1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive-A System crashing regularly -- Logs included

Discussion in 'Malware and Virus Removal Archive' started by pg365, 2011/12/07.

  1. 2011/12/07
    pg365

    pg365 Inactive Thread Starter

    Joined:
    2011/11/28
    Messages:
    9
    Likes Received:
    0
    [Inactive-A] System crashing regularly -- Logs included

    MBAM LOG
    -------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8328

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    12/7/2011 8:17:22 PM
    mbam-log-2011-12-07 (20-17-22).txt

    Scan type: Quick scan
    Objects scanned: 215543
    Time elapsed: 5 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 41
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 16
    Files Infected: 18

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419D-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\gollapudi\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\gollapudi\my documents\downloads\bflixinstaller.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\my documents\downloads\kazulahsetup2.3.76.6.zqman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\my documents\downloads\setup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\documents and settings\gollapudi\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    --------------------------------------------------------------------------
     
    pg365,
    #1
  2. 2011/12/07
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    And the other logs requested, please.

    Please note ....

    As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2011/12/08
    pg365

    pg365 Inactive Thread Starter

    Joined:
    2011/11/28
    Messages:
    9
    Likes Received:
    0
    Couldn't do GMER as system crashing while running the program..
    The aswMBR log
    ------------------------------------------------------------------
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-07 20:41:35
    -----------------------------
    20:41:35.656 OS Version: Windows 5.1.2600 Service Pack 2
    20:41:35.656 Number of processors: 2 586 0x170A
    20:41:35.656 ComputerName: HOME-80FE635788 UserName: Gollapudi
    20:41:41.718 Initialize success
    20:41:41.781 AVAST engine defs: 11120700
    20:41:52.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10
    20:41:52.406 Disk 0 Vendor: ST3500418AS CC37 Size: 476940MB BusType: 3
    20:41:54.421 Disk 0 MBR read successfully
    20:41:54.421 Disk 0 MBR scan
    20:41:54.421 Disk 0 Windows XP default MBR code
    20:41:54.437 Disk 0 scanning sectors +976752000
    20:41:54.484 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:41:58.328 Service scanning
    20:41:58.562 Service GMSIPCI G:\INSTALL\GMSIPCI.SYS **LOCKED** 21
    20:41:59.187 Modules scanning
    20:42:03.828 Disk 0 trace - called modules:
    20:42:03.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    20:42:03.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad33ab8]
    20:42:03.828 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000069[0x8ad359e8]
    20:42:03.828 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-10[0x8ad1ed98]
    20:42:06.171 AVAST engine scan C:\WINDOWS
    20:42:12.968 AVAST engine scan C:\WINDOWS\system32
    20:43:29.937 AVAST engine scan C:\WINDOWS\system32\drivers
    20:43:40.796 AVAST engine scan C:\Documents and Settings\Gollapudi
    20:51:48.343 AVAST engine scan C:\Documents and Settings\All Users
    20:53:09.078 Scan finished successfully
    20:53:26.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gollapudi\Desktop\Logs\MBR.dat "
    20:53:26.578 The log file has been saved successfully to "C:\Documents and Settings\Gollapudi\Desktop\Logs\aswMBR.txt "
    -----------------------------------------------------------------------------
    other logs follows
     
    pg365,
    #3
  5. 2011/12/08
    pg365

    pg365 Inactive Thread Starter

    Joined:
    2011/11/28
    Messages:
    9
    Likes Received:
    0
    Attach.txt.
    -----------------------------------------------------------------------------

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/5/2011 4:38:52 PM
    System Uptime: 12/7/2011 8:34:25 PM (0 hours ago)
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | G31TM-P21 (MS-7529)
    Processor: Intel Pentium III Xeon processor | CPU1 | 2933/267mhz
    Processor: Intel Pentium III Xeon processor | CPU1 | 2933/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 200 GiB total, 26.49 GiB free.
    D: is FIXED (NTFS) - 100 GiB total, 9.523 GiB free.
    E: is FIXED (NTFS) - 100 GiB total, 21.05 GiB free.
    F: is FIXED (NTFS) - 66 GiB total, 25.267 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 11/5/2011 4:43:55 PM - System Checkpoint
    RP2: 11/5/2011 5:01:27 PM - Removed AVG 2011
    RP3: 11/5/2011 5:02:07 PM - Removed AVG 2011
    RP4: 11/5/2011 5:03:08 PM - avast! Free Antivirus Setup
    RP5: 11/8/2011 7:52:24 PM - System Checkpoint
    RP6: 11/9/2011 9:30:36 PM - System Checkpoint
    RP7: 11/13/2011 9:50:42 AM - Installed Debugging Tools for Windows (x86)
    RP8: 11/14/2011 7:33:31 AM - Installed Windows XP Wdf01009.
    RP9: 11/18/2011 8:12:00 PM - System Checkpoint
    RP10: 11/28/2011 9:18:50 PM - System Checkpoint
    RP11: 12/3/2011 9:37:53 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    A² Studios' ICC Cricket World Cup 2011 Patch
    Acrobat.com
    Activision(R)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe PageMaker 7.0
    Adobe Photoshop 7.0
    Adobe Reader X (10.1.0)
    Any Video Converter 2.6.7
    Apple Application Support
    Apple Software Update
    Ashes Cricket 2009
    Ask Toolbar
    avast! Free Antivirus
    Babylon toolbar on IE
    Battlefield: Bad Company™ 2
    BitTorrent
    Blur(TM)
    Bonjour
    Burnout(TM) Paradise The Ultimate Box
    Call of Duty Modern Warfare 2
    Call of Duty(R) - World at War(TM)
    Call of Duty: Black Ops
    Conduit Engine
    Crysis(R)
    DAEMON Tools Lite
    Debugging Tools for Windows (x86)
    dog2 Screen Saver
    dog3 Screen Saver
    dog4 Screen Saver
    DRIV3R
    EA Download Manager
    EA SPORTS Cricket 2005
    EA SPORTS(TM) Cricket 07
    FIFA 10
    File Uploader
    Fraps
    Freecorder
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hitman Blood Money
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    iLivid
    Isso Pack 5 Build 5037
    Java Auto Updater
    Java(TM) 6 Update 26
    Juiced2_HIN
    LG Burning Tools
    LG CyberLink PowerBackup
    LG CyberLink PowerDVD 7.0
    LG CyberLink PowerProducer
    LG CyberLink YouCam
    LG ODD Auto Firmware Update
    LG Power Tools
    LogonStudio
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MixPad Audio Mixer
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser
    MUSICMATCH® Jukebox
    Need for Speed™ Carbon
    Need for Speed™ Most Wanted
    neroxml
    Nikon Message Center
    Nikon Transfer
    Nokia Connectivity Cable Driver
    Nokia Ovi Player
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    Nokia PC Suite
    Nokia_Multimedia_Common_Components_2_5
    NVIDIA Control Panel 275.33
    NVIDIA Graphics Driver 275.33
    NVIDIA Install Application
    NVIDIA nView 135.85
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Update 1.3.5
    NVIDIA Update Components
    Opera 11.52
    Ovi Desktop Sync Engine
    OviMPlatform
    PC Connectivity Solution
    Picasa 3
    Picture Control Utility
    PitchPerfect Musical Instrument Tuner
    Play Guitar 2 - The Shareware
    Power MP3 Cutter Joiner 1.12
    PunkBuster Services
    RACE 07 Offline
    Realtek High Definition Audio Driver
    RocketDock 1.3.5
    Safari
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile Modem Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung New PC Studio
    Samsung New PC Studio USB Driver Installer
    SAMSUNG USB Mobile Device Software
    SamsungConnectivityCableDriver
    SFT_eng7 Toolbar
    SweetIM for Messenger 3.6
    SweetIM Toolbar for Internet Explorer 4.2
    System Requirements Lab
    The Godfather™ II
    Thief - Deadly Shadows
    Tom Clancy's Splinter Cell Chaos Theory
    Tom Clancy's Splinter Cell Conviction
    Total Video Converter 3.71 100812
    Ubisoft Game Launcher
    VCRedistSetup
    ViewNX
    Virtua Tennis 3
    Virtual DJ Home - Atomix Productions
    VLC media player 1.1.11
    WebFldrs XP
    Winamp (remove only)
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Driver Package - Nokia Modem (02/25/2011 4.7)
    Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows iLivid Toolbar
    Windows Media Format 11 runtime
    Windows Media Format Runtime
    WinRAR archiver
    WinZip
    YouTube Downloader 3.3
    YouTube Downloader Toolbar v4.7
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/7/2011 8:35:49 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 8996b000, parameter3 8996b828, parameter4 1b050000.
    12/7/2011 8:31:42 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 897bb000, parameter3 897bb828, parameter4 1b050000.
    12/7/2011 8:23:20 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 897df000, parameter3 897df828, parameter4 1b050000.
    12/7/2011 8:20:00 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 8919e000, parameter3 8919e828, parameter4 1b050000.
    12/5/2011 8:41:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    12/5/2011 8:41:20 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    12/5/2011 8:41:16 PM, error: System Error [1003] - Error code 1000008e, parameter1 c000001d, parameter2 f74790fe, parameter3 aea83610, parameter4 00000000.
    12/5/2011 8:41:00 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
    .
    ==== End Of File ===========================
     
    pg365,
    #4
  6. 2011/12/08
    pg365

    pg365 Inactive Thread Starter

    Joined:
    2011/11/28
    Messages:
    9
    Likes Received:
    0
    DDS.txt
    ---------------------------------------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
    Run by Gollapudi at 20:54:23 on 2011-12-07
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2568 [GMT 5.5:30]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
    C:\Documents and Settings\Gollapudi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\runservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Documents and Settings\Gollapudi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gollapudi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gollapudi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.sweetim.com
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.7\youtubedownloaderToolbarIE.dll
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: SFT_eng7 Toolbar: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - c:\program files\sft_eng7\prxtbSFT0.dll
    mURLSearchHooks: H - No File
    BHO: SFT_eng7 Toolbar: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - c:\program files\sft_eng7\prxtbSFT0.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\bh\BabylonToolbar.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\toolbar\searchqudtx.dll
    BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\window~4\datamngr\IEBHO.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
    BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.7\youtubedownloaderToolbarIE.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\toolbar\searchqudtx.dll
    TB: SFT_eng7 Toolbar: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - c:\program files\sft_eng7\prxtbSFT0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\BabylonToolbarTlbr.dll
    TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
    TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.7\youtubedownloaderToolbarIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
    uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
    uRun: [Google Update] "c:\documents and settings\gollapudi\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [AdobeBridge]
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [<NO NAME>]
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
    uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0 "
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
    mRun: [WinampAgent] c:\program files\winamp\winampa.exe
    mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
    mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
    mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [DATAMNGR] c:\progra~1\window~4\datamngr\DATAMN~1.EXE
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [NPSStartup]
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe "
    mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
    mRun: [<NO NAME>]
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe "
    mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{59306F4C-ED57-47FE-8DC6-3F580D3AB77D} : NameServer = 218.248.255.146 218.248.255.147
    TCP: Interfaces\{E3E46124-E94E-4D88-B646-92AF3F44E773} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll c:\progra~1\window~4\datamngr\IEBHO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-5 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-5 320856]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-12 232512]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-9-27 745880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-5 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-5 44768]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-8-2 233472]
    R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2011-9-16 2560]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-9 2214504]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-8-2 36608]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-11 136176]
    S3 gkmixern;gkmixern;\??\c:\docume~1\gollap~1\locals~1\temp\gkmixern.sys --> c:\docume~1\gollap~1\locals~1\temp\gkmixern.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-11 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-8-4 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-7-5 137600]
    .
    =============== Created Last 30 ================
    .
    2011-12-07 14:40:11 -------- d-----w- c:\documents and settings\gollapudi\application data\Malwarebytes
    2011-12-07 14:40:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-12-07 14:40:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-07 14:40:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-07 11:55:40 -------- d-----w- C:\symbols
    2011-11-13 04:20:47 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
    2011-11-13 03:44:08 0 ---ha-w- c:\documents and settings\gollapudi\local settings\application data\BIT19.tmp
    .
    ==================== Find3M ====================
    .
    2011-12-07 15:05:28 865 --sha-w- c:\windows\system32\mmf.sys
    2011-11-05 10:58:04 273616 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-11-05 10:58:04 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-11-05 10:57:44 273616 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-10-17 16:29:20 1901 ----a-w- c:\windows\panose.bin
    2011-10-14 06:42:40 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2011-10-01 07:38:14 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-09-16 16:10:10 126976 ----a-w- c:\windows\lcmmfu.cpl
    2011-09-16 16:10:08 48640 ----a-w- c:\windows\mmfs.dll
    2011-09-16 16:10:08 2560 ----a-w- c:\windows\Runservice.exe
    2011-09-15 15:48:01 471040 ----a-w- c:\windows\dog4.scr
    2011-09-15 15:47:57 12288 ----a-w- c:\windows\impborl.dll
    2011-09-15 15:47:06 471040 ----a-w- c:\windows\dog3.scr
    2011-09-15 15:46:01 471040 ----a-w- c:\windows\dog2.scr
    .
    ============= FINISH: 20:56:44.01 ===============
     
    pg365,
    #5
  7. 2011/12/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #6
  8. 2011/12/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...