Inactive May have malware eating my hard disk memory

Status
Not open for further replies.
manari

manari

Hi
first of all I am sorry with my bad english, speak no well write almost the same..
so here it is

MBAM LOG
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.28.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
samid :: TKUNT [administrator]

Protection: Enabled

29/11/2012 5:15:41
mbam-log-2012-11-29 (05-15-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187778
Time elapsed: 55 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> 236 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

(end)
 
DDS LOG
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Run by samid at 6:24:36 on 2012-11-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.435 [GMT 7:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBI.EXE
C:\Documents and Settings\samid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=115850&tt=3612_2&babsrc=HP_ss&mntrId=ac9ac1cf00000000000000ff260cb267
mStart Page = hxxp://home.allgameshome.com/
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office14\GROOVEEX.DLL
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus T11 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiebi.exe /fu "c:\windows\temp\E_SC5.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\samid\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download dengan IDM - c:\program files\internet download manager\IEExt.htm
IE: Download semua link dengan IDM - c:\program files\internet download manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
TCP: NameServer = 68.233.249.110 8.8.8.8
TCP: Interfaces\{6E866ACB-385F-4EFE-B14D-14E4D1F70AE6} : NameServer = 222.124.204.34,8.8.8.8
TCP: Interfaces\{6E866ACB-385F-4EFE-B14D-14E4D1F70AE6} : DHCPNameServer = 68.233.249.110 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
IFEO: taskmgr.exe - c:\program files\tuneup utilities 2013\PMLauncher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\samid\application data\mozilla\firefox\profiles\xwsdktb9.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - AllGamesHome Search
FF - prefs.js: browser.startup.homepage - hxxp://home.allgameshome.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - PROXIES.TELKOM.NET.ID
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - PROXIES.TELKOM.NET.ID
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - PROXIES.TELKOM.NET.ID
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - PROXIES.TELKOM.NET.ID
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\samid\application data\mozilla\firefox\profiles\xwsdktb9.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\samid\application data\mozilla\firefox\profiles\xwsdktb9.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\samid\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - ac9ac1cf0000000000000030670ed37d
FF - user.js: extensions.BabylonToolbar_i.hardId - ac9ac1cf0000000000000030670ed37d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ac9ac1cf00000000000000ff260cb267&q=
FF - user.js: extensions.BabylonToolbar.id - ac9ac1cf00000000000000ff260cb267
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15592
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1218:11:58
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115850&tt=3612_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-19 36000]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-1-26 104072]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-19 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-19 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-19 83392]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-11-2 527216]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-11-2 389488]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-29 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-29 676936]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2013\TuneUpUtilitiesService32.exe [2012-9-19 1699168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-29 22856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2013\TuneUpUtilitiesDriver32.sys [2012-9-18 10088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2012-5-8 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-2-19 1684736]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2012-3-4 20608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [2012-3-4 500736]
.
=============== Created Last 30 ================
.
2012-11-28 22:09:45--------dc----w-c:\documents and settings\samid\application data\Malwarebytes
2012-11-28 22:09:22--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
2012-11-28 22:09:1722856----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-28 22:09:17--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-11-28 10:15:4831584----a-w-c:\windows\system32\TURegOpt.exe
2012-11-28 10:14:39--------dc----w-c:\documents and settings\samid\application data\TuneUp Software
2012-11-28 10:13:53--------d-----w-c:\program files\TuneUp Utilities 2013
2012-11-28 10:13:08--------d-----w-c:\documents and settings\all users\application data\TuneUp Software
2012-11-28 10:11:56--------d-sh--w-c:\documents and settings\all users\application data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-28 10:11:56--------d-----w-c:\documents and settings\all users\application data\Common Files
2012-11-28 06:05:13--------d-----w-c:\windows\pss
2012-11-27 20:40:03--------d-----w-c:\program files\Mega Codec Pack
2012-11-15 18:55:26--------dc----w-c:\documents and settings\samid\application data\mIRC
2012-11-15 18:55:26--------d-----w-c:\program files\mIRC
2012-11-13 07:45:19--------d-----w-c:\documents and settings\all users\application data\PopCap Games
2012-11-13 07:45:05--------d-----w-c:\program files\PopCap Games
2012-11-13 07:34:56--------d-----w-c:\program files\RealArcade
2012-11-06 04:54:35--------d-----w-c:\documents and settings\samid\local settings\application data\Adobe
.
==================== Find3M ====================
.
2012-11-21 18:47:48697272----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-11-21 18:47:4773656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-01 18:22:3040200----a-w-c:\windows\system32\drivers\hssdrv.sys
2012-09-24 16:16:3693672----a-w-c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 11:08:58821736----a-w-c:\windows\system32\npDeployJava1.dll
2012-09-22 11:08:58746984----a-w-c:\windows\system32\deployJava1.dll
.
============= FINISH: 6:32:37,42 ===============
 
ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2012 1:04:45 PM
System Uptime: 11/29/2012 6:17:07 AM (0 hours ago)
.
Motherboard: BIOSTAR Group | | GF8100 M2+ SE
Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 10 GiB total, 0.177 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.427 GiB free.
E: is FIXED (NTFS) - 50 GiB total, 4.408 GiB free.
F: is FIXED (NTFS) - 75 GiB total, 1.43 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0002&SUBSYS_10DE0101&REV_1000\4&1FD1EC0B&0&0301
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0002&SUBSYS_10DE0101&REV_1000\4&1FD1EC0B&0&0301
Service:
.
==== System Restore Points ===================
.
RP191: 11/28/2012 4:32:48 PM - System Checkpoint
RP192: 11/28/2012 5:13:46 PM - Installed TuneUp Utilities 2013
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.15
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Avira Free Antivirus
D-Fend Reloaded 1.3.1 (deinstall)
Driver Genius Professional Edition
EPSON Stylus T11 Series Printer Uninstall
Google Chrome
Hotspot Shield 2.76
hott notes 4
Internet Download Manager
iTool Video Converter 1.06.02
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
K-Lite Codec Pack 9.5.5 (Full)
Mah Jong Quest
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mIRC
Mozilla Firefox 10.0.2 (x86 id)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PDF to Word
Picasa 3
QuickTime Alternative 3.2.2
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Technitium MAC Address Changer v5.0 Release 3
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Ulead VideoStudio 11
VideoStudio
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
WinRAR archiver
Yahoo! Messenger
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/29/2012 6:17:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/28/2012 5:56:24 PM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2012 11:47:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Volume Shadow Copy service to connect.
11/28/2012 11:47:25 AM, error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2012 11:47:05 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/28/2012 11:11:54 AM, error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2012 11:11:43 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2012 11:11:33 AM, error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/28/2012 11:11:29 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/28/2012 11:11:27 AM, error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
11/28/2012 11:11:23 AM, error: Service Control Manager [7031] - The KMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2012 11:10:51 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
11/28/2012 10:19:38 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the ffdshow manager service, but this action failed with the following error: An instance of the service is already running.
11/28/2012 10:19:08 AM, error: Service Control Manager [7031] - The ffdshow manager service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/28/2012 10:18:51 AM, error: Service Control Manager [7031] - The ffdshow manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/28/2012 10:18:37 AM, error: Service Control Manager [7031] - The ffdshow manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/24/2012 1:46:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
11/24/2012 1:45:03 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 804ef620, parameter3 f460bac4, parameter4 00000000.
11/23/2012 3:58:10 AM, error: Dhcp [1002] - The IP address lease 10.107.8.23 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.183.254 (The DHCP Server sent a DHCPNACK message).
11/23/2012 2:30:15 AM, error: Dhcp [1002] - The IP address lease 10.107.80.11 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.15.254 (The DHCP Server sent a DHCPNACK message).
11/23/2012 1:33:27 AM, error: Dhcp [1002] - The IP address lease 10.107.104.140 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.87.254 (The DHCP Server sent a DHCPNACK message).
11/23/2012 1:00:43 AM, error: Dhcp [1002] - The IP address lease 10.107.16.53 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.111.254 (The DHCP Server sent a DHCPNACK message).
11/22/2012 11:48:12 PM, error: Dhcp [1002] - The IP address lease 10.107.16.140 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.23.254 (The DHCP Server sent a DHCPNACK message).
11/22/2012 11:46:57 PM, error: Dhcp [1002] - The IP address lease 10.107.104.106 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.23.254 (The DHCP Server sent a DHCPNACK message).
11/22/2012 11:35:27 PM, error: Dhcp [1002] - The IP address lease 10.193.120.105 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.107.111.254 (The DHCP Server sent a DHCPNACK message).
11/22/2012 11:34:40 PM, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
11/22/2012 11:33:03 PM, error: Dhcp [1002] - The IP address lease 10.187.184.16 for the Network Card with network address 00FF260CB267 has been denied by the DHCP server 10.193.127.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Status
Not open for further replies.

Similar threads

NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back