Jump to content

netsvcs.exe errors


ra12r

Recommended Posts

Next:

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

  • Replies 101
  • Created
  • Last Reply

Top Posters In This Topic

DANG IT!!! Now I am unable to get into safemode. I can get to the screen to choose safemode, but then the keyboard is dead so I can not arrow up to choose safemode. But, I am able to complete reboot into regular and got back here without being blocked. There is something running in my system named VRCRS.dll It have been found a couple of time as a worm or suspicious. I used fileassassin to delete the other day, but I saw it again when I ran pc tuneup by AVG and could not unlock the file to delete and then it popped up a screen "worm found" and it is still in the system under processes in that same svchost.exe But it does not have a name associated with it that I or cant understand how to find application/services/process name.....sigh

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3aea3fcff2e40c4883357ca36cc71eca

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-03 03:52:09

# local_time=2011-12-03 10:52:09 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=crash

# scanned=134266

# found=13

# cleaned=13

# scan_time=9179

C:\Internet Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000033.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000034.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000035.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.EB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Lovell Goens\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

LDTate, here is the new combofix. Sadly, I have several things that I am unable to access to delete. Here is a couple of names: 1) chmrnuyv[1] 2) Downadup 3) a tracking cookie named sqlite

ComboFix 11-12-04.04 - Sonia Evans 12/04/2011 22:09:46.14.1 - x86

Running from: c:\internet downloads\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\EventSystem.log

.

.

((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))

.

.

2011-12-03 13:14 . 2011-12-03 13:14 -------- d-----w- c:\program files\ESET

2011-12-02 12:30 . 2011-12-02 12:39 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\AVG

2011-12-02 11:52 . 2011-12-02 11:52 -------- d-----w- C:\$AVG

2011-12-02 11:34 . 2011-12-02 11:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-12-02 11:29 . 2011-12-03 22:22 -------- d-----w- c:\windows\system32\drivers\AVG

2011-12-02 11:29 . 2011-12-02 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-12-02 11:28 . 2011-12-02 12:29 -------- d-----w- c:\program files\AVG

2011-12-02 11:23 . 2011-12-03 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs

2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache

2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware

2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en

2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan

2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer

2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer

2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\system32\drivers\avgmfx86.sys

+ 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys

- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\system32\drivers\avgtdix.sys

+ 2002-08-29 12:00 . 2008-04-14 09:41 640000 c:\windows\system32\dllcache\dbghelp.dll

+ 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi

+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2011-12-02 11:29 . 2011-12-02 11:29 4671488 c:\windows\Installer\1a48895.msi

+ 2011-12-02 11:28 . 2011-12-02 11:28 2186240 c:\windows\Installer\1a48891.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"McciCMService"=2 (0x2)

"gusvc"=3 (0x3)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"idsvc"=3 (0x3)

"AMDFusionSVC"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"VTTimer"=VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6027:TCP"= 6027:TCP:rcntsjph

.

R2 srsbibr;Manager Time;c:\windows\system32\svchost.exe [2008-04-14 14336]

R2 xdhvim;Driver Server;c:\windows\system32\svchost.exe [2008-04-14 14336]

R2 zfybfwie;Network Server;c:\windows\system32\svchost.exe [2008-04-14 14336]

R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srsbibr

cfimslpn

xdhvim

zfybfwie

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-16 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: rexplorer.net

TCP: DhcpNameServer = 192.168.1.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-04 22:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cfimslpn]

"ServiceDll"="c:\windows\system32\vrcrs.dll"

.

Completion time: 2011-12-04 22:20:24

ComboFix-quarantined-files.txt 2011-12-05 03:20

ComboFix2.txt 2011-12-01 03:04

ComboFix3.txt 2011-11-30 04:38

ComboFix4.txt 2011-11-30 02:53

ComboFix5.txt 2011-12-05 03:08

.

Pre-Run: 103,061,000,192 bytes free

Post-Run: 103,042,113,536 bytes free

.

- - End Of File - - 5002CBD74EDDDE16C9E7C8E8C90BB990

Link to post
Share on other sites

Also, I could not find a folder named networkservice. Here is where I am trying to find, but it is not there when I look but it shows up as the location of the above virus.

documents and settings\networkservice\localsetting\Temporary Internet Files\Content.IE5\3tkun09l or xbqeopjb\chmrnuyv[1].jpg or .gif or .png or .bmp

AVG find this as a virus but it not able to delete because they are always "open" and so is that tracking cookie "open"

Link to post
Share on other sites

It also keeps adding services.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\vrcrs.dll

Driver::
xdhvim
srsbibr
zfybfwie
cfimslpn

NetSvc::
srsbibr
cfimslpn
xdhvim
zfybfwie

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cfimslpn]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6027:TCP"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

LDTate, okay here is my latest combofix log.

ComboFix 11-12-05.01 - Sonia Evans 12/05/2011 7:47.15.1 - x86

Running from: c:\internet downloads\ComboFix.exe

Command switches used :: c:\internet downloads\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\windows\system32\vrcrs.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SRSBIBR

-------\Legacy_XDHVIM

-------\Legacy_ZFYBFWIE

-------\Service_cfimslpn

-------\Service_srsbibr

-------\Service_xdhvim

-------\Service_zfybfwie

.

.

((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))

.

.

2011-12-03 13:14 . 2011-12-03 13:14 -------- d-----w- c:\program files\ESET

2011-12-02 12:30 . 2011-12-02 12:39 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\AVG

2011-12-02 11:52 . 2011-12-02 11:52 -------- d-----w- C:\$AVG

2011-12-02 11:34 . 2011-12-02 11:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-12-02 11:29 . 2011-12-05 08:04 -------- d-----w- c:\windows\system32\drivers\AVG

2011-12-02 11:29 . 2011-12-02 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-12-02 11:28 . 2011-12-02 12:29 -------- d-----w- c:\program files\AVG

2011-12-02 11:23 . 2011-12-05 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs

2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache

2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware

2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en

2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan

2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer

2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer

2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Cryptography Services Error !!

.

((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\system32\drivers\avgmfx86.sys

+ 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys

- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\system32\drivers\avgtdix.sys

+ 2002-08-29 12:00 . 2008-04-14 09:41 640000 c:\windows\system32\dllcache\dbghelp.dll

+ 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi

+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2011-12-02 11:29 . 2011-12-02 11:29 4671488 c:\windows\Installer\1a48895.msi

+ 2011-12-02 11:28 . 2011-12-02 11:28 2186240 c:\windows\Installer\1a48891.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"McciCMService"=2 (0x2)

"gusvc"=3 (0x3)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"idsvc"=3 (0x3)

"AMDFusionSVC"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"VTTimer"=VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

.

R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-16 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: rexplorer.net

TCP: DhcpNameServer = 192.168.1.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-05 20:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1792)

c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msls31.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\System32\locator.exe

c:\windows\system32\wdfmgr.exe

c:\program files\AVG\AVG2012\avgnsx.exe

.

**************************************************************************

.

Completion time: 2011-12-05 20:21:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-06 01:21

ComboFix2.txt 2011-12-05 03:20

ComboFix3.txt 2011-12-01 03:04

ComboFix4.txt 2011-11-30 04:38

ComboFix5.txt 2011-12-05 12:46

.

Pre-Run: 103,056,859,136 bytes free

Post-Run: 103,000,420,352 bytes free

.

- - End Of File - - 04154E38C0F1BF5579B57C2875DE0BBA

Link to post
Share on other sites

I don't see the bad guys any longer.

Those were bad and they were removed

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Legacy_SRSBIBR

-------\Legacy_XDHVIM

-------\Legacy_ZFYBFWIE

-------\Service_cfimslpn

-------\Service_srsbibr

-------\Service_xdhvim

-------\Service_zfybfwie

Reboot and run another combofix scan

Link to post
Share on other sites

LDTate, here is latest CFlog. Unable to start firefox now as it says it is already running... Cant go to safe mode becuase keyboard gets locked out on selection screen, but is working on regular boot. something is in my motherboard memory.

ComboFix 11-12-06.01 - Sonia Evans 12/07/2011 7:54.16.1 - x86

Running from: c:\internet downloads\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))

.

.

2011-12-03 13:14 . 2011-12-03 13:14 -------- d-----w- c:\program files\ESET

2011-12-02 12:30 . 2011-12-02 12:39 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\AVG

2011-12-02 11:52 . 2011-12-02 11:52 -------- d-----w- C:\$AVG

2011-12-02 11:34 . 2011-12-02 11:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-12-02 11:29 . 2011-12-06 08:14 -------- d-----w- c:\windows\system32\drivers\AVG

2011-12-02 11:29 . 2011-12-02 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-12-02 11:28 . 2011-12-02 12:29 -------- d-----w- c:\program files\AVG

2011-12-02 11:23 . 2011-12-06 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs

2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache

2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE

2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware

2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en

2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan

2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer

2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer

2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\system32\drivers\avgmfx86.sys

+ 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys

- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\system32\drivers\avgtdix.sys

+ 2002-08-29 12:00 . 2008-04-14 09:41 640000 c:\windows\system32\dllcache\dbghelp.dll

+ 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi

+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2011-12-02 11:29 . 2011-12-02 11:29 4671488 c:\windows\Installer\1a48895.msi

+ 2011-12-02 11:28 . 2011-12-02 11:28 2186240 c:\windows\Installer\1a48891.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"McciCMService"=2 (0x2)

"gusvc"=3 (0x3)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"idsvc"=3 (0x3)

"AMDFusionSVC"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"VTTimer"=VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

.

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-16 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: rexplorer.net

TCP: DhcpNameServer = 192.168.1.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-07 08:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3812)

c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msls31.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-12-07 08:04:16

ComboFix-quarantined-files.txt 2011-12-07 13:04

ComboFix2.txt 2011-12-06 01:21

ComboFix3.txt 2011-12-05 03:20

ComboFix4.txt 2011-12-01 03:04

ComboFix5.txt 2011-12-07 12:53

.

Pre-Run: 103,019,134,976 bytes free

Post-Run: 103,002,116,096 bytes free

.

- - End Of File - - 9676E12F0296DEB02DECBAFA0A35CB72

Link to post
Share on other sites

If FireFox won't run, use IE.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

LDTate, Here is latest ESET. However, by this morning, AVG had several hits for Downadup or chmrnuyv[1].jpg or .gif or .png or .bmp This has been seen several times. I have tried to manually delete these programs in safe mode, I have tried fileassassin, plus all your suggested auto runs. Only AVG finds them, and search finds them sometimes also. How can I get rid or this monster? It also appears to be getting more aggressive at stopping me, like it is able to react to which files I delete?!

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3aea3fcff2e40c4883357ca36cc71eca

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-03 03:52:09

# local_time=2011-12-03 10:52:09 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=crash

# scanned=134266

# found=13

# cleaned=13

# scan_time=9179

C:\Internet Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000033.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000034.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000035.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.EB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C

E:\Lovell Goens\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3aea3fcff2e40c4883357ca36cc71eca

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-04 04:42:21

# local_time=2011-12-03 11:42:21 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=crash

# scanned=134266

# found=0

# cleaned=0

# scan_time=7653

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3aea3fcff2e40c4883357ca36cc71eca

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-09 04:17:20

# local_time=2011-12-08 11:17:20 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=crash

# scanned=71339

# found=0

# cleaned=0

# scan_time=4337

Link to post
Share on other sites

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").

It will produce C:\DiskReport.txt log please post results from that log here to me.

Link to post
Share on other sites

Microsoft DiskPart version 5.1.3565

Copyright © 1999-2003 Microsoft Corporation.

On computer: HIGHLANDER

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

Volume 0 C NTFS Partition 149 GB Healthy System

Volume 1 E NTFS Partition 75 GB Healthy Pagefile

Link to post
Share on other sites

LDTate, recieved another email from AT&T saying that I downloaded "Conflicker" on 12-6-11......?!?!?! Can you tell me what was downloaded based on any of these reports? I need to know where this is coming from because the only thing that I have been doing on this computer is trying to get it clean!!! Thanks

Link to post
Share on other sites

I'm not seeing it

Please download Dr.Web CureIt . Save it to your desktop:

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
    Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Link to post
Share on other sites

It has been running almost two days.... I saw that it found some stuff (whew) but on each on the two days when i would get home there were svchost.exe errors on the screen. Last night in attempting to clear the errors i clicked the wrong window and it closed drweb, so I had to start over again last night. Will post after the complete is finished hopefully by this evening.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.