Jump to content

Microsoft Visual C++ Runtime Library Issues


Recommended Posts

Hello and welcome to MalwareBytes forums,

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites

Thanks for the welcome!

Here you go.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.3.1

Run by hrostami at 14:43:13 on 2012-05-06

Microsoft Windows XP Professional 5.1.2600.3.1256.981.1033.18.2814.1766 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\Program Files\NETGEAR\PS121v2\PS121v2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\program files\real\realone player\update\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dokan\DokanLibrary\mounter.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Blaze Media Pro\NMSAccess32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\msiexec.exe

c:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\wscntfy.exe

c:\program files\real\realone player\RealPlay.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 113.53.244.116:8008

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [PS121v2] "c:\program files\netgear\ps121v2\PS121v2.exe" /hide

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [bIH] c:\windows\system32\rundll32.exe bih.dll, InitGauge

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [TkBellExe] "c:\program files\real\realone player\update\realsched.exe" -osboot

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

Trusted Zone: qpay123.com

Trusted Zone: t-mobile.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - file://d:\games\msjavx86_3805.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{47240046-DF46-44ED-AE2D-C64108BC16C3} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: Antiwpa - antiwpa.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 74.208.10.249 gs.apple.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\29eq4oci.default\

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-9 20328]

R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84608]

R2 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 22016]

R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-6-25 5888]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-6 40776]

R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2010-10-7 12032]

R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2010-10-7 39424]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2010-6-26 154624]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-15 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253088]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-7-7 16512]

S3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2004-12-13 17636]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-10 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-10 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-15 136176]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2011-4-3 40832]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]

S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-3-11 404256]

S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2011-4-26 1521544]

S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2010-10-3 31872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-05-06 19:18:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-06 19:18:55 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2012-05-06 19:18:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-06 19:18:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-06 19:18:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-30 18:40:34 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll

2012-04-30 18:40:34 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll

2012-04-30 18:40:34 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor70.dll

2012-04-30 18:40:33 613704 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2012-04-30 18:40:33 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll

2012-04-30 18:40:33 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll

2012-04-29 18:59:50 -------- d-----w- C:\Downloads

2012-04-29 18:59:50 -------- d-----w- c:\documents and settings\administrator\application data\ProgSense

2012-04-29 18:58:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Opera

2012-04-28 23:46:24 -------- d-----w- c:\program files\common files\xing shared

2012-04-08 21:43:44 -------- d-----w- c:\program files\Flash Screensaver Maker

2012-04-08 20:34:12 908512 ----a-w- c:\windows\Ace Pro Screensaver Creator Uninstaller.exe

2012-04-08 20:34:08 -------- d-----w- c:\program files\Nufsoft

.

==================== Find3M ====================

.

2012-04-28 23:45:56 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-04-28 23:45:56 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-04-26 01:07:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-26 01:07:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-11 22:11:25 141312 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-28 18:50:30 667136 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 18:50:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-02-28 18:50:29 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-02-28 13:50:54 369664 ------w- c:\windows\system32\html.iec

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 14:44:01.89 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/7/2005 10:24:05 AM

System Uptime: 5/6/2012 2:15:11 PM (0 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD Turion™ X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 2000/1800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 96.216 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP534: 2/4/2012 5:33:32 PM - System Checkpoint

RP535: 2/5/2012 5:37:40 PM - System Checkpoint

RP536: 2/6/2012 7:39:05 PM - System Checkpoint

RP537: 2/8/2012 7:59:04 PM - System Checkpoint

RP538: 2/11/2012 9:50:59 PM - System Checkpoint

RP539: 2/12/2012 10:00:33 PM - System Checkpoint

RP540: 2/14/2012 10:35:02 PM - Software Distribution Service 3.0

RP541: 2/15/2012 9:43:42 PM - Software Distribution Service 3.0

RP542: 2/19/2012 4:10:53 PM - System Checkpoint

RP543: 2/20/2012 6:24:05 PM - System Checkpoint

RP544: 2/21/2012 7:48:07 PM - System Checkpoint

RP545: 2/22/2012 7:48:37 PM - System Checkpoint

RP546: 2/25/2012 7:50:48 PM - System Checkpoint

RP547: 2/27/2012 7:38:13 PM - System Checkpoint

RP548: 2/28/2012 8:24:27 PM - System Checkpoint

RP549: 3/1/2012 7:42:28 PM - System Checkpoint

RP550: 3/4/2012 3:35:55 PM - System Checkpoint

RP551: 3/5/2012 7:40:48 PM - System Checkpoint

RP552: 3/10/2012 4:42:06 PM - System Checkpoint

RP553: 3/11/2012 4:39:08 PM - Installed SRS Audio Essentials.

RP554: 3/11/2012 5:10:43 PM - Removed Java™ 7

RP555: 3/11/2012 5:11:19 PM - Installed Java™ 7 Update 3

RP556: 3/11/2012 5:12:00 PM - Installed JavaFX 2.0.3

RP557: 3/13/2012 6:12:20 PM - Software Distribution Service 3.0

RP558: 3/15/2012 7:19:31 PM - Restore Operation

RP559: 3/15/2012 7:46:59 PM - Removed Skype™ 5.8

RP560: 3/15/2012 7:47:50 PM - Removed SRS Audio Essentials.

RP561: 3/15/2012 7:50:50 PM - Removed Java™ 6 Update 26

RP562: 3/15/2012 7:55:04 PM - Software Distribution Service 3.0

RP563: 3/15/2012 8:51:32 PM - Installed AVG 2012

RP564: 3/15/2012 8:53:09 PM - Removed AVG Free 9.0

RP565: 3/15/2012 9:02:28 PM - Installed AVG 2012

RP566: 3/18/2012 4:38:06 PM - System Checkpoint

RP567: 3/19/2012 9:16:02 PM - System Checkpoint

RP568: 3/21/2012 4:32:18 PM - System Checkpoint

RP569: 3/22/2012 5:55:50 PM - System Checkpoint

RP570: 3/23/2012 9:19:18 PM - System Checkpoint

RP571: 3/24/2012 2:30:36 PM - Unsigned driver install

RP572: 3/25/2012 3:44:45 PM - System Checkpoint

RP573: 3/26/2012 9:12:40 PM - System Checkpoint

RP574: 3/27/2012 9:13:22 PM - System Checkpoint

RP575: 3/29/2012 9:16:06 PM - System Checkpoint

RP576: 4/2/2012 1:43:09 PM - System Checkpoint

RP577: 4/3/2012 9:30:52 PM - System Checkpoint

RP578: 4/5/2012 3:49:16 PM - System Checkpoint

RP579: 4/6/2012 5:58:10 PM - System Checkpoint

RP580: 4/8/2012 2:32:57 PM - System Checkpoint

RP581: 4/9/2012 8:26:39 PM - System Checkpoint

RP582: 4/10/2012 9:29:14 PM - System Checkpoint

RP583: 4/11/2012 10:10:23 PM - System Checkpoint

RP584: 4/13/2012 2:44:20 PM - Software Distribution Service 3.0

RP585: 4/15/2012 5:57:22 PM - System Checkpoint

RP586: 4/16/2012 9:06:40 PM - System Checkpoint

RP587: 4/17/2012 9:50:20 PM - System Checkpoint

RP588: 4/22/2012 6:15:40 PM - System Checkpoint

RP589: 4/25/2012 9:58:08 PM - System Checkpoint

RP590: 4/26/2012 10:00:11 PM - System Checkpoint

RP591: 4/28/2012 7:23:21 PM - System Checkpoint

RP592: 4/29/2012 9:10:33 PM - System Checkpoint

RP593: 4/30/2012 9:32:44 PM - System Checkpoint

RP594: 5/1/2012 10:00:23 PM - System Checkpoint

RP595: 5/3/2012 9:18:58 PM - System Checkpoint

RP596: 5/6/2012 2:39:11 PM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

.

==== Installed Programs ======================

.

A.L.A.R.M. - A Laptop A/C Monitor

Ace Pro Screensaver Creator

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.6

Allah Remembrance Screen Saver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Aqsa Screen Saver Screen Saver

Athan Basic 3.9

Atheros Driver Installation Program

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.2.6

AVG 2012

BitTorrent

Blaze Media Pro

BlueJ 3.0.5

Bonjour

Brother HL-2140

Bullzip PDF Printer 7.2.0.1304

Camera Assistant Software for Toshiba

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Cheat Engine 5.6.1

Combined Community Codec Pack 2009-09-09

Compatibility Pack for the 2007 Office system

CPUID CPU-Z 1.55

Customer Support Tool A203

Customer Support Tool A206

Debut Video Capture Software

Desktop Restore

Dokan Library 0.5.3

EASEUS Partition Master 6.1.1 Home Edition

Eid Screen Saver

File Shredder 2.0

Flash Screensaver Maker Simple Version (remove only)

Free 3GP Video Converter version 3.7.18

Free DVD Ripper Version 2.25

FREE Hi-Q Recorder 1.92

Free iPod Video Converter 1.34

Free YouTube Download version 2.10.33.324

Free YouTube to iPod Converter version 3.5

FreeRIP v3.40

Freez DVD Ripper v1.5

Google Chrome

Google Farsi Input

Google Talk Plugin

Google Update Helper

GPL Ghostscript Lite 8.70

Hajj Screen Saver

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Hotspot Shield 2.24

HP Memories Disc

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Photo and Imaging 2.0 - hp psc 1200 series

hp psc 1200 series

HxD Hex Editor version 1.7.7.0

HyperCam

iCarbon 2.2.1

Icon Restore 1.0

ImgBurn

iPhone Configuration Utility

iPhone Folders

IrfanView (remove only)

iTunes

Java Auto Updater

Java DB 10.6.2.1

Java™ 7 Update 3

Java™ SE Development Kit 6 Update 26

Java™ SE Development Kit 7

JavaFX 2.0.3

JLC's Internet TV

join.me

K-Lite Codec Pack 6.0.4 (Standard)

LADSPA_plugins-win-0.4.15

LAME v3.98.2 for Audacity

Macromedia Extension Manager

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Magical Jelly Bean KeyFinder

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Keyboard Layout Creator 1.4

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows XP Video Decoder Checkup Utility

Mobipocket Reader 6.2

Motorola Driver Installation

Mozilla Firefox 4.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

my keyboard

Need for Speed Texaco Web Demo4

NetGear PS121v2

NetWaiting

NirSoft VideoCacheView

Notebook BatteryInfo

OpenOffice.org 3.2

QuickTime

Quran_1 Screen Saver

Ramadan1 Screen Saver

Ramadan2 Screen Saver

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Sapi

Scratch

ScreenShot V1.1.0.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647516)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2675157)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skins

Skype™ 3.8

Sony Ericsson PC Suite 1.20.173

Sony Media Manager 2.2

Sony Vegas 7.0

Super Mario: Blue Twilight DX (v1.04.1)

SUPER © Version 2010.bld.38 (May 2, 2010)

swMSM

Synaptics Pointing Device Driver

Thoosje Windows XP Quick Optimizer

TomTom HOME 2.8.0.2146

TomTom HOME Visual Studio Merge Modules

TOSHIBA DVD PLAYER

TOSHIBA Hotkey Utility

TOSHIBA Software Modem

Typing Instructor Deluxe

Ultra Flash Video FLV Converter 5.3.0402

UnInstall Icon Restore 1.0

Unlocker 1.9.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB 2.0 Card Reader

USB2.0 Grabber

Video DVD Maker v3.30.0.75

VNC Free Edition 4.1.3

Voice and Speech Recognition Software

VST Bridge 1.1

WebFldrs XP

WildTangent Updater

WildTangent Web Driver

Windows Imaging Component

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Support Tools

Windows XP Service Pack 3

WinRAR archiver

WordPerfect Office 2002

Xilisoft iPhone Ringtone Maker

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

5/5/2012 7:10:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips OMCI Processor

5/5/2012 7:09:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/5/2012 7:09:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/30/2012 1:41:47 PM, error: Dhcp [1002] - The IP address lease 10.39.8.60 for the Network Card with network address 00FF787AA39A has been denied by the DHCP server 10.39.55.254 (The DHCP Server sent a DHCPNACK message).

4/30/2012 1:40:37 PM, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).

4/30/2012 1:40:20 PM, error: Dhcp [1002] - The IP address lease 10.35.24.47 for the Network Card with network address 00FF787AA39A has been denied by the DHCP server 10.36.39.254 (The DHCP Server sent a DHCPNACK message).

4/30/2012 1:36:22 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{47240046-DF46-44ED-AE2D-C64108BC16C3} because another computer on the network has the same name. The server could not start.

4/30/2012 1:36:22 PM, error: NetBT [4321] - The name "TOSHIBA :20" could not be registered on the Interface with IP address 10.42.145.182. The machine with the IP address 10.129.160.224 did not allow the name to be claimed by this machine.

4/30/2012 1:36:12 PM, error: NetBT [4321] - The name "TOSHIBA :0" could not be registered on the Interface with IP address 10.42.145.182. The machine with the IP address 10.129.160.224 did not allow the name to be claimed by this machine.

.

==== End Of File ===========================

Link to post
Share on other sites

From now on, always Copy & Paste contents of logs into the main body of reply box.

Do NOT "attach" logs.

Your logs showed some peer-to-peer filesharing apps: BitTorrent I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

and I must insist you remove it and confirm having done so.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 4

Temporarily disable your antivirus program

Step 5

Download Dr.Web CureIt and SAVE to the desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Step 6

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Copy and Paste contents of the DrWeb Cureit log & Stinger.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Sorry, it's been a while, thought I'd give you a heads-up.

BitTorrent has indeed been removed, per your instruction.

I am currently stuck on Step 5: Dr.Web CureIt

I can run the Short scan okay, but when I run the Complete scan, the computer runs the scan until near the end, and then powers off abruptly due to what I suspect may be overheating (~70-80ºC according to SpeedFan). This may have to be put off for a bit, until I can either get a hold of someone's cooling pad or temporarily install the window A/C unit for my place.

Heating has never usually been a problem for me (the computer can get hot but it would have to run for at least a day's daylight before shutting off). But I have run the full scan twice: once after the PC was on for the whole day (daytime) and one right after the PC started. In either case, the computer got hot enough to cut power by itself when the scan was near 90%.

Link to post
Share on other sites

Never mind what I have written about the overheating- I found a video on YouTube which shows how to disassemble this particular model and clean out dust from the fan. I have performed the procedures in the video; I think this may solve the issue, but we'll have to wait while I run Dr.Web CureIt and see how it goes.

video link

Edited by Maurice Naggar
Link to post
Share on other sites

OK, here are the logs I have gotten:

Log for Dr.WebCureIt:

eVPC_4844[1].exe;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8X63KXQ7;Adware.Downware.193;Deleted.;

--------------------End of file--------------------------------------------------------------------------------------

Log for McAfee Stinger

McAfee® Labs Stinger™ Version 10.2.0.643 built on May 16 2012

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on May 16 2012.

Ready to scan for 4374 viruses, trojans and variants.

Scan initiated on Wed May 16 21:00:46 2012

Rootkit scan result : Not Scanned

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................1

Possibly Infected: ............0

Number of clean files: 31156

--------------------End of file--------------------------------------------------------------------------------------

Link to post
Share on other sites

Close your open apps & run this temp file remover.

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

NEXT:

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & paste the MBAM log and tell me, How's the system now, as compared to your original issue ?

Link to post
Share on other sites

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Turn OFF your antivirus program and any other anti-malware app, so that they do not interfere.
  3. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]
Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.61[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue :excl:
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b] :excl:
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats

Please Copy & Paste the most recent MBAM scan logs, because they will be most useful to me.

Re-enable your antivirus when all done.

Link to post
Share on other sites

De-install MBAM using the clean-procedure, new download, new setup, update it, set proper exclusions, then 1 more Chameleon try.

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

That should take care of a proper, new MBAM setup.

Now, turn off your antivirus so that it does not interfere. Likewise, turn off any other "active" security monitor (leave the firewall on).

Now, run Chameleon as I outlined the last time. :excl:

When all done, Re-enable the anti-virus application that you turned off before.

Link to post
Share on other sites

Please do the following to see if it fixes the error:

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    if exist "%programfiles(x86)%" regsvr32 "%programfiles(x86)%\Malwarebytes' Anti-Malware\mbamext.dll"
    if exist "%programfiles(x86)%" regsvr32 "%programfiles(x86)%\Malwarebytes' Anti-Malware\ssubtmr6.dll"
    if exist "%programfiles(x86)%" regsvr32 "%programfiles(x86)%\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
    if not exist "%programfiles(x86)%" regsvr32 "%programfiles%\Malwarebytes' Anti-Malware\mbamext.dll"
    if not exist "%programfiles(x86)%" regsvr32 "%programfiles%\Malwarebytes' Anti-Malware\ssubtmr6.dll"
    if not exist "%programfiles(x86)%" regsvr32 "%programfiles%\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file MBAM Fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it on XP. For Vista please right click on it and choose Run As Admin
  • Click OK to each of the 3 dialog boxes that should show a success message for each file registered
  • If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level.
    If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from here to see if it helps.

As to "recording", at most just a screen-capture (snapshot).

I'd much prefer the MBAM log itself.

Edited by Maurice Naggar
Link to post
Share on other sites

No difference. Database is updated, yet once the Quick Scan is complete and you are presented with the option to "Remove Selected", all that happens when you press the button is the exact popup indicating "Runtime Error! This application has requested the Runtime to terminate itself in an unusual way.", and then closing MBAM.

I have three questions:

1. Wouldn't I be able to simply manually delete any infected files to rid my PC of them?

2. Doing a Google search for "This application has requested the Runtime to terminate itself in an unusual way." turns up many results which seem to mostly point toward either a) bad programming on the part of the developer, or b) issues with Microsoft Visual C++ itself.

Link for example of a) http://stackoverflow...to-terminate-it

Link for example of b) http://heroescommuni....php3?TID=37082

3. Do you happen to know if MBAM was developed in C++?

I am inclined to go with what was done by the guy in example b above: uninstall the program, and then Microsoft C++, then reinstalling his program without reinstalling MS Visual C++, which solved his problem immediately. If you consent, I can try this.

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.3.1

Run by hrostami at 15:04:02 on 2012-06-03

Microsoft Windows XP Professional 5.1.2600.3.1256.981.1033.18.2814.1031 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dokan\DokanLibrary\mounter.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Blaze Media Pro\NMSAccess32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\Program Files\NETGEAR\PS121v2\PS121v2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\program files\real\realone player\update\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 113.53.244.116:8008

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [PS121v2] "c:\program files\netgear\ps121v2\PS121v2.exe" /hide

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [bIH] c:\windows\system32\rundll32.exe bih.dll, InitGauge

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [TkBellExe] "c:\program files\real\realone player\update\realsched.exe" -osboot

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

Trusted Zone: qpay123.com

Trusted Zone: t-mobile.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - file://d:\games\msjavx86_3805.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{47240046-DF46-44ED-AE2D-C64108BC16C3} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: Antiwpa - antiwpa.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 74.208.10.249 gs.apple.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\29eq4oci.default\

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-9 20328]

R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84608]

R2 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 22016]

R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -

product HSS [?]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-6-25 5888]

R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2010-10-7 12032]

R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2010-10-7 39424]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2010-6-26 154624]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-15 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253088]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-7-7 16512]

S3 ECRDRV;ECRDRV;c:\windows\system32\drivers\ecrdrv.sys [2004-12-13 17636]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-10 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-10 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-15 136176]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-5-20 32072]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-20 40776]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2011-4-3 40832]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]

S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-3-11 404256]

S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2011-4-26 1521544]

S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2010-10-3 31872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]

.

=============== Created Last 30 ================

.

2012-05-21 02:16:07 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-21 02:16:05 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-05-21 02:07:41 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2012-05-21 02:07:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-21 02:07:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-21 02:07:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-17 02:01:13 14664 ----a-w- c:\windows\stinger.sys

2012-05-17 01:55:40 -------- d-----w- c:\program files\stinger

2012-05-15 12:55:19 -------- d-----w- c:\program files\SpeedFan

2012-05-14 01:34:43 -------- d-----w- c:\documents and settings\administrator\DoctorWeb

2012-05-06 20:46:02 327749 ----a-w- c:\windows\system32\drvc.dll

2012-05-06 20:46:02 121344 --sha-r- c:\windows\system32\TAKDSDecoder.ax

2012-05-06 20:46:02 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

==================== Find3M ====================

.

2012-04-28 23:45:56 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-04-28 23:45:56 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-04-26 01:07:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-26 01:07:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-08 20:34:16 908512 ----a-w- c:\windows\Ace Pro Screensaver Creator Uninstaller.exe

2012-03-11 22:11:25 141312 ----a-w- c:\windows\system32\javacpl.cpl

2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

2010-01-07 05:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

============= FINISH: 15:05:04.57 ===============

Link to post
Share on other sites

  • Please download Sysinternals Process Explorer from here and save it to your desktop.
    • Note: If using Windows Vista or Windows 7 then you also need to do the following:
      1. Right-click on ProcExp.exe and select Properties
      2. Click on the Compatibility tab
      3. Under Privilege Level check the box next to Run this program as an administrator
      4. Click on Apply then click OK

  • Double-click ProcExp.exe to run it.

Now start MBAM and do a new Quick scan. In case there's a MBAM crash or hitch, do the following:

Create a Minidump using Sysinternals Process Explorer:

  • Once the crash happens, leave the error window open and find mbam.exe in the process list in Process Explorer and right-click on it and hover your mouse over Create Dump and select Create Minidump...
  • Save the mbam.dmp file to your desktop and close Process Explorer
  • Right-click on the mbam.dmp file you just created and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the ZIP file you just created to your next reply if it is small enough. If it isn't then please upload it to RapidShare & provide the URL link.

Link to post
Share on other sites

Greetings :)

Malwarebytes Anti-Malware is now only detecting the one item (Trojan.Agent which is the file C:\Windows\updates.exe), is that correct?

If you would, please do the following:

  • Open the folder C:\Windows and find the file updates.exe and then right-click on it and choose Copy
  • Close the folder and then right-click on your desktop and choose Paste
  • A copy of the file should now be sitting on your desktop
  • Right-click on that copy of the file and hover your mouse over Send To and choose Compressed (zipped) Folder
  • Please attach the update.zip file you just created to your next reply

Thanks :)

Link to post
Share on other sites

Thank you, that confirms what we suspected. The file is abnormally large. The filesize is what is causing the crash and error you're seeing.

For now, I would recommend that you simply move the file to a new location, such as a new folder on your desktop and call the folder something that will let you know that it may be an infection so that you do not attempt to run it. This time be sure to actually move it, not copy it as I asked you to before, so that the file does not remain inside your Windows folder.

I've passed this information back to our development team and will let you know what the verdict on the file is. I just want to make certain it is an actual infection before we actually delete it completely.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.