Jump to content

MBAM disapears when running


Recommended Posts

I believe i have a virus I can't get rid of. I can't run AVG, MBAM also get an error on startup from ms saying a run dll as an app has encountered a prob. Tried running MBAM in safe mode with no luck. Tried restoring to an earlier date with no luck. Tried rkill.com, still can't run mbam. Was able to run dds.scr and have the logs. Any help in clearing this would be greatly appreciated.

Thanks Jim :-)

dds.txt

attach.txt

Link to post
Share on other sites

Sorry i sent the file, i think you wanted the contents. Here they are.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jimbo at 18:21:00 on 2011-10-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.219 [GMT -3:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

G:\PROGRA~1\AVG\AVG10\avgchsvx.exe

G:\PROGRA~1\AVG\AVG10\avgrsx.exe

G:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

G:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

G:\WINDOWS\Explorer.EXE

G:\WINDOWS\system32\spoolsv.exe

G:\Program Files\ATI Multimedia\main\ATIDtct.EXE

G:\Program Files\VIAudioi\SBADeck\ADeck.exe

G:\WINDOWS\system32\VTTimer.exe

G:\WINDOWS\system32\VTtrayp.exe

G:\Program Files\ATI Technologies\ATI.ACE\cli.exe

G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

G:\Program Files\Common Files\Java\Java Update\jusched.exe

G:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

G:\WINDOWS\system32\ctfmon.exe

G:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

svchost.exe

G:\Program Files\AVG\AVG10\avgwdsvc.exe

G:\WINDOWS\system32\svchost.exe -k HPService

G:\WINDOWS\system32\inetsrv\inetinfo.exe

G:\WINDOWS\System32\svchost.exe -k HPZ12

G:\WINDOWS\System32\svchost.exe -k HPZ12

G:\WINDOWS\System32\svchost.exe -k imgsvc

G:\WINDOWS\system32\wuauclt.exe

G:\Program Files\AVG\AVG10\avgnsx.exe

G:\WINDOWS\System32\svchost.exe -k HTTPFilter

G:\Program Files\ATI Technologies\ATI.ACE\cli.exe

G:\Program Files\ATI Technologies\ATI.ACE\cli.exe

G:\Documents and Settings\Jimbo\Application Data\mjusbsp\st00000\mjsetup.exe

G:\Documents and Settings\Jimbo\Application Data\mjusbsp\magicJack.exe

G:\WINDOWS\system32\WISPTIS.EXE

"G:\WINDOWS\system32\svchost.exe"

G:\Program Files\AVG\AVG10\avgmfapx.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/ig

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - g:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program files\avg\avg10\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - g:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - g:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - g:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] g:\windows\system32\ctfmon.exe

uRun: [ATI Launchpad] "g:\program files\ati multimedia\main\LaunchPd.exe"

uRun: [ATI Remote Control] g:\program files\ati multimedia\remctrl\ATIRW.exe

uRun: [cdloader] "g:\documents and settings\jimbo\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [Google Update] "g:\documents and settings\jimbo\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [ATI DeviceDetect] g:\program files\ati multimedia\main\ATIDtct.EXE

mRun: [AudioDeck] g:\program files\viaudioi\sbadeck\ADeck.exe 1

mRun: [VTTimer] VTTimer.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [ATICCC] "g:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [QuickTime Task] "g:\program files\quicktime\qttask.exe" -atboottime

mRun: [uSB2Check] RUNDLL32.EXE "g:\windows\system32\PCLECoInst.dll",CheckUSBController

mRun: [AVG_TRAY] g:\program files\avg\avg10\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "g:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "g:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "g:\program files\common files\java\java update\jusched.exe"

mRun: [PMBVolumeWatcher] g:\program files\sony\pmb\PMBVolumeWatcher.exe

dRun: [CTFMON.EXE] g:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "g:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: g:\docume~1\jimbo\startm~1\programs\startup\openof~1.lnk - g:\program files\openoffice.org 3\program\quickstart.exe

IE: &ieSpell Options - g:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - g:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - g:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://g:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://g:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://g:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://g:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - g:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

Trusted Zone: microsoft.com\office

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.epost.ca/printing/smsx.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188614263602

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191806098781

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{F1B66345-8D54-47FF-A64E-157B9AED87F6} : DhcpNameServer = 192.168.2.1 192.168.2.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - g:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - g:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\program files\avg\avg10\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - g:\progra~1\wifd1f~1\MpShHook.dll

SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - g:\progra~1\dvdreg~1\DVDShell.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;g:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;g:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;g:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;g:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;g:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]

R2 avgwd;AVG WatchDog;g:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R3 AVGIDSDriver;AVGIDSDriver;g:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;g:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;g:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

S2 AVGIDSAgent;AVGIDSAgent;g:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 WinDefend;Windows Defender;g:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;g:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-7 1025352]

.

=============== Created Last 30 ================

.

2011-10-24 03:46:00 41272 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys

2011-10-24 03:45:26 22216 ----a-w- g:\windows\system32\drivers\mbam.sys

2011-10-24 03:34:49 -------- d-----w- g:\windows\system32\wbem\repository\FS

2011-10-24 03:34:49 -------- d-----w- g:\windows\system32\wbem\Repository

2011-10-24 00:38:07 -------- d-sh--w- g:\documents and settings\jimbo\local settings\application data\0066a907

2011-10-18 21:41:36 -------- d-----w- g:\program files\Hamster Soft

2011-10-10 10:42:10 3727720 ----a-w- g:\windows\system32\d3dx9_35.dll

2011-10-10 10:41:40 -------- d-----w- g:\windows\Logs

2011-10-10 10:39:07 -------- d-----w- g:\program files\Sony

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/29/2007 1:21:33 AM

System Uptime: 10/24/2011 6:15:12 PM (0 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7181

Processor: AMD Sempron Processor 3400+ | Socket 940 | 2009/201mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 4.09 GiB free.

D: is FIXED (NTFS) - 37 GiB total, 27.759 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is FIXED (NTFS) - 56 GiB total, 27.009 GiB free.

L: is CDROM ()

M: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Linksys Wireless-G PCI Adapter

Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\3&13C0B0C5&0&48

Manufacturer: Linksys, A Division of Cisco Systems, Inc.

Name: Linksys Wireless-G PCI Adapter

PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\3&13C0B0C5&0&48

Service: RT2500

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP1219: 9/7/2011 8:57:55 PM - System Checkpoint

RP1220: 9/8/2011 9:34:19 PM - System Checkpoint

RP1221: 9/9/2011 10:34:14 PM - System Checkpoint

RP1222: 9/10/2011 11:34:14 PM - System Checkpoint

RP1223: 9/12/2011 12:34:15 AM - System Checkpoint

RP1224: 9/13/2011 1:34:15 AM - System Checkpoint

RP1225: 9/14/2011 2:34:14 AM - System Checkpoint

RP1226: 9/15/2011 3:33:56 AM - System Checkpoint

RP1227: 9/16/2011 3:00:17 AM - Software Distribution Service 3.0

RP1228: 9/17/2011 3:29:43 AM - System Checkpoint

RP1229: 9/18/2011 4:29:44 AM - System Checkpoint

RP1230: 9/19/2011 5:29:43 AM - System Checkpoint

RP1231: 9/20/2011 6:29:43 AM - System Checkpoint

RP1232: 9/21/2011 7:29:43 AM - System Checkpoint

RP1233: 9/22/2011 8:29:44 AM - System Checkpoint

RP1234: 9/23/2011 9:29:49 AM - System Checkpoint

RP1235: 9/24/2011 10:29:51 AM - System Checkpoint

RP1236: 9/25/2011 12:34:27 PM - System Checkpoint

RP1237: 9/26/2011 1:29:51 PM - System Checkpoint

RP1238: 9/27/2011 2:29:51 PM - System Checkpoint

RP1239: 9/28/2011 3:29:50 PM - System Checkpoint

RP1240: 9/29/2011 3:00:18 AM - Software Distribution Service 3.0

RP1241: 9/30/2011 3:29:51 AM - System Checkpoint

RP1242: 10/1/2011 4:30:11 AM - System Checkpoint

RP1243: 10/2/2011 5:29:56 AM - System Checkpoint

RP1244: 10/3/2011 6:29:56 AM - System Checkpoint

RP1245: 10/4/2011 7:29:57 AM - System Checkpoint

RP1246: 10/5/2011 8:29:58 AM - System Checkpoint

RP1247: 10/6/2011 9:29:58 AM - System Checkpoint

RP1248: 10/7/2011 10:30:00 AM - System Checkpoint

RP1249: 10/8/2011 11:30:02 AM - System Checkpoint

RP1250: 10/9/2011 12:30:01 PM - System Checkpoint

RP1251: 10/10/2011 7:38:59 AM - Installed PMB

RP1252: 10/10/2011 7:41:57 AM - Installed DirectX

RP1253: 10/11/2011 3:00:18 AM - Software Distribution Service 3.0

RP1254: 10/12/2011 3:30:02 AM - System Checkpoint

RP1255: 10/13/2011 3:00:18 AM - Software Distribution Service 3.0

RP1256: 10/14/2011 3:00:17 AM - Software Distribution Service 3.0

RP1257: 10/15/2011 3:19:38 AM - System Checkpoint

RP1258: 10/16/2011 4:19:42 AM - System Checkpoint

RP1259: 10/17/2011 5:19:42 AM - System Checkpoint

RP1260: 10/18/2011 12:33:25 AM - Installed DirectX

RP1261: 10/19/2011 1:25:56 AM - System Checkpoint

RP1262: 10/20/2011 1:35:01 AM - System Checkpoint

RP1263: 10/21/2011 2:25:53 AM - System Checkpoint

RP1264: 10/22/2011 3:21:48 AM - System Checkpoint

RP1265: 10/23/2011 3:26:30 AM - System Checkpoint

RP1266: 10/23/2011 10:12:38 PM - Restore Operation

RP1267: 10/23/2011 11:01:22 PM - Restore Operation

RP1268: 10/23/2011 11:36:41 PM - Software Distribution Service 3.0

RP1269: 10/24/2011 12:12:51 AM - Restore Operation

RP1270: 10/24/2011 12:16:23 AM - Restore Operation

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.3.1

Adobe® Photoshop® Album Starter Edition 3.2

AMD Processor Driver

ArcSoft Panorama Maker 3.0

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Decoder

ATI Display Driver

ATI HYDRAVISION

ATI Multimedia Center

ATI Multimedia Center 9.01

ATI Remote Wonder 2.3

ATIRW2

AVG 2011

BufferChm

C309g-m

CCleaner

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

DAO

DriverAgent by eSupport.com

DriverAgent by TouchStone Software

DVD Region+CSS Free 5.9.8.5

getPlus®_ocx

Google Chrome

GoToAssist Express Expert 1.0.0.152

Hollywood FX 5.5 Additional Effects

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

hp deskjet 5600

hp deskjet 5600 series

HP Photo and Imaging 1.2 - Photosmart Cameras

HP Photo Creations

HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6

HP Smart Web Printing 4.60

ieSpell

ImgBurn

Jasc Paint Shop Pro 8

Java Auto Updater

Java 6 Update 2

Java 6 Update 20

Java 6 Update 26

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

LightScribe 1.4.109.1

magicJack

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Outlook Personal Folders Backup

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

MSXML 6.0 Parser (KB933579)

Nero Suite

Network

OpenOffice.org 3.2

Pinnacle Hollywood FX for Studio

Pinnacle Systems USB-2 Device Drivers

Platform

PMB

proDAD Heroglyph 1.0

proDAD Heroglyph 2.0

PS_AIO_06_C309g-m_SW_Min

QuickTime

QuickTransfer

Recover Files 2.1

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975254)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976323)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SmartSound Quicktracks Plugin

SmartWebPrinting

Studio 9

Studio 9 Content CD/DVD

TestKing Q and A - CompTIA 220-601 DEMO

TestKing Q and A - Microsoft 70-291 DEMO

Toolbox

Ulead Photo Explorer 8.0 SE Basic

Ulead VideoStudio 8.0 SE VCD

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIA Platform Device Manager

VIA Rhine-Family Fast-Ethernet Adapter

VIA/S3G Display Driver

VIA/S3G Display Driver 6.14.10.0297

WebFldrs XP

WebReg

WinASO Registry Optimizer 4.6.5

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

WinUndelete

WinZip

XML Paper Specification Shared Components Pack 1.0

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

10/24/2011 6:20:55 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

10/24/2011 6:19:18 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/24/2011 6:16:36 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: Access is denied.

10/24/2011 12:12:33 AM, error: Service Control Manager [7000] - The Ulead Burning Helper service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 12:12:33 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 12:12:33 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The system cannot find the file specified.

10/24/2011 12:00:10 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

10/23/2011 9:59:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

10/23/2011 9:58:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/23/2011 9:56:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Avgldx86 Avgmfx86 Fips PCLEPCI

10/23/2011 9:56:15 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.

10/23/2011 9:56:15 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.

10/23/2011 9:56:15 PM, error: Service Control Manager [7001] - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.

10/23/2011 9:55:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

10/23/2011 9:55:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/23/2011 11:59:29 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the file specified.

10/23/2011 11:59:29 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/23/2011 11:57:08 PM, error: Service Control Manager [7000] - The Ulead Burning Helper service failed to start due to the following error: Access is denied.

10/23/2011 11:57:08 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: Access is denied.

10/23/2011 11:57:08 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: Access is denied.

10/23/2011 11:57:08 PM, error: Service Control Manager [7000] - The InCD Helper service failed to start due to the following error: Access is denied.

10/23/2011 11:57:08 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.

10/23/2011 11:57:07 PM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: Access is denied.

10/23/2011 10:52:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

10/23/2011 10:25:27 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

10/23/2011 10:25:19 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

10/23/2011 10:23:31 PM, error: Service Control Manager [7023] - The World Wide Web Publishing service terminated with the following error: TCP/IP network protocol not installed.

10/23/2011 10:23:31 PM, error: Service Control Manager [7023] - The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: TCP/IP network protocol not installed.

10/23/2011 10:23:31 PM, error: Service Control Manager [7023] - The FTP Publishing service terminated with the following error: TCP/IP network protocol not installed.

10/23/2011 10:12:36 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

.

==== End Of File ===========================

Link to post
Share on other sites

I thought I could help and read a post similar to this and downloaded TDSSKILLER. I ran this several times in safe mode and with the system booted all the way up. It found rootkit.win32.pmax.gen; service: 66A907. I removed this and rebooted; after other reboots running this program came up with service of imapi; netbt; cdrom; MRxSub; AFD and AFS2K and 66A907 again. I shut down system restore for now until the bugs are out. By doing this I was able to reload MBAM and run it. It found one trogen and I deleted it. I was then able to repair my AVG and once loaded pulled more bugs out. I still get the msg from MS about a run dll as an app encountered a problem and to report it to MS. After I run a complete MBAM and AVG on the whole system I was thinking this problem might be something trying to load at startup. I could try unchecking my items in startup tab in msconfig to see if I could find it. I'll report tomorrow with my results.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.