Inactive [A] My Internet is connected but I can't browse though i can download

Status
Not open for further replies.
R

rifatalam

Not more than a week ago my computer started malfunctioning. The situation is
- My Net is connected, I can download with IDM in full speed, But the browsing speed is almost zero. I can access any site but the speed drops quickly and becomes zero.
-Before the net get's connected, the connection icon in XP taskbar shows a prolonged searching for network and finally gets connected. It is unusual.
- I have a WIMAX connection, It cannot connect to network in my PC but it works fine in other computers.
- First i thought it's a problem of my internet provider but they ensured that other computers in the line are running fine. By this time i started using my brother's computer and transferred all my files to my brothrer's PC and gave my HDD a full format using 'killdisc'. Then i reinstalled windows and i was surprised see that the problem still exists (I haven't changed the windows it a bit. it is a fresh installation) and by this time my brother's PC got infected and started showing the same problem, i am now stuck with two PCs that can download with full speed but can't browse. I am using XP, MY brother's PC is 7.

I have performed the preliminary malware removal procedures and i am pasting the results here. Please help me.
 
Welcome aboard
yahooo.gif


Since you reinstalled Windows I can't see how your issue could be malware related.

I suggest you start new topic in Windows forum.
 
No no, i have reinstalled XP only. The PC with win7 is just as the it is. Here are the log files from win7 PC. Suggest me a solution. Please.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
ONI :: ONI-PC [administrator]

Protection: Enabled

4/29/2012 3:25:32 AM
mbam-log-2012-04-29 (03-25-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193459
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\copyright.txt (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf_update.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

(end)
=========================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-29 03:46:09
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 WDC_WD5000AAKX-001CA0 rev.15.01H15
Running: p8qbc93w.exe; Driver: C:\Users\ONI\AppData\Local\Temp\uwldapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C54579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C78F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text autochk.exe 00291204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 0029120C 1 Byte [00]
.text autochk.exe 00291210 1 Byte [00]
.text autochk.exe 00291214 2 Bytes [00, 00] {ADD [EAX], AL}
.text autochk.exe 00291218 2 Bytes [00, 00] {ADD [EAX], AL}
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[2864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75535D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2864] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75535D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2864] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75535D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2864] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75535D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250@6ca780b5eed4 0xDE 0x6E 0xD3 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250@6ca780b5eed4 0xDE 0x6E 0xD3 0x9A ...

---- EOF - GMER 1.0.15 ----
==============================================================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by ONI at 3:47:56 on 2012-04-29
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1847.854 [GMT 6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\QUBEE WCM\GPCommonService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FuzLez\WheelsOfVolume\WheelsOfVolume.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Avro Keyboard\Avro Keyboard.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\QUBEE WCM\QUBEE WCM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\QUBEE WCM\wimax\WmMMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109980&babsrc=HP_ss&mntrId=fe94e8780000000000001c6f65a8d2fa
uURLSearchHooks: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - c:\program files\kmpmediatoolbar\kmpmediatoolbarX.dll
uURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - c:\program files\kmpmediatoolbar\kmpmediatoolbarX.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - c:\program files\kmpmediatoolbar\kmpmediatoolbarX.dll
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Avro Keyboard] c:\program files\avro keyboard\Avro Keyboard.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
uRun: [QUBEE WCM] c:\program files\qubee wcm\QUBEE WCM.exe minimized
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [FuzLez WheelsOfVolume] "c:\program files\fuzlez\wheelsofvolume\WheelsOfVolume.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.123.1 208.67.222.222 208.67.220.220
TCP: Interfaces\{C1272F84-7878-4E0E-B014-8480D14E953C} : DhcpNameServer = 192.168.123.1 208.67.222.222 208.67.220.220
TCP: Interfaces\{D4978370-C7A5-407E-8BCC-7A60E5AFCF72} : NameServer = 208.67.222.222 8.8.8.8
TCP: Interfaces\{E494FFD5-1ADE-4870-B75A-DF3D0E32C156} : DhcpNameServer = 192.168.123.1 208.67.222.222 208.67.220.220
TCP: Interfaces\{F67C6066-44B8-4B4B-A35A-1A38D1D1A6D6} : DhcpNameServer = 192.168.123.1 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\oni\appdata\roaming\mozilla\firefox\profiles\f9oyv1cj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsldef0defa;MpKsldef0defa;c:\programdata\microsoft\microsoft antimalware\definition updates\{d7d3feab-e424-47a9-b701-58a5dc434539}\MpKsldef0defa.sys [2012-4-29 29904]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-2-25 21992]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2012-4-21 1412488]
R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-4-28 90112]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-12-24 84720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-29 654408]
R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-4-28 15360]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-1-15 577752]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\du meter\DUMetr32.sys [2012-4-21 18576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-28 22344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-14 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-3-17 131072]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
.
=============== File Associations ===============
.
.txt=STDUViewerFile.TXT
.
=============== Created Last 30 ================
.
2012-04-28 21:24:49 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d7d3feab-e424-47a9-b701-58a5dc434539}\MpKsldef0defa.sys
2012-04-28 21:23:46 711240 ----a-w- c:\windows\isRS-000.tmp
2012-04-28 16:51:23 -------- d-----w- c:\users\oni\appdata\roaming\Malwarebytes
2012-04-28 16:51:18 -------- d-----w- c:\programdata\Malwarebytes
2012-04-28 16:51:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-28 16:51:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-28 08:36:39 15360 ----a-w- c:\windows\system32\drivers\mtkwmptv.sys
2012-04-28 08:36:34 -------- d-----w- c:\program files\QUBEE WCM
2012-04-27 15:22:24 -------- d-----w- c:\program files\CCleaner
2012-04-26 19:28:16 -------- d-----w- c:\users\oni\appdata\local\Opera
2012-04-26 19:25:02 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d7d3feab-e424-47a9-b701-58a5dc434539}\mpengine.dll
2012-04-26 08:55:55 -------- d-----w- c:\users\oni\appdata\roaming\Rovio
2012-04-25 18:51:00 -------- d-----w- c:\windows\OPTIONS
2012-04-24 16:15:50 -------- d-----w- c:\program files\LSoft Technologies
2012-04-21 15:40:49 -------- d-----w- c:\programdata\Hagel Technologies
2012-04-21 15:40:46 -------- d-----w- c:\program files\DU Meter
2012-04-11 13:12:50 -------- d-----w- c:\program files\Conduit
2012-04-11 13:12:48 -------- d-----w- c:\users\oni\appdata\local\Conduit
2012-04-11 13:09:15 -------- d-----w- c:\program files\Yontoo
2012-04-11 13:09:13 -------- d-----w- c:\programdata\Tarma Installer
2012-04-10 09:08:14 -------- d-----w- c:\program files\ExpressFiles
2012-04-08 15:39:05 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2012-04-08 15:39:05 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2012-04-08 15:39:04 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2012-04-07 08:19:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-07 08:19:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-03-07 03:38:20 138056 ----a-w- c:\users\oni\appdata\roaming\PnkBstrK.sys
2012-03-07 03:38:02 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-18 05:17:54 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-18 05:17:54 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-07 15:15:07 1108 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-09-02 07:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
.
============= FINISH: 3:48:09.43 ===============

==========================================================================================
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2012 6:02:34 PM
System Uptime: 4/29/2012 3:24:31 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-S2V
Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz | Socket 1156 | 3059/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 16.115 GiB free.
D: is FIXED (NTFS) - 103 GiB total, 8.886 GiB free.
E: is FIXED (NTFS) - 105 GiB total, 2.934 GiB free.
F: is FIXED (NTFS) - 107 GiB total, 2.405 GiB free.
G: is FIXED (NTFS) - 101 GiB total, 1.244 GiB free.
H: is CDROM ()
I: is CDROM ()
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Transcend 8GB
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_JETFLASH&PROD_TRANSCEND_8GB&REV_8.07#GH3BTS0R&0#
Manufacturer: JetFlash
Name: RIFAT
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_JETFLASH&PROD_TRANSCEND_8GB&REV_8.07#GH3BTS0R&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP123: 4/27/2012 3:00:36 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Active@ KillDisk
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Angry Birds
Any Video Converter Professional 3.1.8
ASIO4ALL
Ask Toolbar
AviSynth 2.5
Avro Keyboard 5.1.0
Cadillacs & Dinosaurs (Mustapha)
CCleaner
CPUID CPU-Z 1.59
Creevity Mp3 Cover Downloader
DU Meter
EA Download Manager
EAX4 Unified Redist
ffdshow [rev 2583] [2009-01-05]
FIFA 12 (c) EA version 1
FL Studio 9
FolderHighlight 2.4
Foxit Phantom
FuzLez WheelsOfVolume
Guitar Pro 5.1
Haali Media Splitter
Hardcore
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
InterActual Player
Internet Download Manager
KMP Media Toolbar
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Minilyrics(remove only)
Mozilla Firefox 8.0.1 (x86 en-US)
MP3 Sound Cutter 1.40
MSVC80_x86_v2
MSXML4 Parser
Need for Speed™ Most Wanted
Nero 6 Enterprise Edition
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA PhysX
OpenAL
Opera 11.62
Pandora Service
PC Connectivity Solution
PoiZone
PowerDVD
PowerISO
QUBEE WiMAX Connection Manager
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek Ethernet Controller Driver For Windows 7
REALTEK GbE & FE Ethernet PCI NIC Driver
RealUpgrade 1.1
Sawer
Smart PC Recorder - by freebird
Sothink Video Converter
StarCraft II
STDU Viewer version 1.5.597.0
Studio Devil Virtual Guitar Amp VST v1.1
TeraCopy 2.12
The KMPlayer (remove only)
Total Video Converter 3.71 100812
Toxic Biohazard
VirtualDJ Home FREE
VLC media player 0.9.8a
Winamp (remove only)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinRAR archiver
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
4/29/2012 3:03:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/29/2012 2:23:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/29/2012 2:16:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/29/2012 2:15:32 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/28/2012 9:47:44 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 9:16:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 7:38:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 5:20:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 2:54:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 2:46:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.597.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee2 Error description: The operation timed out
4/28/2012 2:36:38 PM, Error: Service Control Manager [7030] - The GPCommonService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/28/2012 2:34:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 2:00:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 12:09:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 10:48:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 10:48:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
4/27/2012 9:20:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 8:32:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 8:24:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 7:55:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 5:08:44 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 3:15:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 11:03:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 10:39:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 10:08:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 1:46:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2012 1:23:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.174.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee2 Error description: The operation timed out
4/27/2012 1:12:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 8:27:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 2:03:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 12:54:40 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 12:39:20 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.174.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee2 Error description: The operation timed out
4/26/2012 12:28:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 11:51:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 10:26:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 10:10:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 10:08:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/25/2012 7:08:38 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
4/25/2012 6:51:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/25/2012 4:57:17 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/25/2012 2:41:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/25/2012 10:29:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/25/2012 1:51:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/24/2012 9:53:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/24/2012 8:19:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.174.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee2 Error description: The operation timed out
4/24/2012 8:05:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/24/2012 8:02:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.174.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/24/2012 8:02:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.174.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/24/2012 7:42:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/24/2012 7:34:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/24/2012 7:22:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/24/2012 11:43:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/24/2012 11:21:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/23/2012 7:01:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.174.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/23/2012 6:52:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/23/2012 3:46:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/23/2012 10:20:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/22/2012 4:21:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/22/2012 2:55:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/22/2012 12:51:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.174.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/22/2012 12:40:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/22/2012 12:40:06 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
4/22/2012 12:37:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/22/2012 11:33:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
 
In that case I removed your initial logs from XP computer.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=========================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
thanks for the reply. Here are the logs:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-29 13:51:50
-----------------------------
13:51:50.620 OS Version: Windows 6.1.7600
13:51:50.620 Number of processors: 4 586 0x2505
13:51:50.621 ComputerName: ONI-PC UserName: ONI
13:51:50.925 Initialize success
13:51:55.773 AVAST engine defs: 12042801
13:52:10.557 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
13:52:10.561 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
13:52:10.567 Disk 0 MBR read successfully
13:52:10.572 Disk 0 MBR scan
13:52:10.590 Disk 0 Windows 7 default MBR code
13:52:10.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50006 MB offset 63
13:52:10.606 Disk 0 Partition - 00 0F Extended LBA 426930 MB offset 102414375
13:52:10.631 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 105002 MB offset 102414438
13:52:10.661 Disk 0 Partition - 00 05 Extended 107999 MB offset 317460465
13:52:10.680 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 107999 MB offset 317460528
13:52:10.710 Disk 0 Partition - 00 05 Extended 109999 MB offset 753689475
13:52:10.729 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 109999 MB offset 538643448
13:52:10.758 Disk 0 Partition - 00 05 Extended 103928 MB offset 1200151890
13:52:11.108 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 103928 MB offset 763922943
13:52:11.165 Disk 0 scanning sectors +976768065
13:52:11.244 Disk 0 scanning C:\Windows\system32\drivers
13:52:21.851 Service scanning
13:52:39.012 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:52:52.130 Modules scanning
13:54:05.310 Disk 0 trace - called modules:
13:54:05.322 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:54:05.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d79ac8]
13:54:05.333 3 CLASSPNP.SYS[8878c59e] -> nt!IofCallDriver -> [0x85c2a810]
13:54:05.338 5 ACPI.sys[838af3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0x85c24030]
13:54:05.564 AVAST engine scan C:\Windows
13:54:07.139 AVAST engine scan C:\Windows\system32
13:57:02.635 AVAST engine scan C:\Windows\system32\drivers
13:57:16.467 AVAST engine scan C:\Users\ONI
13:58:18.513 AVAST engine scan C:\ProgramData
13:59:03.401 Scan finished successfully
13:59:31.106 Disk 0 MBR has been saved successfully to "C:\Users\ONI\Desktop\MBR.dat"
13:59:31.154 The log file has been saved successfully to "C:\Users\ONI\Desktop\aswMBR.txt"



==============================================================================

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
That looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Status
Not open for further replies.

Similar threads

M
Web Meeting disconnects even though internet is connected
Replies
1
Views
612
madhav04
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
475
eriksnyman1
E
Gilbertcyberpro
Alienware 17 r5 Why is my internet speed being reduced to 30 download and 0.4 upload. Normally 900 up and down
Replies
2
Views
1K
Mark Fuller
M

Latest posts

Back