray.exe H:\WINDOWS\stsystra.exe H:\Program Files\ATI Technologies\ATI.ACE\cli.exe H:\Program Files\LogMeIn\x86\LogMeInSystray.exe H:\WINDOWS\vVX1000.exe H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe H:\Program Files\iTunes\iTunesHelper.exe H:\Program Files\AVG\AVG10\avgtray.exe H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe H:\Program Files\Windows Live\Messenger\msnmsgr.exe H:\WINDOWS\system32\ctfmon.exe H:\Documents and Settings\Stu\Application Data\Dropbox\bin\Dropbox.exe H:\Program Files\MagicDisc\MagicDisc.exe H:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe H:\Program Files\AVG\AVG10\avgwdsvc.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\WINDOWS\eHome\ehRecvr.exe H:\WINDOWS\eHome\ehSched.exe H:\Program Files\Java\jre6\bin\jqs.exe H:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe H:\Program Files\LogMeIn\x86\LogMeIn.exe H:\Program Files\AVG\AVG10\avgnsx.exe H:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe H:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\ATI Technologies\ATI.ACE\cli.exe H:\Program Files\iPod\bin\iPodService.exe H:\WINDOWS\system32\dllhost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\eHome\ehmsas.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\PROGRA~1\AVG\AVG10\avgrsx.exe H:\Program Files\AVG\AVG10\avgcsrvx.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [LogMeIn GUI] "H:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNjc2MDUxODU5LUZQOTIrNi1UQjkrMi1GTCs5LVhPMzYrMS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtRjEwTTEwQysxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=55"&"ver=10.0.1390 O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - Startup: Dropbox.lnk = H:\Documents and Settings\Stu\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: MagicDisc.lnk = H:\Program Files\MagicDisc\MagicDisc.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.6.0.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1270119421800 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://softbrands.w...ort/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail....ol/MSNPUpld.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...960/mcfscan.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - H:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - H:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn - LogMeIn, Inc. - H:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Sage SData Service - Sage (UK) Limited - H:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- End of file - 12803 bytes Just to clarify, the problem I am having is that malwarebytes will not run at all.
  10. Hi, hope someone can help - i am just about to re install windows as I cannot seem to fix this. A while back I had a Antivrus 2011 infection. I seemed to remove it all fine but I noticed I could not run the Malwarebytes program anymore. Last night I left my machine on and this morning discovered it has been emailing everyone in my hotmail address book a link. I don't know if it is related or not - i have changed my hotmail password. I have removed Malwarebytes and re installed it several times along with every other piece of advice I have found in forums, (renaming it, running RKill, lookking for TDSxxx in registry, FixingMalwareProblem.reg) Antivirus comes up clean, Spybot comes up clean. Here is my HT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:10:01, on 22/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\PROGRA~1\AVG\AVG10\avgchsvx.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\brsvc01a.exe H:\WINDOWS\system32\brss01a.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\ehome\ehtray.exe H:\WINDOWS\stsystra.exe H:\Program Files\ATI Technologies\ATI.ACE\cli.exe H:\Program Files\LogMeIn\x86\LogMeInSystray.exe H:\WINDOWS\vVX1000.exe H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe H:\Program Files\iTunes\iTunesHelper.exe H:\Program Files\AVG\AVG10\avgtray.exe H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe H:\Program Files\Windows Live\Messenger\msnmsgr.exe H:\WINDOWS\system32\ctfmon.exe H:\Documents and Settings\Stu\Application Data\Dropbox\bin\Dropbox.exe H:\Program Files\MagicDisc\MagicDisc.exe H:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe H:\Program Files\AVG\AVG10\avgwdsvc.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\WINDOWS\eHome\ehRecvr.exe H:\WINDOWS\eHome\ehSched.exe H:\Program Files\Java\jre6\bin\jqs.exe H:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe H:\Program Files\LogMeIn\x86\LogMeIn.exe H:\Program Files\AVG\AVG10\avgnsx.exe H:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe H:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\ATI Technologies\ATI.ACE\cli.exe H:\Program Files\iPod\bin\iPodService.exe H:\WINDOWS\system32\dllhost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\eHome\ehmsas.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\PROGRA~1\AVG\AVG10\avgrsx.exe H:\Program Files\AVG\AVG10\avgcsrvx.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [LogMeIn GUI] "H:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [VX1000] H:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNjc2MDUxODU5LUZQOTIrNi1UQjkrMi1GTCs5LVhPMzYrMS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtRjEwTTEwQysxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=55"&"ver=10.0.1390 O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - Startup: Dropbox.lnk = H:\Documents and Settings\Stu\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: MagicDisc.lnk = H:\Program Files\MagicDisc\MagicDisc.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270119421800 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://softbrands.webex.com/client/T27LB/support/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5960/mcfscan.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - H:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - H:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - H:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn - LogMeIn, Inc. - H:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Sage SData Service - Sage (UK) Limited - H:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- End of file - 12803 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.