TechSpot

May have malware eating my hard disk memory

Inactive
By manari
Nov 28, 2012
  1. Hi
    first of all I am sorry with my bad english, speak no well write almost the same..
    so here it is

    MBAM LOG
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.28.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    samid :: TKUNT [administrator]

    Protection: Enabled

    29/11/2012 5:15:41
    mbam-log-2012-11-29 (05-15-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 187778
    Time elapsed: 55 minute(s), 45 second(s)

    Memory Processes Detected: 1
    C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> 236 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

    (end)
     
  2. manari

    manari TS Rookie Topic Starter

    DDS LOG
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
    Run by samid at 6:24:36 on 2012-11-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.435 [GMT 7:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBI.EXE
    C:\Documents and Settings\samid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=115850&tt=3612_2&babsrc=HP_ss&mntrId=ac9ac1cf00000000000000ff260cb267
    mStart Page = hxxp://home.allgameshome.com/
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [EPSON Stylus T11 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiebi.exe /fu "c:\windows\temp\E_SC5.tmp" /EF "HKCU"
    uRun: [Google Update] "c:\documents and settings\samid\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download dengan IDM - c:\program files\internet download manager\IEExt.htm
    IE: Download semua link dengan IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    TCP: NameServer = 68.233.249.110 8.8.8.8
    TCP: Interfaces\{6E866ACB-385F-4EFE-B14D-14E4D1F70AE6} : NameServer = 222.124.204.34,8.8.8.8
    TCP: Interfaces\{6E866ACB-385F-4EFE-B14D-14E4D1F70AE6} : DHCPNameServer = 68.233.249.110 8.8.8.8
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    IFEO: taskmgr.exe - c:\program files\tuneup utilities 2013\PMLauncher.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\samid\application data\mozilla\firefox\profiles\xwsdktb9.default\
    FF - prefs.js: Keyword.Enabled - true
    FF - prefs.js: browser.search.selectedEngine - AllGamesHome Search
    FF - prefs.js: browser.startup.homepage - hxxp://home.allgameshome.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - prefs.js: network.proxy.ftp - PROXIES.TELKOM.NET.ID
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - PROXIES.TELKOM.NET.ID
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - PROXIES.TELKOM.NET.ID
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - PROXIES.TELKOM.NET.ID
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\samid\application data\mozilla\firefox\profiles\xwsdktb9.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\samid\application data\mozilla\firefox\profiles\xwsdktb9.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\samid\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - ac9ac1cf0000000000000030670ed37d
    FF - user.js: extensions.BabylonToolbar_i.hardId - ac9ac1cf0000000000000030670ed37d
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ac9ac1cf00000000000000ff260cb267&q=
    FF - user.js: extensions.BabylonToolbar.id - ac9ac1cf00000000000000ff260cb267
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15592
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1218:11:58
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115850&tt=3612_2
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-19 36000]
    R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-1-26 104072]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-19 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-19 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-19 83392]
    R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-11-2 527216]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-11-2 389488]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-29 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-29 676936]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2013\TuneUpUtilitiesService32.exe [2012-9-19 1699168]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-29 22856]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2013\TuneUpUtilitiesDriver32.sys [2012-9-18 10088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [2012-5-8 8192]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-2-19 1684736]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2012-3-4 20608]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [2012-3-4 500736]
    .
    =============== Created Last 30 ================
    .
    2012-11-28 22:09:45--------dc----w-c:\documents and settings\samid\application data\Malwarebytes
    2012-11-28 22:09:22--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
    2012-11-28 22:09:1722856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-28 22:09:17--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-11-28 10:15:4831584----a-w-c:\windows\system32\TURegOpt.exe
    2012-11-28 10:14:39--------dc----w-c:\documents and settings\samid\application data\TuneUp Software
    2012-11-28 10:13:53--------d-----w-c:\program files\TuneUp Utilities 2013
    2012-11-28 10:13:08--------d-----w-c:\documents and settings\all users\application data\TuneUp Software
    2012-11-28 10:11:56--------d-sh--w-c:\documents and settings\all users\application data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2012-11-28 10:11:56--------d-----w-c:\documents and settings\all users\application data\Common Files
    2012-11-28 06:05:13--------d-----w-c:\windows\pss
    2012-11-27 20:40:03--------d-----w-c:\program files\Mega Codec Pack
    2012-11-15 18:55:26--------dc----w-c:\documents and settings\samid\application data\mIRC
    2012-11-15 18:55:26--------d-----w-c:\program files\mIRC
    2012-11-13 07:45:19--------d-----w-c:\documents and settings\all users\application data\PopCap Games
    2012-11-13 07:45:05--------d-----w-c:\program files\PopCap Games
    2012-11-13 07:34:56--------d-----w-c:\program files\RealArcade
    2012-11-06 04:54:35--------d-----w-c:\documents and settings\samid\local settings\application data\Adobe
    .
    ==================== Find3M ====================
    .
    2012-11-21 18:47:48697272----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-11-21 18:47:4773656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-01 18:22:3040200----a-w-c:\windows\system32\drivers\hssdrv.sys
    2012-09-24 16:16:3693672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-09-22 11:08:58821736----a-w-c:\windows\system32\npDeployJava1.dll
    2012-09-22 11:08:58746984----a-w-c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 6:32:37,42 ===============
     
  3. manari

    manari TS Rookie Topic Starter

    ATTACH
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/19/2012 1:04:45 PM
    System Uptime: 11/29/2012 6:17:07 AM (0 hours ago)
    .
    Motherboard: BIOSTAR Group | | GF8100 M2+ SE
    Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 10 GiB total, 0.177 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 1.427 GiB free.
    E: is FIXED (NTFS) - 50 GiB total, 4.408 GiB free.
    F: is FIXED (NTFS) - 75 GiB total, 1.43 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Audio Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0002&SUBSYS_10DE0101&REV_1000\4&1FD1EC0B&0&0301
    Manufacturer:
    Name: Audio Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0002&SUBSYS_10DE0101&REV_1000\4&1FD1EC0B&0&0301
    Service:
    .
    ==== System Restore Points ===================
    .
    RP191: 11/28/2012 4:32:48 PM - System Checkpoint
    RP192: 11/28/2012 5:13:46 PM - Installed TuneUp Utilities 2013
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    7-Zip 9.15
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Avira Free Antivirus
    D-Fend Reloaded 1.3.1 (deinstall)
    Driver Genius Professional Edition
    EPSON Stylus T11 Series Printer Uninstall
    Google Chrome
    Hotspot Shield 2.76
    hott notes 4
    Internet Download Manager
    iTool Video Converter 1.06.02
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.1
    K-Lite Codec Pack 9.5.5 (Full)
    Mah Jong Quest
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Software Update for Web Folders (English) 14
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    mIRC
    Mozilla Firefox 10.0.2 (x86 id)
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    PDF to Word
    Picasa 3
    QuickTime Alternative 3.2.2
    Real Alternative 2.0.2
    Realtek High Definition Audio Driver
    Technitium MAC Address Changer v5.0 Release 3
    TuneUp Utilities 2013
    TuneUp Utilities Language Pack (en-US)
    Ulead VideoStudio 11
    VideoStudio
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    WinRAR archiver
    Yahoo! Messenger
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/29/2012 6:17:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    11/28/2012 5:56:24 PM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2012 11:47:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Volume Shadow Copy service to connect.
    11/28/2012 11:47:25 AM, error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/28/2012 11:47:05 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    11/28/2012 11:11:54 AM, error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2012 11:11:43 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2012 11:11:33 AM, error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/28/2012 11:11:29 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/28/2012 11:11:27 AM, error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
    11/28/2012 11:11:23 AM, error: Service Control Manager [7031] - The KMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/28/2012 11:10:51 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
    11/28/2012 10:19:38 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the ffdshow manager service, but this action failed with the following error: An instance of the service is already running.
    11/28/2012 10:19:08 AM, error: Service Control Manager [7031] - The ffdshow manager service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/28/2012 10:18:51 AM, error: Service Control Manager [7031] - The ffdshow manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/28/2012 10:18:37 AM, error: Service Control Manager [7031] - The ffdshow manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/24/2012 1:46:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
    11/24/2012 1:45:03 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 804ef620, parameter3 f460bac4, parameter4 00000000.
    11/23/2012 3:58:10 AM, error: Dhcp [1002] - The IP address lease 10.107.8.23 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.183.254 (The DHCP Server sent a DHCPNACK message).
    11/23/2012 2:30:15 AM, error: Dhcp [1002] - The IP address lease 10.107.80.11 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.15.254 (The DHCP Server sent a DHCPNACK message).
    11/23/2012 1:33:27 AM, error: Dhcp [1002] - The IP address lease 10.107.104.140 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.87.254 (The DHCP Server sent a DHCPNACK message).
    11/23/2012 1:00:43 AM, error: Dhcp [1002] - The IP address lease 10.107.16.53 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.111.254 (The DHCP Server sent a DHCPNACK message).
    11/22/2012 11:48:12 PM, error: Dhcp [1002] - The IP address lease 10.107.16.140 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.23.254 (The DHCP Server sent a DHCPNACK message).
    11/22/2012 11:46:57 PM, error: Dhcp [1002] - The IP address lease 10.107.104.106 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.23.254 (The DHCP Server sent a DHCPNACK message).
    11/22/2012 11:35:27 PM, error: Dhcp [1002] - The IP address lease 10.193.120.105 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.111.254 (The DHCP Server sent a DHCPNACK message).
    11/22/2012 11:34:40 PM, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
    11/22/2012 11:33:03 PM, error: Dhcp [1002] - The IP address lease 10.187.184.16 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.193.127.254 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  4. manari

    manari TS Rookie Topic Starter

    Looking forward for any help

    thank you
     
  5. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.