Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"C:\WINDOWS\system32\wuauclt.exe (2424):\memor


  • This topic is locked This topic is locked

#1
Goldie106

Goldie106

    Member

  • Member
  • PipPip
  • 28 posts
Hi My PC has been infected with a Trojen horse I think, I have AVG which finds the trojan but can remove it as it say it is in accesable. When i run the scann it comes up with the following:-

"C:\WINDOWS\system32\wuauclt.exe (2424):\memory_001b0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\system32\wuauclt.exe (2424)";"Trojan horse Agent_r.XJ";""
"C:\WINDOWS\system32\svchost.exe (1204):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\system32\svchost.exe (1204)";"Trojan horse Agent_r.XJ";""
"C:\WINDOWS\explorer.exe (2288):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\explorer.exe (2288)";"Trojan horse Agent_r.XJ";""
"C:\Program Files\Mozilla Firefox\firefox.exe (460):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\Program Files\Mozilla Firefox\firefox.exe (460)";"Trojan horse Agent_r.XJ";""
"C:\Program Files\Mozilla Firefox\firefox.exe (3752):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\Program Files\Mozilla Firefox\firefox.exe (3752)";"Trojan horse Agent_r.XJ";""
"C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (444):\memory_01d90000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (444):\memory_01190000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (444)";"Trojan horse Agent_r.XJ";""
"C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (3424):\memory_00f10000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (3424)";"Trojan horse Agent_r.XJ";""

Pleeeeease Help
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Goldie106 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
Goldie106

Goldie106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Thanks for the reply, I have trired TDSSKiller but it stops at 80% and crashes and I get a messege saying it has encountered at problem and need to close, What shall I do
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart in safe mode and try to run TDSSKiller from there. If you fail please do Step 2 and post log

Restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#5
Goldie106

Goldie106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi I tried TDSSKiller in safe mode but same thing, aswMBR log is :-

aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-29 15:20:17
-----------------------------
15:20:17.890 OS Version: Windows 5.1.2600 Service Pack 2
15:20:17.890 Number of processors: 1 586 0x1601
15:20:17.890 ComputerName: TILL-TWO UserName:
15:20:18.218 Initialize success
15:20:27.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
15:20:27.875 Disk 0 Vendor: WDC_WD800AAJS-00WAA0 58.01D58 Size: 76319MB BusType: 3
15:20:27.875 Device \Driver\atapi -> DriverStartIo 8736433b
15:20:29.890 Disk 0 MBR read successfully
15:20:29.890 Disk 0 MBR scan
15:20:29.906 Disk 0 [email protected] code has been found
15:20:29.906 Disk 0 MBR hidden
15:20:29.921 Disk 0 MBR [TDL4] **ROOTKIT**
15:20:29.937 Disk 0 trace - called modules:
15:20:29.937 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86cefa28]<<
15:20:29.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8737aab8]
15:20:29.968 Scan finished successfully
15:20:52.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SiNQUA EPoS\Desktop\MBR.dat"
15:20:52.546 The log file has been saved successfully to "C:\Documents and Settings\SiNQUA EPoS\Desktop\aswMBR.txt"
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I think we have it. Let's do the fix.

Step 1

Re-Run aswMBR

  • Click Scan
  • On completion of the scan
  • Click the Fix button (Don't press FixMBR button)
  • Save the log as before and post in your next reply

Step 2

Try TDSSKiller now and post log here for me.

Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#7
Goldie106

Goldie106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-30 08:08:01
-----------------------------
08:08:01.296 OS Version: Windows 5.1.2600 Service Pack 2
08:08:01.296 Number of processors: 1 586 0x1601
08:08:01.296 ComputerName: TILL-TWO UserName:
08:08:01.937 Initialize success
08:08:05.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
08:08:05.031 Disk 0 Vendor: WDC_WD800AAJS-00WAA0 58.01D58 Size: 76319MB BusType: 3
08:08:05.031 Device \Driver\atapi -> DriverStartIo 86f6f33b
08:08:07.046 Disk 0 MBR read successfully
08:08:07.062 Disk 0 MBR scan
08:08:07.062 Disk 0 [email protected] code has been found
08:08:07.062 Disk 0 MBR hidden
08:08:07.062 Disk 0 MBR [TDL4] **ROOTKIT**
08:08:07.062 Disk 0 trace - called modules:
08:08:07.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86f6f4f0]<<
08:08:07.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f82ab8]
08:08:07.062 3 CLASSPNP.SYS[f763d05b] -> nt!IofCallDriver -> \Device\0000006b[0x86f0df18]
08:08:07.062 5 ACPI.sys[f74d3620] -> nt!IofCallDriver -> [0x86f91d98]
08:08:07.062 \Driver\atapi[0x86f67c78] -> IRP_MJ_CREATE -> 0x86f6f4f0
08:08:07.062 Scan finished successfully
08:08:13.375 Disk 0 fixing MBR
08:08:23.375 Disk 0 MBR restored successfully
08:08:23.375 Infection fixed successfully - please reboot ASAP
08:08:34.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SiNQUA EPoS\Desktop\MBR.dat"
08:08:34.343 The log file has been saved successfully to "C:\Documents and Settings\SiNQUA EPoS\Desktop\aswMBR2.txt"
  • 0

#8
Goldie106

Goldie106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Also I keep getting a messege "avgrsx.exe has failed to start because MSVCR80.dll was not found, re installing application may fix this problem?
  • 0

#9
Goldie106

Goldie106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Me again I jus ran AVG but it is still reporting the same trojans, Thanks
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Goldie106,

Please try to run TDSSKiller in normal or Safe mode. I would live to see that log.
  • 0

Advertisements


#11
Goldie106

Goldie106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi TDSS Killer ran fine this time and found a fault and cured it here is the log

2011/05/03 14:01:09.0562 3912 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 14:01:10.0109 3912 ================================================================================
2011/05/03 14:01:10.0125 3912 SystemInfo:
2011/05/03 14:01:10.0125 3912
2011/05/03 14:01:10.0125 3912 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/03 14:01:10.0125 3912 Product type: Workstation
2011/05/03 14:01:10.0125 3912 ComputerName: TILL-TWO
2011/05/03 14:01:10.0125 3912 UserName: SiNQUA EPoS
2011/05/03 14:01:10.0125 3912 Windows directory: C:\WINDOWS
2011/05/03 14:01:10.0125 3912 System windows directory: C:\WINDOWS
2011/05/03 14:01:10.0125 3912 Processor architecture: Intel x86
2011/05/03 14:01:10.0125 3912 Number of processors: 1
2011/05/03 14:01:10.0125 3912 Page size: 0x1000
2011/05/03 14:01:10.0125 3912 Boot type: Normal boot
2011/05/03 14:01:10.0125 3912 ================================================================================
2011/05/03 14:01:11.0031 3912 Initialize success
2011/05/03 14:01:57.0328 1852 ================================================================================
2011/05/03 14:01:57.0328 1852 Scan started
2011/05/03 14:01:57.0328 1852 Mode: Manual;
2011/05/03 14:01:57.0328 1852 ================================================================================
2011/05/03 14:02:05.0484 1852 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/03 14:02:06.0718 1852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/03 14:02:08.0000 1852 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/03 14:02:09.0015 1852 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/03 14:02:13.0953 1852 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/03 14:02:14.0593 1852 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/03 14:02:15.0296 1852 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/03 14:02:15.0640 1852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/03 14:02:16.0140 1852 AVGIDSDriver (646cccd12886facb8676bdd9b7d54e29) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/03 14:02:16.0484 1852 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/03 14:02:16.0750 1852 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/03 14:02:17.0281 1852 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/03 14:02:17.0718 1852 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/03 14:02:18.0015 1852 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/03 14:02:18.0531 1852 Avgrkx86 (ffbe8adeb1fd8640540bf6e4a137b3ef) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/03 14:02:18.0890 1852 Avgtdix (69e6adf5cbbdeb5f2b727c93937a5823) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/03 14:02:19.0437 1852 AVPsys (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\cdaudio.sys
2011/05/03 14:02:19.0843 1852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/03 14:02:20.0125 1852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/03 14:02:20.0546 1852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/03 14:02:20.0765 1852 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/03 14:02:21.0328 1852 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/03 14:02:23.0312 1852 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/03 14:02:24.0031 1852 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/03 14:02:24.0859 1852 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/03 14:02:25.0203 1852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/03 14:02:25.0359 1852 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/03 14:02:25.0718 1852 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/03 14:02:25.0906 1852 EGXFilter (4643ef38587894b18e6bb73e7fbcf644) C:\WINDOWS\system32\drivers\egxfilter.sys
2011/05/03 14:02:26.0593 1852 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/03 14:02:27.0000 1852 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/03 14:02:27.0187 1852 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/03 14:02:27.0750 1852 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/03 14:02:28.0281 1852 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/03 14:02:29.0250 1852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/03 14:02:29.0906 1852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/03 14:02:30.0296 1852 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 14:02:30.0750 1852 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/03 14:02:31.0468 1852 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/03 14:02:31.0812 1852 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/03 14:02:32.0593 1852 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/03 14:02:33.0390 1852 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/03 14:02:35.0031 1852 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/03 14:02:37.0812 1852 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/03 14:02:39.0578 1852 IntcAzAudAddService (915ce2a58c6917e3c53be1e91fa66ba8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/03 14:02:42.0859 1852 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/03 14:02:43.0796 1852 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/03 14:02:44.0531 1852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/03 14:02:45.0578 1852 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/03 14:02:46.0171 1852 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/03 14:02:46.0984 1852 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/03 14:02:47.0937 1852 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/03 14:02:48.0265 1852 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/03 14:02:48.0578 1852 ISWKL (ca1971e21609f22e07a95cc3147b6ced) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/05/03 14:02:49.0031 1852 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/03 14:02:49.0453 1852 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/03 14:02:49.0812 1852 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/03 14:02:50.0234 1852 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/03 14:02:51.0093 1852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/03 14:02:51.0468 1852 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/03 14:02:51.0843 1852 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/03 14:02:51.0890 1852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/03 14:02:51.0937 1852 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/03 14:02:52.0015 1852 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/03 14:02:52.0359 1852 MpKsla4e864f2 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DCEF6B2-EC3D-4E4C-8C84-330EEC4AB717}\MpKsla4e864f2.sys
2011/05/03 14:02:53.0203 1852 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/03 14:02:53.0484 1852 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/03 14:02:55.0046 1852 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/03 14:02:55.0937 1852 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/03 14:02:56.0031 1852 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/03 14:02:56.0312 1852 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/03 14:02:56.0546 1852 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/03 14:02:56.0921 1852 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/03 14:02:57.0343 1852 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/03 14:02:58.0046 1852 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/03 14:02:58.0703 1852 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/03 14:02:59.0625 1852 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/03 14:03:00.0640 1852 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/03 14:03:01.0453 1852 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/03 14:03:02.0578 1852 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/03 14:03:03.0671 1852 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/03 14:03:04.0828 1852 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/03 14:03:07.0109 1852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/03 14:03:07.0578 1852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/03 14:03:08.0312 1852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/03 14:03:09.0062 1852 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/03 14:03:10.0015 1852 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/03 14:03:10.0687 1852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/03 14:03:11.0531 1852 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/03 14:03:12.0718 1852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/03 14:03:13.0265 1852 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/03 14:03:16.0921 1852 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/03 14:03:17.0687 1852 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/03 14:03:18.0687 1852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/03 14:03:20.0093 1852 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/03 14:03:23.0390 1852 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys
2011/05/03 14:03:24.0828 1852 RapportEI (dfd7ac211b7577409498713ed9d38384) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/05/03 14:03:25.0500 1852 RapportPG (f898cfc346f765460126a634d9523605) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/05/03 14:03:26.0265 1852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/03 14:03:26.0625 1852 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/03 14:03:27.0109 1852 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/03 14:03:27.0421 1852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/03 14:03:27.0593 1852 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/03 14:03:28.0156 1852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/03 14:03:28.0562 1852 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/03 14:03:29.0000 1852 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/03 14:03:29.0343 1852 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/03 14:03:29.0984 1852 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/03 14:03:30.0312 1852 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/03 14:03:30.0734 1852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/03 14:03:30.0984 1852 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/03 14:03:31.0343 1852 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/03 14:03:31.0718 1852 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/03 14:03:32.0343 1852 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/03 14:03:32.0593 1852 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/03 14:03:32.0953 1852 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/03 14:03:33.0593 1852 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/03 14:03:34.0140 1852 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/03 14:03:35.0500 1852 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/03 14:03:35.0953 1852 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/03 14:03:36.0718 1852 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/03 14:03:36.0859 1852 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/03 14:03:37.0312 1852 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/03 14:03:37.0687 1852 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/03 14:03:38.0515 1852 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/03 14:03:39.0687 1852 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/03 14:03:40.0359 1852 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/03 14:03:40.0953 1852 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/03 14:03:41.0546 1852 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/03 14:03:42.0765 1852 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/03 14:03:43.0328 1852 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/03 14:03:43.0687 1852 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/03 14:03:44.0015 1852 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/03 14:03:44.0562 1852 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/03 14:03:45.0031 1852 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/05/03 14:03:46.0000 1852 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/03 14:03:46.0359 1852 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/03 14:03:47.0015 1852 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/03 14:03:47.0328 1852 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/03 14:03:47.0921 1852 xTouch (68fc0de651e0c93b18348c76619da30d) C:\WINDOWS\system32\DRIVERS\xtouch.sys
2011/05/03 14:03:48.0562 1852 yukonwxp (9278a9870d9e919b20ebc17299fbb107) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/05/03 14:03:57.0562 1852 ================================================================================
2011/05/03 14:03:57.0562 1852 Scan finished
2011/05/03 14:03:57.0562 1852 ================================================================================
2011/05/03 14:05:55.0218 3864 Deinitialize success
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Goldie106,

Step 1

The error you receive for avgrsx.exe is related to your AVG.

We need to remove AVG from your system. Please download AVG Remover and run it in order to remove AVG.

Step 2

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.

After reboot there should be log in Program settings then Reports. Post that log here for me.

Step 3

Please remove your version of aswMBR and download new one. Scan your system and post log here for me.

Step 4

Please don't forget to include these items in your reply:

  • Avast log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#13
Goldie106

Goldie106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Doin those scans now, Also I keep getting a messege that says MSVCR80.dll is missing?
  • 0

#14
Goldie106

Goldie106

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Mate Did both of those scans but I can manage to copy the Avast log i can find where to open so I can copy it, It did gind $ infections which it deleted or repaired, Here is the log for aswMBR any way

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-04 09:41:32
-----------------------------
09:41:32.093 OS Version: Windows 5.1.2600 Service Pack 2
09:41:32.093 Number of processors: 1 586 0x1601
09:41:32.093 ComputerName: TILL-TWO UserName:
09:41:32.718 Initialize success
09:41:41.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
09:41:41.125 Disk 0 Vendor: WDC_WD800AAJS-00WAA0 58.01D58 Size: 76319MB BusType: 3
09:41:43.125 Disk 0 MBR read successfully
09:41:43.125 Disk 0 MBR scan
09:41:43.125 Disk 0 Windows XP default MBR code
09:41:45.125 Disk 0 scanning sectors +156280320
09:41:45.140 Disk 0 scanning C:\WINDOWS\system32\drivers
09:41:49.781 Service scanning
09:41:51.109 Disk 0 trace - called modules:
09:41:51.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:41:51.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f47ab8]
09:41:51.125 3 CLASSPNP.SYS[f763d05b] -> nt!IofCallDriver -> \Device\00000068[0x86f86f18]
09:41:51.125 5 ACPI.sys[f74d3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x86f4ad98]
09:41:51.125 Scan finished successfully
09:41:59.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SiNQUA EPoS\Desktop\MBR.dat"
09:41:59.296 The log file has been saved successfully to "C:\Documents and Settings\SiNQUA EPoS\Desktop\aswMBR.txt"
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
aswMBR and TDSKiller log looks clean. How is your system now? Any problems?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP