Jump to content

NASTY VIRUS- NEED HELP. braviax? or something else


Recommended Posts

looks like this is the same thing that everyone else is getting.. won't allow malwarebytes to run after you run it once. or hi jack this.. I have tried the name change on both and they are both still killed by the virus and then you can't run or change the name again. adaware won't run either.

Here is a log from the dds .. Not sure if this is the info needed

I can run avira antivirus. It finds stuff cleans it but then it seems to pop up over and over. I don't have system restore on.

Braviax , a.exe, lqm all seem to be common files I see things I see..

DDS (Ver_09-07-30.01) - NTFSx86

Run by jwood at 11:12:49.24 on Fri 08/07/2009

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271.636 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\System32\igfxpers.exe

C:\WINDOWS\system32\PROMon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

svchost.exe

C:\Program Files\a-squared Free\a2free.exe

C:\WINDOWS\System32\igfxsrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\msa.exe

C:\Documents and Settings\jwood\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

mSearchAssistant = hxxp://www.google.com

mWinlogon: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav

mWinlogon: Taskman=c:\recycler\s-1-5-21-0638086294-2199189275-114012039-3105\wnzip32.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [12CFG515-K641-55SF-N55P] c:\recycler\s-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PROMon.exe] PROMon.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [WMC_WMPDBExport] c:\program files\windows media player\wmdbexport.exe

dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

uPolicies-system: EnableProfileQuota = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - c:\windows\downlo~1\mywebex\419\mwmie.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab

DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://games.king.com/ctl/kingcomie.cab

DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187802246737

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/html - {ff8c5b3f-ed9f-448b-bcfd-f275434ac179} - c:\windows\system32\xwreg32.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

Notify: PCANotify - PCANotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 avg anti-rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]

R1 avgarcln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-8-6 3968]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-7 11608]

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-10-23 16984]

R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-8-7 719392]

R2 antivirschedulerservice;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-7 108289]

R2 antivirservice;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-7 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-7 55656]

R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232]

R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]

R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-9-24 176208]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090804.003\NAVENG.sys [2009-8-4 87888]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090804.003\NAVEX15.sys [2009-8-4 875728]

S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2004-11-1 106496]

S3 memsweep2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-08-07 10:53 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-07 10:53 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-07 10:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2

2009-08-07 10:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-07 10:26 <DIR> --d----- c:\program files\SpywareBlaster

2009-08-07 10:25 <DIR> --d----- c:\program files\a-squared Free

2009-08-07 08:57 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0

2009-08-07 08:55 55,656 a------- c:\windows\system32\drivers\avgntflt.sys

2009-08-07 08:55 <DIR> --d----- c:\program files\Avira

2009-08-07 08:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira

2009-08-06 16:05 <DIR> --d----- C:\AVG Anti-Rootkit Free

2009-08-06 16:02 5,760 -------- c:\windows\system32\2.tmp

2009-08-06 15:47 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys

2009-08-06 15:46 <DIR> --d----- c:\docume~1\jwood\applic~1\AVG8

2009-08-06 15:20 12,288 a------- c:\windows\system32\braviax.exe

2009-08-06 15:15 28 a------- c:\windows\system32\'

2009-08-06 15:15 6,016 a------- c:\windows\system32\drivers\vnccom.SYS

2009-08-06 15:10 146,432 a------- c:\windows\msa.exe

2009-08-06 13:21 5,760 -------- c:\windows\system32\1.tmp

2009-08-06 12:46 66,560 a------- C:\yaewfl.exe

2009-08-06 12:45 38,912 a------- C:\purdrh.exe

2009-08-06 12:45 42,598 a------- C:\ydyoufm.exe

2009-08-06 12:45 10,752 a------- C:\usgxliug.exe

2009-08-06 12:44 90,624 a------- C:\criqmsck.exe

2009-08-06 12:43 89,164 a------- c:\windows\system32\drivers\64f065c9.sys

2009-08-06 12:43 91,648 a------- C:\phheq.exe

2009-08-06 12:43 42,598 a------- C:\yedfjdy.exe

2009-08-06 12:43 24,576 a------- c:\windows\system32\tapi.nfo

2009-08-06 12:43 2 a------- C:\539440181

2009-08-06 12:43 9,728 a------- C:\umoikchf.exe

2009-07-31 14:27 <DIR> --d----- c:\program files\Shared

==================== Find3M ====================

2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll

2009-06-29 09:12 78,336 a------- c:\windows\system32\ieencode.dll

2009-06-29 09:12 17,408 a------- c:\windows\system32\corpol.dll

2009-06-16 20:25 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll

2008-04-07 09:31 557,056 a------- c:\documents and settings\jwood\GoToAssist_phone__317_en.exe

============= FINISH: 11:13:18.68 ===============

NEXT

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/30/2005 11:51:11 AM

System Uptime: 8/7/2009 10:31:34 AM (1 hours ago)

Motherboard: Hewlett-Packard | | 09E8h

Processor: Intel® Pentium® 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/800mhz

Processor: Intel® Pentium® 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 24.929 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\4&1117367&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\4&1117367&0

Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

a-squared Free 4.5

Adobe Acrobat 5.0

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0.9

Adobe Shockwave Player 11

AVG Anti-Rootkit Free

Avira AntiVir Personal - Free Antivirus

CCI Lab Database

Critical Update for Windows Media Player 11 (KB959772)

FedEx Ship Manager

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

hp deskjet 3500 series

IDAutomation.com Code 39 Free Font

Ink Formulation 4.2

Intel® Graphics Media Accelerator Driver

Intel® PROSet II

Java 6 Update 11

LiveReg (Symantec Corporation)

LiveUpdate 2.5 (Symantec Corporation)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 97, Professional Edition

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Windows Script 5.7

Microsoft XML Parser

MSXML 6 Service Pack 2 (KB954459)

Norton AntiVirus Corporate Edition

Paint.NET v3.36

QBXMLRP2

QVT/Term

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893066)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB973346)

Sophos Anti-Rootkit 1.3.1

SoundMAX

SpywareBlaster 4.2

Symantec pcAnywhere

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB925876)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

WD FAT32 Formatter

WebEx MeetMeNow

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/7/2009 9:44:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb awlegacy Fips intelppm ssmdrv

8/7/2009 9:28:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/7/2009 9:04:08 AM, error: Service Control Manager [7000] - The lavasoft ad-aware service service failed to start due to the following error: Access is denied.

8/7/2009 9:04:03 AM, error: Service Control Manager [7031] - The lavasoft ad-aware service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

8/7/2009 8:59:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb awlegacy Fips intelppm

8/7/2009 11:08:07 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/7/2009 10:27:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/6/2009 4:37:59 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.

8/6/2009 4:37:59 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.

8/6/2009 4:36:47 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CCI due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

8/6/2009 4:11:59 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

8/6/2009 4:11:59 PM, error: Service Control Manager [7034] - The DefWatch service terminated unexpectedly. It has done this 1 time(s).

8/6/2009 4:10:51 PM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b

8/6/2009 4:08:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/6/2009 3:58:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: awlegacy Fips intelppm

8/6/2009 3:58:32 PM, error: Service Control Manager [7001] - The vnccom service depends on the vncdrv service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2009 3:53:33 PM, error: Service Control Manager [7034] - The Intel® NMS service terminated unexpectedly. It has done this 1 time(s).

8/6/2009 3:10:00 PM, information: Windows File Protection [64007] - The protected system file scecli.dll could not be verified as valid because the file was in use. Use the SFC utility to verify the integrity of the file at a later time.

==== End Of File ===========================

Link to post
Share on other sites

Hello & Welcome to Malwarebytes'

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Options, then click Track this topic. Make sure it is set to Immediate Email Notification, then click Proceed.

In the meantime please note the following:

  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

Gmer

Download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
    th_Gmer_initScan.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*]Then click the Scan button & wait for it to finish

    [*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file

    [*]Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:

Contents of Gmer log

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.