Mco

svchost.exe application error

23 posts in this topic

hello, do not know about my PC, every time I turn it on , send the following message... svchost.exe-Application Error, the instruction at 0x001a624b referenced memory at 0x00000000. the memory could no be written.... I have scanned on line whit 2 diferents products and no virus was found, apply adware, malware,superspuware and nothing was found, can you help.........sorry by mi english tanks. marco

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Click Start --> Run, and type in cmd.exe

Press Enter. In the black box, type in chkdsk and press Enter. See if any errors are reported.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Share this post


Link to post
Share on other sites

this are the result

for chkdsk:

chkdsk warning Fparameter not specified

Running chkdsk in read only mode

chkdsk is verifing files (stage 1 of 3)...

file veriication completed

chkdsk is verifying indexes (stage 2 of 3)...

deleting index entry backup.dat in index $i30 of file 77696

deleting index entry nodes.dat in index $i30 of file 77696

index verification is completeed

error founds chkdsk can not conitnue in read-only mode.

for dds repotrt:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Compaq_Administrator at 14:48:19.88 on 23/02/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_07

Microsoft Windows XP Professional 5.1.2600.3.1252.52.1033.18.3006.2199 [GMT -8:00]

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! antivirus 4.8.0 [VPS 080829-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Norton Internet Worm Protection *Disabled*

FW: AVG Firewall *Enabled*

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AhnLab\ASP\MyWebClinic\mywc.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\AhnLab\ASP\MyFirewall 2.0\mfnt.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.yahoo.com/search/ie.html

uStart Page = hxxp://www.google.com.mx/

mStart Page = about:blank

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Aplicaci

Share this post


Link to post
Share on other sites

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Share this post


Link to post
Share on other sites

hi, again tanks for your help, have almost 30 days trying to solve it.until find this forum.

after TDSSKiller prompts for a reboot the pc freeze and do not to log out completely, so i need to turn off and on manually, after restar, tries to reinitiate , log out again and everything work well, just a little slow to restar........... did not appear the message of svchost.exe application error.

this is the report from TDSSkiller

2011/02/24 14:03:31.0502 4144 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08

2011/02/24 14:03:33.0361 4144 ================================================================================

2011/02/24 14:03:33.0361 4144 SystemInfo:

2011/02/24 14:03:33.0361 4144

2011/02/24 14:03:33.0361 4144 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/24 14:03:33.0361 4144 Product type: Workstation

2011/02/24 14:03:33.0361 4144 ComputerName: MARCO

2011/02/24 14:03:33.0361 4144 UserName: Compaq_Administrator

2011/02/24 14:03:33.0361 4144 Windows directory: C:\WINDOWS

2011/02/24 14:03:33.0361 4144 System windows directory: C:\WINDOWS

2011/02/24 14:03:33.0361 4144 Processor architecture: Intel x86

2011/02/24 14:03:33.0361 4144 Number of processors: 1

2011/02/24 14:03:33.0361 4144 Page size: 0x1000

2011/02/24 14:03:33.0361 4144 Boot type: Normal boot

2011/02/24 14:03:33.0361 4144 ================================================================================

2011/02/24 14:03:33.0611 4144 Initialize success

2011/02/24 14:03:40.0438 1724 ================================================================================

2011/02/24 14:03:40.0438 1724 Scan started

2011/02/24 14:03:40.0438 1724 Mode: Manual;

2011/02/24 14:03:40.0438 1724 ================================================================================

2011/02/24 14:03:41.0328 1724 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/24 14:03:41.0406 1724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/24 14:03:41.0547 1724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/24 14:03:41.0625 1724 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/24 14:03:41.0766 1724 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/02/24 14:03:41.0891 1724 AMonTDnt (b0908a9bd8794785a284aae9e9b50fc2) C:\WINDOWS\system32\Drivers\AMonTDnt.sys

2011/02/24 14:03:42.0000 1724 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys

2011/02/24 14:03:42.0047 1724 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys

2011/02/24 14:03:42.0094 1724 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys

2011/02/24 14:03:42.0141 1724 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys

2011/02/24 14:03:42.0266 1724 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/02/24 14:03:42.0328 1724 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys

2011/02/24 14:03:42.0594 1724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/24 14:03:42.0719 1724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/24 14:03:42.0797 1724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/24 14:03:42.0859 1724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/24 14:03:42.0906 1724 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/02/24 14:03:42.0906 1724 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/02/24 14:03:43.0094 1724 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/02/24 14:03:43.0125 1724 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/02/24 14:03:43.0312 1724 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/02/24 14:03:43.0390 1724 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/02/24 14:03:43.0453 1724 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/02/24 14:03:43.0515 1724 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/02/24 14:03:43.0562 1724 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/02/24 14:03:43.0672 1724 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/02/24 14:03:43.0765 1724 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys

2011/02/24 14:03:43.0875 1724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/24 14:03:43.0937 1724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/24 14:03:43.0984 1724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/24 14:03:44.0062 1724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/24 14:03:44.0140 1724 CdmDrvNt (21c0133490fc6afb1fbdc7ed9ee32312) C:\WINDOWS\system32\Drivers\CdmDrvNt.sys

2011/02/24 14:03:44.0250 1724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/24 14:03:44.0515 1724 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys

2011/02/24 14:03:44.0578 1724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/24 14:03:44.0671 1724 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/24 14:03:44.0718 1724 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/24 14:03:44.0875 1724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/24 14:03:44.0953 1724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/24 14:03:45.0031 1724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/24 14:03:45.0281 1724 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/02/24 14:03:45.0656 1724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/24 14:03:45.0874 1724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/02/24 14:03:46.0281 1724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/24 14:03:46.0406 1724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/02/24 14:03:46.0452 1724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/24 14:03:46.0531 1724 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/02/24 14:03:46.0656 1724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/24 14:03:46.0749 1724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/24 14:03:46.0796 1724 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys

2011/02/24 14:03:46.0906 1724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/24 14:03:46.0984 1724 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/02/24 14:03:47.0031 1724 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/24 14:03:47.0093 1724 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys

2011/02/24 14:03:47.0140 1724 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys

2011/02/24 14:03:47.0218 1724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/24 14:03:47.0421 1724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/02/24 14:03:47.0484 1724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/24 14:03:47.0702 1724 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/02/24 14:03:47.0780 1724 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/02/24 14:03:47.0859 1724 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/02/24 14:03:47.0905 1724 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/24 14:03:47.0999 1724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/24 14:03:48.0030 1724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/24 14:03:48.0077 1724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/24 14:03:48.0108 1724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/24 14:03:48.0140 1724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/24 14:03:48.0187 1724 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/24 14:03:48.0265 1724 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/24 14:03:48.0343 1724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/24 14:03:48.0437 1724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/24 14:03:48.0577 1724 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2011/02/24 14:03:48.0827 1724 lgusbsmodem (56b4145ac731dfb3458dc0d872b89291) C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys

2011/02/24 14:03:48.0983 1724 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

2011/02/24 14:03:49.0061 1724 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

2011/02/24 14:03:49.0140 1724 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/02/24 14:03:49.0327 1724 MfFWEnt (66665b9b43efb61761c68d8031d4afcc) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys

2011/02/24 14:03:49.0374 1724 MfIPSEnt (3255933db83d27c03cc4e330fe85508e) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys

2011/02/24 14:03:49.0530 1724 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/02/24 14:03:49.0608 1724 Mkd2kfNt (947f5b14838e1c530f4ae1d75cc68d88) C:\WINDOWS\system32\drivers\Mkd2kfNt.sys

2011/02/24 14:03:49.0733 1724 Mkd2Nadr (cac4122fbba4a773849ab760dcb99867) C:\WINDOWS\system32\drivers\Mkd2Nadr.sys

2011/02/24 14:03:49.0796 1724 Mkd2Usbf (334d28c6ccf4866bbdbb4c864d7b5ae0) C:\WINDOWS\system32\drivers\Mkd2Usbf.sys

2011/02/24 14:03:49.0827 1724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/24 14:03:49.0921 1724 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/24 14:03:49.0968 1724 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/24 14:03:50.0077 1724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/24 14:03:50.0171 1724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/24 14:03:50.0296 1724 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/24 14:03:50.0421 1724 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/24 14:03:50.0514 1724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/24 14:03:50.0592 1724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/24 14:03:50.0702 1724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/24 14:03:50.0780 1724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/24 14:03:50.0889 1724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/24 14:03:50.0983 1724 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/24 14:03:51.0014 1724 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/24 14:03:51.0108 1724 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/24 14:03:51.0171 1724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/24 14:03:51.0202 1724 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/24 14:03:51.0249 1724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/24 14:03:51.0342 1724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/24 14:03:51.0420 1724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/24 14:03:51.0483 1724 NetworkX (b9fcad0be476f324bf6251b6ca6d6c32) C:\WINDOWS\system32\ckldrv.sys

2011/02/24 14:03:51.0545 1724 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/02/24 14:03:51.0577 1724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/24 14:03:51.0639 1724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/24 14:03:51.0733 1724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/24 14:03:51.0889 1724 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/24 14:03:52.0092 1724 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/02/24 14:03:52.0139 1724 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/02/24 14:03:52.0233 1724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/24 14:03:52.0342 1724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/24 14:03:52.0452 1724 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/02/24 14:03:52.0530 1724 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/02/24 14:03:52.0655 1724 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/02/24 14:03:52.0748 1724 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/02/24 14:03:52.0811 1724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/24 14:03:52.0842 1724 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/24 14:03:52.0873 1724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/24 14:03:52.0967 1724 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys

2011/02/24 14:03:53.0061 1724 PcdrNdisuio (263aa696d8a1d78234f17c303e89b78d) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys

2011/02/24 14:03:53.0186 1724 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/24 14:03:53.0280 1724 PCIIde (f9dd306e939b269b064b484be2c244fc) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/24 14:03:53.0280 1724 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: f9dd306e939b269b064b484be2c244fc, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0

2011/02/24 14:03:53.0280 1724 PCIIde - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/02/24 14:03:53.0436 1724 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/02/24 14:03:54.0061 1724 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/24 14:03:54.0108 1724 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/02/24 14:03:54.0123 1724 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/24 14:03:54.0186 1724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/24 14:03:54.0217 1724 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/02/24 14:03:54.0404 1724 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/24 14:03:54.0514 1724 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/24 14:03:54.0592 1724 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/24 14:03:54.0654 1724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/24 14:03:54.0717 1724 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/24 14:03:54.0748 1724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/24 14:03:54.0779 1724 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/02/24 14:03:54.0826 1724 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/24 14:03:54.0889 1724 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/24 14:03:54.0951 1724 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/02/24 14:03:55.0107 1724 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/02/24 14:03:55.0170 1724 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2011/02/24 14:03:55.0264 1724 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

2011/02/24 14:03:55.0498 1724 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/24 14:03:55.0607 1724 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/02/24 14:03:55.0685 1724 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/24 14:03:55.0795 1724 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/24 14:03:55.0826 1724 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/24 14:03:55.0920 1724 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/24 14:03:55.0982 1724 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/24 14:03:56.0060 1724 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/24 14:03:56.0201 1724 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/02/24 14:03:56.0326 1724 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/24 14:03:56.0435 1724 Tcpip (9425b72f40257b45d45d24773273dad0) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/24 14:03:56.0498 1724 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/24 14:03:56.0592 1724 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/24 14:03:56.0685 1724 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/24 14:03:56.0779 1724 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/24 14:03:56.0935 1724 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/24 14:03:57.0060 1724 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/24 14:03:57.0170 1724 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/24 14:03:57.0232 1724 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/24 14:03:57.0263 1724 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/02/24 14:03:57.0341 1724 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/24 14:03:57.0435 1724 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/02/24 14:03:57.0482 1724 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/24 14:03:57.0560 1724 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/02/24 14:03:57.0623 1724 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/24 14:03:57.0654 1724 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/02/24 14:03:57.0701 1724 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/24 14:03:57.0841 1724 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/24 14:03:57.0951 1724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/24 14:03:58.0076 1724 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2011/02/24 14:03:58.0294 1724 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/02/24 14:03:58.0419 1724 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/24 14:03:58.0451 1724 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/24 14:03:58.0591 1724 ================================================================================

2011/02/24 14:03:58.0591 1724 Scan finished

2011/02/24 14:03:58.0591 1724 ================================================================================

2011/02/24 14:03:58.0591 2872 Detected object count: 1

2011/02/24 14:04:12.0933 2872 PCIIde (f9dd306e939b269b064b484be2c244fc) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/24 14:04:12.0933 2872 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: f9dd306e939b269b064b484be2c244fc, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0

2011/02/24 14:04:13.0214 2872 Backup copy found, using it..

2011/02/24 14:04:13.0214 2872 C:\WINDOWS\system32\DRIVERS\pciide.sys - will be cured after reboot

2011/02/24 14:04:13.0214 2872 Rootkit.Win32.TDSS.tdl3(PCIIde) - User select action: Cure

2011/02/24 14:04:21.0807 4100 Deinitialize success

Share this post


Link to post
Share on other sites

hi sorry, i have windows xp media center edition, version 2002, with service pack 3, dont have the disk , and cannot find how to create the recovey console for thid os. what can i do?

Share this post


Link to post
Share on other sites

Hi,

This will work with your computer:

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Share this post


Link to post
Share on other sites

combo fix is detecting than avast is running on the pc but i can find it to stop

Share this post


Link to post
Share on other sites

hi again, this is the report from combo.fix

ComboFix 11-02-24.05 - Compaq_Administrator 25/02/2011 16:52:09.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.52.1033.18.3006.2356 [GMT -8:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\es546agr.default\searchplugins\SearchquWebSearch.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Compaq_Administrator\Application Data\PriceGong\Data\z.xml

C:\kmd.exe

c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

C:\setup.exe

c:\windows\java.exe

c:\windows\system32\3491211248.dat

.

((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))

.

2011-02-26 00:39 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-26 00:39 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-26 00:39 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-26 00:39 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-02-26 00:39 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-26 00:39 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-02-26 00:39 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-02-26 00:39 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-02-26 00:39 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr

2011-02-26 00:39 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-26 00:38 . 2011-02-26 00:38 -------- d-----w- c:\program files\AVAST Software

2011-02-26 00:38 . 2011-02-26 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes

2011-02-22 22:09 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-22 22:09 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-21 18:12 . 2011-02-21 18:12 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\AVG Security Toolbar

2011-02-18 07:09 . 2011-02-18 07:09 -------- d-----w- C:\$AVG

2011-02-18 06:29 . 2011-02-18 06:29 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG10

2011-02-18 06:28 . 2011-02-18 06:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-02-18 06:26 . 2011-02-25 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-02-18 06:08 . 2011-02-18 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-02-18 02:06 . 2011-02-18 02:06 53248 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{9C601F76-4BA2-4BEA-9563-EB1F755C9A18}\ARPPRODUCTICON.exe

2011-02-18 02:05 . 2011-02-18 02:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{59C7CF82-D06B-44DE-856C-9DADA37A500E}

2011-02-17 00:16 . 2011-02-17 00:16 83899240 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc53.tmp

2011-02-15 20:55 . 2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

2011-02-13 19:31 . 2009-06-30 18:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-02-13 19:31 . 2011-02-13 19:31 -------- d-----w- c:\program files\Panda Security

2011-02-12 17:56 . 2011-02-13 00:25 -------- d-----w- c:\windows\BDOSCAN8

2011-02-12 05:38 . 2011-02-12 05:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

2011-02-12 05:37 . 2011-02-12 05:37 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2011-02-11 03:02 . 2007-03-16 23:06 1822720 ----a-w- c:\windows\SkyTel.exe

2011-02-11 03:02 . 2006-08-01 23:02 49152 ----a-w- c:\windows\system32\ChCfg.exe

2011-02-11 03:01 . 2011-02-15 20:55 -------- d-----w- c:\program files\Realtek

2011-02-11 03:01 . 2011-02-11 03:01 315392 ----a-w- c:\windows\HideWin.exe

2011-02-11 03:01 . 2007-01-13 00:54 520192 ----a-w- c:\windows\RtlExUpd.dll

2011-02-11 03:01 . 2011-02-11 03:01 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-02-11 03:01 . 2006-02-07 23:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-02-11 03:01 . 2006-02-07 23:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-02-11 03:01 . 2006-02-07 23:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-02-11 03:01 . 2006-02-07 23:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-02-11 03:01 . 2005-11-14 07:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-02-11 03:01 . 2011-02-11 03:01 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-02-11 02:49 . 2011-02-11 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz

2011-02-11 02:48 . 2011-02-11 02:48 -------- d-----w- c:\program files\Driver Whiz

2011-02-08 21:33 . 2011-02-08 22:23 -------- d-----w- c:\program files\DIMM2011

2011-02-07 20:43 . 2011-02-07 20:43 -------- d-----w- C:\SAT

2011-02-05 01:55 . 2011-02-05 01:55 -------- d-----w- c:\documents and settings\All Users\Uniblue

2011-02-05 00:21 . 2011-02-26 00:46 -------- d-----w- c:\windows\system32\CatRoot2

2011-02-04 23:46 . 2011-02-04 23:46 -------- d-----w- c:\windows\system32\wbem\Repository.tmp

2011-01-30 21:45 . 2011-01-30 21:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2011-01-29 00:31 . 2011-01-29 00:32 -------- d-----w- c:\program files\F3241

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-24 22:07 . 2004-08-10 04:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys

2011-02-08 12:55 . 2011-01-08 01:38 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-01-25 00:13 . 2010-08-19 00:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-21 14:44 . 2004-08-10 04:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-10 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-10 04:00 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-24 01:39 . 2010-12-24 01:39 3584 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-12-22 12:34 . 2004-08-10 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26 . 2004-08-10 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2004-08-10 11:00 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2004-08-10 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:38 . 2004-08-10 11:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-10 11:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 04:07 . 2009-10-29 04:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

2011-02-23 15:04 814160 ----a-w- c:\program files\AVAST Software\Avast\aswWebRepIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2011-02-23 814160]

[HKEY_CLASSES_ROOT\clsid\{8e5e2654-ad2d-48bf-ac2d-d17f00898d06}]

[HKEY_CLASSES_ROOT\Avast.WrcBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}]

[HKEY_CLASSES_ROOT\Avast.WrcBar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-21 2423752]

"Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-19 136176]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyWC"="c:\program files\AhnLab\ASP\MyWebClinic\mywc.exe" [2008-02-20 229529]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 614400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-11 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-11 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Conexiones Compaq.lnk]

backup=c:\windows\pss\Conexiones Compaq.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Inicio r

Share this post


Link to post
Share on other sites

DDS (Ver_10-12-12.02) - NTFSx86

Run by Compaq_Administrator at 17:32:59.35 on 25/02/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_07

Microsoft Windows XP Professional 5.1.2600.3.1252.52.1033.18.3006.2232 [GMT -8:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Norton Internet Worm Protection *Disabled*

FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\arservice.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\dllhost.exe

C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.mx/

mStart Page = about:blank

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Aplicaci

Share this post


Link to post
Share on other sites

Hi,

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\drivers\tcpip.sys

Post the results in your reply.

Next, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

FCOPY::

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Share this post


Link to post
Share on other sites

these or those.......sorry here you have the reposts

for DDS

DDS (Ver_10-12-12.02) - NTFSx86

Run by Compaq_Administrator at 18:55:26.45 on 25/02/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_07

Microsoft Windows XP Professional 5.1.2600.3.1252.52.1033.18.3006.2336 [GMT -8:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Norton Internet Worm Protection *Disabled*

FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\arservice.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.mx/

mStart Page = about:blank

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Aplicaci

Share this post


Link to post
Share on other sites

Let's try this again.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

KILALLL::
FCOPY::
c:\windows\$NtServicePackUninstall$\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post only contents of Combofix.txt.

-screen317

Share this post


Link to post
Share on other sites

ComboFix 11-02-28.02 - Compaq_Administrator 28/02/2011 13:48:38.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.52.1033.18.3006.2382 [GMT -8:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((( Files Created from 2011-01-28 to 2011-02-28 )))))))))))))))))))))))))))))))

.

2011-02-27 00:31 . 2011-02-27 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2011-02-27 00:30 . 2011-02-27 00:30 -------- d-----w- c:\program files\McAfee Security Scan

2011-02-26 00:39 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-26 00:39 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-26 00:39 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-26 00:39 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-02-26 00:39 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-26 00:39 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-02-26 00:39 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-02-26 00:39 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-02-26 00:39 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr

2011-02-26 00:39 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-26 00:38 . 2011-02-26 00:38 -------- d-----w- c:\program files\AVAST Software

2011-02-26 00:38 . 2011-02-26 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes

2011-02-22 22:09 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-22 22:09 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-21 18:12 . 2011-02-21 18:12 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\AVG Security Toolbar

2011-02-18 07:09 . 2011-02-18 07:09 -------- d-----w- C:\$AVG

2011-02-18 06:29 . 2011-02-18 06:29 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG10

2011-02-18 06:28 . 2011-02-18 06:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-02-18 06:26 . 2011-02-25 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-02-18 06:08 . 2011-02-18 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-02-18 02:06 . 2011-02-18 02:06 53248 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{9C601F76-4BA2-4BEA-9563-EB1F755C9A18}\ARPPRODUCTICON.exe

2011-02-18 02:05 . 2011-02-18 02:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{59C7CF82-D06B-44DE-856C-9DADA37A500E}

2011-02-17 00:16 . 2011-02-17 00:16 83899240 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc53.tmp

2011-02-15 20:55 . 2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

2011-02-13 19:31 . 2009-06-30 18:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-02-13 19:31 . 2011-02-13 19:31 -------- d-----w- c:\program files\Panda Security

2011-02-12 17:56 . 2011-02-13 00:25 -------- d-----w- c:\windows\BDOSCAN8

2011-02-12 05:38 . 2011-02-12 05:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

2011-02-12 05:37 . 2011-02-12 05:37 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache

2011-02-11 03:02 . 2007-03-16 23:06 1822720 ----a-w- c:\windows\SkyTel.exe

2011-02-11 03:02 . 2006-08-01 23:02 49152 ----a-w- c:\windows\system32\ChCfg.exe

2011-02-11 03:01 . 2011-02-15 20:55 -------- d-----w- c:\program files\Realtek

2011-02-11 03:01 . 2011-02-11 03:01 315392 ----a-w- c:\windows\HideWin.exe

2011-02-11 03:01 . 2007-01-13 00:54 520192 ----a-w- c:\windows\RtlExUpd.dll

2011-02-11 03:01 . 2011-02-11 03:01 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-02-11 03:01 . 2006-02-07 23:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-02-11 03:01 . 2006-02-07 23:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-02-11 03:01 . 2006-02-07 23:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-02-11 03:01 . 2006-02-07 23:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-02-11 03:01 . 2005-11-14 07:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-02-11 03:01 . 2011-02-11 03:01 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-02-11 02:49 . 2011-02-11 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz

2011-02-11 02:48 . 2011-02-11 02:48 -------- d-----w- c:\program files\Driver Whiz

2011-02-08 21:33 . 2011-02-08 22:23 -------- d-----w- c:\program files\DIMM2011

2011-02-07 20:43 . 2011-02-07 20:43 -------- d-----w- C:\SAT

2011-02-05 01:55 . 2011-02-05 01:55 -------- d-----w- c:\documents and settings\All Users\Uniblue

2011-02-05 00:21 . 2011-02-28 21:42 -------- d-----w- c:\windows\system32\CatRoot2

2011-02-04 23:46 . 2011-02-04 23:46 -------- d-----w- c:\windows\system32\wbem\Repository.tmp

2011-01-30 21:45 . 2011-01-30 21:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-24 22:07 . 2004-08-10 04:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys

2011-02-08 12:55 . 2011-01-08 01:38 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-01-25 00:13 . 2010-08-19 00:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-21 14:44 . 2004-08-10 04:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-10 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-10 04:00 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-24 01:39 . 2010-12-24 01:39 3584 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-12-22 12:34 . 2004-08-10 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26 . 2004-08-10 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2004-08-10 11:00 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2004-08-10 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:38 . 2004-08-10 11:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-10 11:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 04:07 . 2009-10-29 04:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-02-26_02.49.24 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-09 22:08 . 2011-02-27 00:42 234656 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe

- 2011-02-09 22:08 . 2011-02-09 22:08 234656 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe

+ 2011-02-09 22:08 . 2011-02-27 00:42 311456 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.dll

- 2011-02-09 22:08 . 2011-02-09 22:08 311456 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.dll

+ 2004-08-10 04:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

2011-02-23 15:04 814160 ----a-w- c:\program files\AVAST Software\Avast\aswWebRepIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2011-02-23 814160]

[HKEY_CLASSES_ROOT\clsid\{8e5e2654-ad2d-48bf-ac2d-d17f00898d06}]

[HKEY_CLASSES_ROOT\Avast.WrcBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}]

[HKEY_CLASSES_ROOT\Avast.WrcBar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-21 2423752]

"Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-19 136176]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyWC"="c:\program files\AhnLab\ASP\MyWebClinic\mywc.exe" [2008-02-20 229529]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 614400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-11 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-11 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-10-30 22486]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Conexiones Compaq.lnk]

backup=c:\windows\pss\Conexiones Compaq.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Inicio r

Share this post


Link to post
Share on other sites

Hi,

What antiviruses are you currently running and which would you like to keep?

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

this is the report for onlinescaner

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=8a5f5952f22fbc49b22fa77f3445b8d2

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-02 01:27:28

# local_time=2011-03-01 05:27:28 (-0800, Pacific Standard Time (Mexico))

# country="Mexico"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 88880 88880 0 0

# compatibility_mode=1536 16777215 100 0 1305146 1305146 0 0

# compatibility_mode=8192 67108839 100 0 0 0 0 0

# scanned=189746

# found=7

# cleaned=7

# scan_time=12230

C:\1\PROGRAMAS\AdAware2007Ingles[1].inc.crack_by_lcjazb.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\DESPACHO\aaa\HERRAMIENTAS\NOD 32 Espa

Share this post


Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java Policy 1.0

Adobe Flash Player 9.0.124.0

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Run DDS again and post DDS.txt and attach.txt.

-screen317

Share this post


Link to post
Share on other sites

current version of java instaled on pc and java policy 1.0 is needed to acces some web pages like idse.gob.mx and sat.gob.mx and to run some apllication on tis pages.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Compaq_Administrator at 18:34:26.81 on 07/03/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_07

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.mx/

mStart Page = about:blank

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Aplicaci

Share this post


Link to post
Share on other sites

apparently all running normal, I am thankful for your help

Share this post


Link to post
Share on other sites

Hi,

Great news. :D

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.