cant get anything to work

September 7, 2011 at 09:33:01
Specs: Windows 7
i have a virus on my computer that wont let me open the scanner and if i get it open by the alternate start up it stops it and closes it out. what do i do?

See More: cant get anything to work

Report •

#1
September 7, 2011 at 17:01:43
adivirgi,

What scanner are you trying to run?

In order to determine what virus has affected the computer, please run the following tool, as it will provide information to work with:

Download DDS from one of these locations:
http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...

Save it to your Desktop

Right-click the dds file, and select: 'Run as Administrator'

When done, DDS opens two logs:
-DDS.txt
-Attach.txt

Save both reports to your Desktop.

Since these reports are large, please go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.

Select the DDS.txt, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link'.

Do the same uploading for the Attach.txt.

Please copy the 'Download link', for each report, and provide them in your reply.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#2
September 7, 2011 at 19:37:57
i ran spynomore and thats what is coming up. i tried to manually delete it but theres a hidden file that i dont know how to find. i cant get superanti spyware to work, or malwarebytes' or even spybot search and destroy. i tried to download spyware doctor but the installation kept failing so it wont work. AVG keeps saying no components active so the scan wont run at all.

Report •

#3
September 7, 2011 at 19:42:39
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2010 9:59:17 PM
System Uptime: 9/7/2011 10:26:07 PM (0 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U1 | 1600/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 85.206 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_FF101179&REV_02\4&2D0CA0EF&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_FF101179&REV_02\4&2D0CA0EF&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP5: 9/7/2011 3:00:13 AM - Windows Update
RP6: 9/7/2011 4:44:26 PM - Removed Facebook Video Calling 1.0.0.8177
RP7: 9/7/2011 7:18:44 PM - last known good config.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Bonjour
Browser Defender 3.0
D3DX10
Google Earth Plug-in
Google Update Helper
Info Center 1.0.0.6
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
K-Lite Mega Codec Pack 6.4.0
Malwarebytes' Anti-Malware version 1.51.1.1800
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox (3.6.22)
MSVCRT
PC Tools Registry Tool
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spybot - Search & Destroy
SpyNoMore 2.98
Spyware Doctor 8.0
SUPERAntiSpyware
Synaptics Pointing Device Driver
The Sims™ Pet Stories
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
9/7/2011 8:08:28 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
9/7/2011 8:08:04 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-DC5FEB3C2E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{689C297E-CA2E-4CA2-8AA5-DC. The master browser is stopping or an election is being forced.
9/7/2011 8:07:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
9/7/2011 8:06:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
9/7/2011 8:06:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
9/7/2011 8:06:15 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/7/2011 8:05:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DfsC
9/7/2011 8:05:52 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
9/7/2011 8:05:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
9/7/2011 8:05:51 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/7/2011 8:05:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
9/7/2011 8:05:35 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/7/2011 8:05:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
9/7/2011 8:05:20 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
9/7/2011 8:05:20 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/7/2011 8:05:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SAS Core Service service to connect.
9/7/2011 8:05:04 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/7/2011 7:12:56 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2011 6:55:10 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{689C297E-CA2E-4CA2-8AA5-DC3155F6AA38} because another computer on the network has the same name. The server could not start.
9/7/2011 4:55:41 PM, Error: Service Control Manager [7000] - The XoftSpyService service failed to start due to the following error: Access is denied.
9/7/2011 4:35:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
9/7/2011 2:54:33 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/7/2011 12:41:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service XoftSpyService with arguments "" in order to run the server: {98C10DD6-B90D-4400-9F33-93CBDFF44DBA}
9/7/2011 12:10:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/7/2011 12:08:59 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/7/2011 12:08:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/7/2011 12:08:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/7/2011 12:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/7/2011 12:08:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache PCTSD SASDIFSV SASKUTIL spldr Wanarpv6
9/7/2011 12:08:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/7/2011 10:41:24 PM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: Access is denied.
9/6/2011 5:27:01 PM, Error: Service Control Manager [7034] - The XoftSpyService service terminated unexpectedly. It has done this 1 time(s).
9/6/2011 3:25:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xbe0a6000, 0x00000000, 0x84b82560, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090611-72509-01.
9/6/2011 12:12:15 AM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
9/6/2011 11:05:24 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.100 with the system having network hardware address E0-69-95-D7-23-9A. Network operations on this system may be disrupted as a result.
9/6/2011 11:05:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/2/2011 7:45:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Owner at 22:39:31 on 2011-09-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1014.144 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\1724641582:3507369113.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{689C297E-CA2E-4CA2-8AA5-DC3155F6AA38} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{689C297E-CA2E-4CA2-8AA5-DC3155F6AA38}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{689C297E-CA2E-4CA2-8AA5-DC3155F6AA38}\C696E6B6379737F5F475F51353338383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{689C297E-CA2E-4CA2-8AA5-DC3155F6AA38}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AE267620-2DD0-4CE7-9068-8A4A79E66E5F} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\rwp2jcr1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.68\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-7 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-7 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-7 656320]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-7 233976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-9-7 337872]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-14 22712]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-14 41272]
S2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-27 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-27 136176]
S3 PCTSFileEnum;PCTSFileEnum;c:\program files\pc tools security\PCTSFiles.exe [2011-9-7 80856]
.
=============== Created Last 30 ================
.
2011-09-07 23:09:11 -------- d-----w- c:\users\owner\appdata\local\Threat Expert
2011-09-07 23:07:26 1152 ----a-w- c:\windows\system32\windrv.sys
2011-09-07 20:53:27 709968 ----a-w- c:\windows\isRS-000.tmp
2011-09-07 16:39:07 50112 --sha-w- c:\windows\system32\c_49746.nl_
2011-09-07 15:52:11 -------- d-----w- c:\users\owner\appdata\roaming\PCTools
2011-09-07 15:50:34 767952 ----a-w- c:\windows\BDTSupport.dll0941.old
2011-09-07 15:50:34 767952 ----a-w- c:\windows\BDTSupport.dll0923.old
2011-09-07 15:50:34 767952 ----a-w- c:\windows\BDTSupport.dll
2011-09-07 15:50:34 2029520 ----a-w- c:\windows\PCTBDCore.dll0941.old
2011-09-07 15:50:34 2029520 ----a-w- c:\windows\PCTBDCore.dll0923.old
2011-09-07 15:50:34 2029520 ----a-w- c:\windows\PCTBDCore.dll
2011-09-07 15:50:34 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-09-07 15:50:34 149456 ----a-w- c:\windows\SGDetectionTool.dll0941.old
2011-09-07 15:50:34 149456 ----a-w- c:\windows\SGDetectionTool.dll0923.old
2011-09-07 15:50:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-09-07 15:40:39 -------- d-----w- c:\program files\PC Tools Registry Tool
2011-09-07 15:30:16 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-09-07 15:30:16 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-07 15:30:15 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-07 15:30:15 107352 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-09-07 15:30:10 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-07 15:30:10 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-07 15:30:06 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-09-07 15:30:01 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-07 15:29:49 -------- d-----w- c:\program files\PC Tools Security
2011-09-07 15:29:49 -------- d-----w- c:\program files\common files\PC Tools
2011-09-07 15:25:51 -------- d-----w- c:\programdata\PC Tools
2011-09-07 05:10:03 -------- d-----w- c:\program files\SpyNoMore
2011-09-06 21:17:39 -------- d-----w- c:\programdata\XoftSpySE
2011-09-06 21:17:38 -------- d-----w- c:\program files\XoftSpySE6
2011-09-06 21:07:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-06 21:02:28 6084944 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-09-06 21:02:19 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0ffd2ad9-7c1e-4e05-8b5c-52ec586cfb71}\mpengine.dll
2011-09-01 05:54:51 -------- d-----w- c:\program files\PCPitstop
2011-09-01 05:52:29 -------- d-----w- c:\programdata\PCPitstop
2011-08-29 17:26:50 -------- d-----w- c:\program files\FrostWire
2011-08-29 17:08:45 -------- d-----w- c:\users\owner\FrostWire
2011-08-29 17:02:14 -------- d-----w- c:\users\owner\appdata\local\FrostWire Pro
2011-08-28 16:59:57 -------- d-----w- c:\users\owner\appdata\local\{6E70A0FE-19FC-4F41-B078-B7FB0729C832}
2011-08-28 15:34:39 -------- d-----w- c:\users\owner\appdata\local\Facebook
2011-08-24 17:15:24 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-21 19:17:39 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-08-17 19:57:44 -------- d-----w- c:\users\owner\riotsGamesLogs
2011-08-17 19:39:24 -------- d-----w- c:\users\owner\appdata\roaming\LolClient
2011-08-17 14:47:49 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-08-17 14:47:48 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-08-17 14:47:46 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-08-17 14:47:45 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-08-17 14:47:43 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-08-17 04:35:45 -------- d-----w- c:\program files\Pando Networks
2011-08-17 04:11:08 -------- d-----w- c:\program files\Project64 1.6
2011-08-17 02:59:31 -------- d-----w- c:\users\owner\appdata\local\Google
2011-08-17 02:59:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-17 02:59:16 -------- d-----w- c:\users\owner\appdata\local\Conduit
2011-08-17 02:57:59 -------- d-----w- c:\users\owner\appdata\roaming\uTorrent
.
==================== Find3M ====================
.
2011-09-07 16:38:55 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 07:09:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec
2011-06-15 09:04:46 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:41:15.29 ===============


Report •

Related Solutions

#4
September 7, 2011 at 20:36:08
adivirgi,

Looks as if you are infected with the ZeroAccess Rootkit.

Please download SystemLook from one of the links below:
http://jpshortstuff.247Fixes.com/Sy...
http://images.malwareremoval.com/jp...

Save the file to the Desktop

Double-click SystemLook.exe to run it.
Copy all of the following into the open textfield:

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /sub

:filefind
consrv.dll 
winsrv.dll


Click the Look button to start the scan.
When finished, a Notepad window opens with the results of the scan.

Please post the SystemLook.txt in your reply.


Also, do the following:

Click the Start globe, and type System in the Start Search box
In the list that shows above, under Control Panel, click: System

The operating system is displayed as follows:
System Type > System: '64-bit Operating System'
System Type > System: '32-bit Operating System'

Which one is displaying? 32-bit, or, 64-bit?


Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#5
September 7, 2011 at 20:47:13
The system type is 32-bit operating system.


SystemLook 30.07.11 by jpshortstuff
Log created at 23:44 on 07/09/2011 by Owner
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=""
@="mnmsrvc"
"Kmode"="\SystemRoot\System32\win32k.sys"
"Optional"="Posix"
"Posix"="%SystemRoot%\system32\psxss.exe"
"Required"="Debug Windows"
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase"= 0x007f6f0000 (2137980928)


========== filefind ==========

Searching for "consrv.dll "
No files found.

Searching for "winsrv.dll"
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_b886008dfa974eb6\winsrv.dll --a---- 169472 bytes [18:04 21/06/2011] [12:21 20/11/2010] A9F564F254E9DDDE120A7135767EC24B
C:\Windows\System32\winsrv.dll --a---- 169984 bytes [14:53 11/08/2011] [04:37 16/07/2011] 008F51AE989C3DF1CBAF8B39DC423CCC
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_b654ecc5fda8cb1c\winsrv.dll --a---- 169472 bytes [23:25 13/07/2009] [01:16 14/07/2009] 827E4F75901CA3F990B1487D3301841E
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16816_none_b6a1a601fd6f129f\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [06:35 14/05/2011] 955CDF38E16B659DD7E1DF48C75E962C
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16823_none_b693d537fd79e28b\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [05:59 02/06/2011] 5D64830655890B64D717392CFE4CEDA7
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_b6706495fd94ea59\winsrv.dll --a---- 169984 bytes [14:53 11/08/2011] [04:37 16/07/2011] 008F51AE989C3DF1CBAF8B39DC423CCC
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20978_none_b6ec63d916bb8cbd\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [06:04 03/06/2011] 69DE8C799BA07A0EF6B834F76B4C0711
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_b6d3c32316ce789a\winsrv.dll --a---- 169984 bytes [14:54 11/08/2011] [04:31 24/06/2011] BA5584A89EEB75FC2942CFD7C90766F7
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_b8890351fa9497e2\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [06:30 14/05/2011] BA64A75A87C78D60D2A5919F5FB6A90A
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_b87c32d1fa9e8125\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [06:01 03/06/2011] EFCAEF8437ED81CE4AEF7465011D090C
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_b86291d1fab253ab\winsrv.dll --a---- 169984 bytes [14:53 11/08/2011] [04:27 24/06/2011] 183B4188D5D91B271613EC3EFD1B3CEF
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_b908d07b13b96cf4\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [07:43 14/05/2011] C47DE705BE85D4E6D7FC24E8F86B3612
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_b8fe008f13c188e5\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [07:19 03/06/2011] 83873E04B9C4192C7CC06C2BBAD6B85D
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_b8e6602313d38e19\winsrv.dll --a---- 169984 bytes [14:54 11/08/2011] [06:05 24/06/2011] AB00D1D5B8C4D59D641A626240E90589

-= EOF =-


Report •

#6
September 7, 2011 at 20:52:35

Report •

#7
September 7, 2011 at 20:53:11
and everytime i delete that stuff manually.. its just keeps coming back cause i cant find that hidden file.

Report •

#8
September 7, 2011 at 21:31:36
adivirgi,

Please do not run any other program, other than the ones I request for you to run. It just makes things worse, may prolong the infection, and you do not want that!! Although some programs may detect this Rootkit, not every program can remove it.

Thanks for the 32-bit info. ZeroAccess affects systems in different ways.

Please do the following:

Download DummyCreator.zip
http://download.bleepingcomputer.co...

Unzip it:
Right-click and select: Extract allÂ…
Follow the prompts to extract

Open the new folder that appears on the Desktop
Double-click DummyCreator/DummyMaker to run the tool.
Now, copy/paste the following into the box:

C:\Windows\1724641582

Press the Create button.

(The malicious file is now contained in a locked folder, and you will be able to run the tools instructed.)

Save the content of the Result.txt to your Desktop, and post it along with the report of the next tool.

~~~~
Now, if you have ComboFix (CF) already on your Desktop, please remove it! We'll download an updated version.

Download:
http://download.bleepingcomputer.co...


Save ComboFix.exe to your Desktop!!

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may interfere with the running of CF.

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
http://www.bleepingcomputer.com/for...


Right-click on ComboFix.exe, and select: Run as Administrator.


Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply, along with the report of the previous tool.


Notes:

1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Signing off for tonight. Will be back tomorrow!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#9
September 8, 2011 at 07:38:09
http://i108.photobucket.com/albums/...

this is the message that has been showing up for Malwarebytes' , Superanti Spyware, GMER And Spybot Search and Destroy.


Report •

#10
September 8, 2011 at 09:16:07
Did you follow Post #8 above?

The message displayed is not unusual for this infection.

You do need to follow the steps presented, and, in the proper sequence, though. Otherwise, we are banging our heads against the wall!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#11
September 8, 2011 at 11:56:58
yes i did. i dont know how to open it now

Report •

#12
September 8, 2011 at 12:27:22
The Result.txt, and the ComboFix.txt should both be showing on your Desktop.

Just double-click to open, copy/paste, and post them, please.

If Results.txt is not on your Desktop, it is inside the DummyCreator folder you saved on the Desktop.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#13
September 8, 2011 at 14:59:18
Try this to see the ComboFix report:

Press the "Windows key" and the "R" key at the same time.

Copy/paste the following into the Open area:

C:\ComboFix.txt

Click: OK

Please provide the ComboFix report in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Ask Question