TechSpot

[A] Please help me remove a crypt.AQWL infection

By Jessica
Apr 16, 2012
  1. Hello,

    I have a trojan horse on my computer (crypt.AQWL). I have tried to follow the 5-step plan to obtain the logs but my computer won't download anymore in firefox. I have tried it in explorer but then I get a pop-up from my anti-virus (AVG) that it detected a virus in the malwarebytes anti-malware and it's impossible to run it.
    Should I turn of my anti-virus and try to download the anti-malware again in explorer?

    Can somebody please help me? Thanks
     
  2. Jessica

    Jessica TS Rookie Topic Starter

    I have just tried to access windows firewall but I can't get in. The system can not makes changes and gives an error code. The same with AVG, I can't run any scan anymore and it says my computer is no longer protected. I'm starting to get worried now..
     
  3. Jessica

    Jessica TS Rookie Topic Starter

    I have run the scans. It was possible to download the programs in safe mode.

    The first one from malware is in Dutch. I hope that's not a problem..

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400
    www.malwarebytes.org

    Databaseversie: v2012.04.16.01

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Vaio :: VAIO-PC [administrator]

    Realtime bescherming: Ingeschakeld

    16/04/2012 13:23:03
    mbam-log-2012-04-16 (13-23-03).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 214470
    Verstreken tijd: 13 minuut/minuten, 46 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 1
    C:\Windows\System32\s217mdfl.dll (RootKit.0Access.H) -> Zal worden verwijderd tijdens het herstarten.

    Registersleutels gedetecteerd: 62
    HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.Scopes (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\HBLiteAx.Info (Adware.HotBar) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\HBLiteAx.Info.1 (Adware.HotBar) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\HBLiteAX.UserProfiles (Adware.HotBar) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.Dwnldr (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.HbAx (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.HbGuru (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.IEButton (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.IEButtonA (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.ReportData (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\hblitesa (Adware.HotBar) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
     
  4. Jessica

    Jessica TS Rookie Topic Starter

    Registerwaarden gedetecteerd: 4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.70.0 (Adware.HotBar) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790675B47659503FA999 (Malware.Trace) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 21
    C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Vaio\AppData\Roaming\HBLite (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Vaio\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\HBLite (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\HBLite\bin (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\HBLite\bin\11.0.363.0 (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\HBLite\bin\11.0.363.0\firefox (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions\plugins (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 48
    C:\Windows\System32\s217mdfl.dll (RootKit.0Access.H) -> Zal worden verwijderd tijdens het herstarten.
    C:\Windows\System32\CVPNDRVA.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\s716bus.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\osaio.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\flpydisk.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\lxce_device.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\bc_ip_f.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\ZTEusbmdm6k.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\websenseclientdeployservice.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\awecho.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\swenum.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\se44mdm.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\FreshIO.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\cdaudio.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\WcesComm.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\avfilter.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\lirsgt.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\nfmservice.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\pav_security.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\ser2pl.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\sharedaccess.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\YMIDUSB.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\w300mdfl.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\enecbpth.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\WinDriver6.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\System32\cimnotify.dll (RootKit.0Access.H) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\CmndFF.dll (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Vaio\AppData\Local\Temp\nswC70B.tmp\uninstall.exe (Adware.QuestScan) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\link.ico (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\ShopperReports3\bin\3.1.70.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
     
  5. Jessica

    Jessica TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-04-16 15:03:14
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2400BT_G1 rev.0041000C
    Running: uj5s2xg9.exe; Driver: C:\Users\Vaio\AppData\Local\Temp\kxldypog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90940D92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Services - GMER 1.0.15 ----

    Service C:\Windows\system32\spool\prtprocs\svhost.exe (*** hidden *** ) [DISABLED] ComputerBrowser32 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
     
  6. Jessica

    Jessica TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Vaio at 15:07:00 on 2012-04-16
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3039.1880 [GMT 2:00]
    .
    AV: AVG Anti-Virus *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Anti-Virus *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\spool\prtprocs\svhost.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\HP\HP Photosmart Plus B210 series\bin\HPNetworkCommunicator.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Belgium Identity Card\beid35gui.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Vaio\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Vaio\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.4\pdfforgeToolbarIE.dll
    mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.4\pdfforgeToolbarIE.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
    TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.4\pdfforgeToolbarIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [Akamai NetSession Interface] "c:\users\vaio\appdata\local\akamai\netsession_win.exe"
    uRun: [Spotify] "c:\users\vaio\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\users\vaio\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 195.130.131.133 195.130.130.5
    TCP: Interfaces\{29491F34-70FB-4A6B-9CAC-0F12D5A430A2} : DhcpNameServer = 195.130.131.133 195.130.130.5
    TCP: Interfaces\{29491F34-70FB-4A6B-9CAC-0F12D5A430A2}\3756D696 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{29491F34-70FB-4A6B-9CAC-0F12D5A430A2}\4656661657C647 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{29491F34-70FB-4A6B-9CAC-0F12D5A430A2}\46C696E6B6 : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
     
  7. Jessica

    Jessica TS Rookie Topic Starter

    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\vaio\appdata\roaming\mozilla\firefox\profiles\fcj7knfn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
    FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\vaio\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\vaio\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-16 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-16 337880]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-12 784792]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-16 20696]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-16 57688]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-16 44768]
    R2 ComputerBrowser32;ComputerBrowser32;c:\windows\system32\spool\prtprocs\svhost.exe --> c:\windows\system32\spool\prtprocs\svhost.exe [?]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-16 654408]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-18 497856]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-16 22344]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
    S2 DMUSBUSBDCam;Nvnforce;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176]
    S2 mcproxy;XDva004;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S2 pavagente;W700mdm;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S2 ZDCNDIS5;Stirusb;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S2 ZY202_XP;Netw4x32;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2009-12-15 37632]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-16 1343400]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-04 07:41:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-17 21:45:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-02 18:30:09 801792 ----a-w- c:\windows\system32\FntCache.dll
    2012-03-02 18:30:09 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-03-02 18:30:09 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2012-03-02 18:30:09 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2012-03-02 18:30:08 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2012-03-02 18:30:08 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2012-03-02 18:30:08 3181568 ----a-w- c:\windows\system32\mf.dll
    2012-03-02 18:30:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2012-03-02 18:30:08 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2012-03-02 18:30:08 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2012-03-02 18:30:08 107520 ----a-w- c:\windows\system32\cdd.dll
    2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
    2012-02-07 09:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
    2012-01-25 05:44:51 57856 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 05:44:50 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 05:40:26 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    ============= FINISH: 15:09:01,60 ===============
     
  8. Jessica

    Jessica TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 26/09/2009 15:04:31
    System Uptime: 16/04/2012 14:40:48 (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | N/A | 792/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 360 GiB total, 78,742 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: 5689
    Device ID: ROOT\LEGACY_5689\0000
    Manufacturer:
    Name: 5689
    PNP Device ID: ROOT\LEGACY_5689\0000
    Service: 5689
    .
    ==== System Restore Points ===================
    .
    RP285: 8/03/2012 13:56:37 - Windows Update
    RP286: 13/03/2012 20:26:49 - Windows Update
    RP287: 14/03/2012 20:31:53 - Windows Update
    RP288: 31/03/2012 23:00:12 - Scheduled Checkpoint
    RP289: 11/04/2012 15:25:22 - Scheduled Checkpoint
    RP290: 12/04/2012 22:18:21 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ACR38U PCSC Driver 1.1.6.1
    Acrobat.com
    Active@ ISO Burner
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0 - Nederlands
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Ask Toolbar Updater
    µTorrent
    avast! Free Antivirus
    Belgium e-ID middleware 3.5.3 (build 6193)
    biodiv 2010 nl Screen Saver
    Bonjour
    BS.Player FREE
    BS_Player Toolbar
    Cisco AnyConnect VPN Client
    DivX Setup
    Facebook Plug-In
    Google Chrome
    Google Update Helper
    GTK+ Runtime 2.14.7 rev a (remove only)
    HP Photosmart Plus B210 series Basic Device Software
    HP Photosmart Plus B210 series Help
    Intkey
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    Malwarebytes Anti-Malware versie 1.61.0.1400
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mihov Image Resizer 1.2 (remove only)
    Mozilla Firefox (3.5.8)
    Mozilla Firefox 11.0 (x86 en-US)
    MSVCRT
    Nero 9.0.9.4 Lite
    PDFCreator
    pdfforge Toolbar v5.4
    Pidgin
    pidgin-otr 3.2.0-1
    PyMOL (32 bit)
    QuickTime
    R for Windows 2.12.0
    RapidShare Manager
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Skype web features
    Skype™ 4.1
    SoulSeek 157 NS 13e
    SpeedyPC Pro
    Spotify
    The KMPlayer (remove only)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    Windows Driver Package - ACS (ACSSCR) SmartCardReader (06/15/2009 1.1.6.1)
    Windows Live - Hulpprogramma voor uploaden
    Windows Live aanmeldhulp
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    WinRAR
    .
     
  9. Jessica

    Jessica TS Rookie Topic Starter

    ==== Event Viewer Messages From Past Week ========
    .
    16/04/2012 15:06:08, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    16/04/2012 14:43:06, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The Usbser service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The Tossmbnt service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The StreamDispatcher service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The Stirusb service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The StickyMesger service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The Roxmediadb9 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The Netw4x32 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The Ini910u service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The Elockservice service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The CVPND service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:29, Error: Service Control Manager [7023] - The Atierecord service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Ypcservice service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Xmlprov service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The WNIPROT5 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The W810mdfl service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Uiusys service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Trackcam4 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Sweepsrv.sys service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Sprtsvc_ddoctorv2 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The SI3112 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Sfilter service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Se44unic service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The SE2Emdm service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The SE2Dmdm service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The SE2Cmdm service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The S7oppitx service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Rxfilter service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Psasrv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The MSICPL service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Mscsptisrv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Lpds service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The LMouFilt service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Lmab_device service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Ipsraidn service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The EntDrv51 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The DLH5X service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The CiscoVpnInstallService service terminated with the following error: The specified module could not be found.
     
  10. Jessica

    Jessica TS Rookie Topic Starter

    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Cdrbsdrv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The CdaC15BA service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:27, Error: Service Control Manager [7023] - The Btwaudio service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Zpnodecollector service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The W550mdm service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The U81xmdfl service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Twotrack service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Sysaidagent service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Susbser service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The SPLITCAM service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Se2Bunic service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Rksample service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The PEVSystemStart service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Pdlndqll service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Ntsecure service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Nsysaudm service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Mcmispupdmgr service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Jtagserver service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The JL2005C service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Ivscheduler service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Igateway service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The IBM_LLC2 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Iaimtv0 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The DVDRC service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Cap7134 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The CA561 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Avsvcmonitor service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Asc3550 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The Anydlc service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7023] - The {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:26, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The ZY202_XP service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Z525mgmt service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The YahooAUService service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The XDva004 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The XAudio service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The WSIMD service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Wmp54gv4svc service terminated with the following error: The specified module could not be found.
     
  11. Jessica

    Jessica TS Rookie Topic Starter

    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Wlluc48b service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Windowblinds service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Wg5n service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The W700mdm service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The W2acehid service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Vncdrv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The UxTuneUp service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Usbmate service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The U81xmdm service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The TVALG service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Tosrfbnp service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Tosporte service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Tfsndrct service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Superproserver service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The StMp3Rec service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The SQLAgent$MICROSOFTSMLBIZ service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Sprtsvc_dellsupportcenter service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Smtpd32 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Slpsvdr service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Slave service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Sisidex service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The SiSGbeXP service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Si3114r5 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Sgeclient service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Se58mdfl service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Se44obex service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The ScsiPort service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Scsiaccess service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Rp_fws service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Roxliveshare9 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The RIOXDRV service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Pxfhserd service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Pdlndlpb service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Patrolagent service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Patrol_scheduler service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Padfsvr service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Nvnforce service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Nvata service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The NtMtlFax service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Nmraapache service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Ndasscsi service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The MREMP50a64 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Moufiltr service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Mirrorv3 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Mcafeeframework service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The M2500 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Lpx service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Lckfldservice service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The KR10I service terminated with the following error: The specified module could not be found.
     
  12. Jessica

    Jessica TS Rookie Topic Starter

    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Ipssvc service terminated with the following error: The specified module could not be found.16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Ihcservice service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Ibmpmdrv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Ialm service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The HssDrv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Hsfhwazl service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Hpgate service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The GBFSHook service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Fsdfwd service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Fetnd5bv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The ESettingsService service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The DSXUSB service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Downloadmanagerlite service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The DMICall service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The DLARTL_M service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The DKbFltr service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Djsnetcn service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Clipsrv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The BrPar service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Bridgemp service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The BoiHwsetup service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Bdrsdrv service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The BCMTPM service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Awhost32 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Avipbb service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Ativraxx service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Areschatserver service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Apache service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Aolavupd service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The AmeLanPc service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Alertservice service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The AGV service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Aeclienthostservice service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Acprfmgrsvc service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The Acdpowerservice service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The A88xEnc service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7023] - The 61883 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:25, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The VirtualCam service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The UBHelper service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The Tvicport service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The TryAndDecideService service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The Smrt service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The Pdlnacom service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The LRMINIPORT service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The HWSCtrl service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The Hmonitor service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The GT891x service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The Axsnmsvc service terminated with the following error: The specified module could not be found.
     
  13. Jessica

    Jessica TS Rookie Topic Starter

    16/04/2012 14:41:24, Error: Service Control Manager [7023] - The Aspnet_state service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Websenseusagemonitor service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Was service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Udfreadr_xp service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Tmtdi service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Oracleorahomeagent service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Nwlnkflt service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Npkcrypt service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Naimagent32 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Mclserviceatl service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The LMS service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The G400 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The BUFADPT service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Bthidenum service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Btaudio service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The Anio service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:17, Error: Service Control Manager [7023] - The AEADIFilters service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:16, Error: Service Control Manager [7023] - The Wuolservice service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:16, Error: Service Control Manager [7023] - The Transactional service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:16, Error: Service Control Manager [7023] - The Pcx1unic service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:16, Error: Service Control Manager [7023] - The OdysseyIM3 service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:16, Error: Service Control Manager [7023] - The ELmon service terminated with the following error: The specified module could not be found.
    16/04/2012 14:41:16, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    16/04/2012 14:41:12, Error: Service Control Manager [7000] - The 5689 service failed to start due to the following error: The system cannot find the file specified.
    16/04/2012 14:41:02, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    16/04/2012 14:41:02, Error: atikmdag [43029] - Display is not active
    16/04/2012 14:31:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    16/04/2012 14:29:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    16/04/2012 14:29:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    16/04/2012 14:28:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    16/04/2012 14:28:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    16/04/2012 14:28:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    16/04/2012 14:28:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    16/04/2012 14:28:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    16/04/2012 14:28:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    16/04/2012 14:28:10, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    16/04/2012 14:14:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 discache spldr Wanarpv6
    16/04/2012 13:39:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86
    16/04/2012 13:09:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    .
    ==== End Of File =========
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...