Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bluescreen + IE&Avast disactivated


  • This topic is locked This topic is locked

#1
theocyt

theocyt

    New Member

  • Member
  • Pip
  • 9 posts
Hello,
I feel i've been infested since some days.
My computer is a shared computer with windows XP SP2, connected to internet.
Some user use some USB keys.

I get lots of blue screen with a message related to memory management.
I'm not able to launch Internet explorer. Each time I click the icone, the windows is opening and shutted down at the same very moment.
Mozilla is regularly shutted down because of error not named.

I'm not able to execute manually the update of avast. No action when I click buttons.

To find an issue :
I firstly try to install Malwarebytes. Don't able to execute.
Then I try securiser, an antivrus in line. Not able to run too.


Then I try OTL. Please see below the result.

Could you help me to determine wich malware is installed and how to get free of it.

Thanks,

Claire

OTL logfile created on: 07/08/2011 14:57:36 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = F:\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 74,96% Memory free
3,85 Gb Paging File | 3,55 Gb Available in Paging File | 92,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30,27 Gb Total Space | 13,93 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 79,04 Gb Free Space | 80,94% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 20,06 Gb Free Space | 20,55% Space Free | Partition Type: NTFS
Drive F: | 72,50 Gb Total Space | 49,81 Gb Free Space | 68,71% Space Free | Partition Type: NTFS

Computer Name: CCH-NC10 | User Name: Theocyt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 14:57:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\Téléchargements\OTL.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/12/03 21:50:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 14:57:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\Téléchargements\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/05/08 12:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/28 11:22:37 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/02/28 09:31:21 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/07/05 14:55:58 | 000,043,392 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/06/15 10:02:22 | 000,142,464 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
DRV - [2006/05/29 18:04:50 | 000,217,088 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006/05/23 02:56:00 | 000,245,248 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/02/07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouGoo"
FF - prefs.js..browser.startup.homepage: "http://www.yougoo.fr/annuaire"
FF - prefs.js..extensions.enabledItems: [email protected]:1.04
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://www.yougoo.fr...aire?search&q="

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/05 07:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/12 09:24:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/28 11:31:38 | 000,000,000 | ---D | M]

[2011/03/12 09:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theocyt\Application Data\Mozilla\Extensions
[2011/03/23 15:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theocyt\Application Data\Mozilla\Firefox\Profiles\hd1ien52.default\extensions
[2011/03/23 15:27:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Theocyt\Application Data\Mozilla\Firefox\Profiles\hd1ien52.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/12 09:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theocyt\Application Data\Mozilla\Firefox\Profiles\hd1ien52.default\extensions\[email protected]
[2011/04/15 20:07:48 | 000,003,711 | ---- | M] () -- C:\Documents and Settings\Theocyt\Application Data\Mozilla\Firefox\Profiles\hd1ien52.default\searchplugins\YouGoo.xml
[2011/03/06 12:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/06 12:09:19 | 000,000,000 | ---D | M] (Toolbar Iadah) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/07/05 07:59:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/12/03 20:04:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/12/03 20:04:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/12/03 20:04:57 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/12/03 20:04:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/12/03 20:04:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Iadah Toolbar) - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files\DevNet\Toolbar\DevNet.dll (DevNet)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Gestionnaire de liaison sans fil] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impot...gnerADP-2.0.cab (AdVerifierADPCtrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Theocyt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Theocyt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/14 13:12:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41828fbc-4280-11e0-9d66-0018f3683b4b}\Shell - "" = AutoRun
O33 - MountPoints2\{41828fbc-4280-11e0-9d66-0018f3683b4b}\Shell\AutoRun\command - "" = N:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 14:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theocyt\Application Data\Malwarebytes
[2011/08/07 14:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/07 14:46:30 | 000,000,000 | ---D | C] -- F:\Téléchargements
[2011/07/14 14:13:34 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/07/11 14:13:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Theocyt\Menu Démarrer\Programmes\Outils d'administration
[2011/07/11 14:00:45 | 000,000,000 | ---D | C] -- F:\Photo Paris
[2011/07/09 15:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theocyt\Bureau\Messes obsèques
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 14:30:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/07 14:29:45 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/07 14:29:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 21:02:59 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Theocyt\intlname.ols
[2011/08/03 11:56:34 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Theocyt\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2011/07/30 09:41:15 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Theocyt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/14 09:59:40 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 09:56:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 08:46:14 | 000,029,244 | ---- | M] () -- F:\100 ANS Roquin Choutet 054(1).jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 11:56:34 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Theocyt\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2011/07/11 08:51:23 | 000,029,244 | ---- | C] () -- F:\100 ANS Roquin Choutet 054(1).jpg
[2011/06/05 11:09:17 | 000,260,248 | ---- | C] () -- C:\WINDOWS\System32\QMO.dll
[2011/06/05 11:09:17 | 000,092,312 | ---- | C] () -- C:\WINDOWS\System32\QMOCameraDll.dll
[2011/04/01 18:03:40 | 054,097,512 | ---- | C] () -- C:\Program Files\avast_free6_01Net.exe
[2011/03/12 09:24:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/02 10:29:43 | 095,335,128 | ---- | C] () -- C:\Program Files\setup_ais.exe
[2011/02/28 09:31:22 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\unwlsdrv.exe
[2010/11/04 11:38:12 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/10/11 21:19:27 | 000,008,731 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009/05/16 16:36:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2009/05/16 15:22:58 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/26 00:19:39 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Theocyt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 13:18:38 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/14 13:17:32 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/14 13:17:11 | 000,022,359 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/03/14 13:17:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/14 13:17:04 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/03/14 13:14:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 13:09:52 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/01 11:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 11:22:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/06/01 11:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 11:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/01 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 11:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/01 11:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/01 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/01 11:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 14:00:00 | 000,503,644 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/05 14:00:00 | 000,435,412 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 14:00:00 | 000,081,642 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/05 14:00:00 | 000,068,308 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/01 11:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/01 18:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/28 09:22:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/11 21:26:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/07/01 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2011/04/17 17:24:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/10/11 21:26:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/02/28 09:28:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/08/01 08:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/03/31 09:00:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/02/28 09:28:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2011/02/28 11:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/03 15:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/10/03 17:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/04/18 13:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/05 12:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/11/04 11:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/02/28 18:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/31 09:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theocyt\Application Data\Canon
[2011/02/28 11:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theocyt\Application Data\DAEMON Tools Lite
[2011/01/01 21:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theocyt\Application Data\DAEMON Tools Pro
[2011/02/28 08:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theocyt\Application Data\FileMaker
[2011/04/15 20:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theocyt\Application Data\Icones
[2010/09/12 18:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theocyt\Application Data\Nokia
[2009/10/03 15:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theocyt\Application Data\PC Suite
[2010/11/04 11:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Theocyt\Application Data\ScanSoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Claire, lets see if we can find the cause

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
theocyt

theocyt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello Essex,
I was not connected during sunday and monday. I'll do it, as soon as I came back at home and update the thread with the log of prog.
Thank you for the clear explanation.
Claire
  • 0

#4
theocyt

theocyt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello,

Please find enclose the log of the prog you propose me.

I saw in red this :
...system32/ntd11.d11

Claire

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-09 20:00:52
-----------------------------
20:00:52.187 OS Version: Windows 5.1.2600 Service Pack 3
20:00:52.187 Number of processors: 2 586 0xF06
20:00:52.187 ComputerName: CCH-NC10 UserName: Theocyt
20:00:52.500 Initialize success
20:00:52.546 AVAST engine defs: 11071100
20:01:40.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:01:40.781 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA52A Size: 305245MB BusType: 3
20:01:42.796 Disk 0 MBR read successfully
20:01:42.796 Disk 0 MBR scan
20:01:42.796 Disk 0 Windows XP default MBR code
20:01:42.796 Disk 0 scanning sectors +625121280
20:01:42.843 Disk 0 scanning C:\WINDOWS\system32\drivers
20:01:50.453 Service scanning
20:01:50.734 Service NVSvc C:\WINDOWS\system32\nvsvc32.exe **HIDDEN**
20:01:50.796 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:01:51.328 Modules scanning
20:01:54.906 Disk 0 trace - called modules:
20:01:54.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:01:54.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db2030]
20:01:54.921 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000070[0x89d90f18]
20:01:54.921 5 ACPI.sys[b9e56620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d8fd98]
20:01:55.078 AVAST engine scan C:\WINDOWS
20:02:00.984 AVAST engine scan C:\WINDOWS\system32
20:02:41.984 AVAST engine scan C:\WINDOWS\system32\drivers
20:02:50.000 AVAST engine scan C:\Documents and Settings\Theocyt
20:04:49.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Theocyt\Bureau\MBR.dat"
20:04:49.390 The log file has been saved successfully to "C:\Documents and Settings\Theocyt\Bureau\aswMBR.txt"

Attached Files


Edited by Essexboy, 10 August 2011 - 11:13 AM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Okey Dokey methinks that the problem may reside there

Two programmes for you to run, one a targeted programme and the other a general sweeper up.
As you have Avast when you run these programmes right click the orange blob, select shield control , select disable for one hour.
Also do not let Avast sandbox anything - run as normall



Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

THEN

Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
theocyt

theocyt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Essex,

Thx a lot for the time you spend for me !
Same as previous time, I'd to wait till tonight to do it. Working time is going on. I'll answer at this moment.

Claire
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problemo :)
  • 0

#8
theocyt

theocyt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello Essex,

Please find enclse the log of TDSS without any malware detected.
After running ComboFix one time, after the "scanning" I validate the popup installation.
Then it was stopped because of internal erreur (message windows regardnig an error while GREP.exe is executed)

Claire

2011/08/12 19:39:19.0312 2328 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/12 19:39:19.0578 2328 ================================================================================
2011/08/12 19:39:19.0578 2328 SystemInfo:
2011/08/12 19:39:19.0578 2328
2011/08/12 19:39:19.0578 2328 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/12 19:39:19.0578 2328 Product type: Workstation
2011/08/12 19:39:19.0578 2328 ComputerName: CCH-NC10
2011/08/12 19:39:19.0578 2328 UserName: Theocyt
2011/08/12 19:39:19.0578 2328 Windows directory: C:\WINDOWS
2011/08/12 19:39:19.0578 2328 System windows directory: C:\WINDOWS
2011/08/12 19:39:19.0578 2328 Processor architecture: Intel x86
2011/08/12 19:39:19.0578 2328 Number of processors: 2
2011/08/12 19:39:19.0578 2328 Page size: 0x1000
2011/08/12 19:39:19.0578 2328 Boot type: Normal boot
2011/08/12 19:39:19.0578 2328 ================================================================================
2011/08/12 19:39:20.0734 2328 Initialize success
2011/08/12 19:39:27.0531 2724 ================================================================================
2011/08/12 19:39:27.0531 2724 Scan started
2011/08/12 19:39:27.0531 2724 Mode: Manual;
2011/08/12 19:39:27.0531 2724 ================================================================================
2011/08/12 19:39:27.0750 2724 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/12 19:39:27.0796 2724 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/12 19:39:27.0828 2724 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/12 19:39:27.0859 2724 ADIDTSFiltService (175b51ddf26e9d06722beec50ac15a9a) C:\WINDOWS\system32\drivers\adidts.sys
2011/08/12 19:39:27.0875 2724 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/08/12 19:39:27.0906 2724 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/08/12 19:39:27.0937 2724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/12 19:39:28.0000 2724 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/12 19:39:28.0078 2724 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/12 19:39:28.0156 2724 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/12 19:39:28.0156 2724 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/12 19:39:28.0187 2724 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/12 19:39:28.0203 2724 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/12 19:39:28.0218 2724 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/12 19:39:28.0234 2724 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/12 19:39:28.0265 2724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/12 19:39:28.0281 2724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/12 19:39:28.0312 2724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/12 19:39:28.0343 2724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/12 19:39:28.0375 2724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/12 19:39:28.0390 2724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/12 19:39:28.0437 2724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/12 19:39:28.0453 2724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/12 19:39:28.0484 2724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/12 19:39:28.0546 2724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/12 19:39:28.0578 2724 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/12 19:39:28.0609 2724 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/12 19:39:28.0609 2724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/12 19:39:28.0640 2724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/12 19:39:28.0687 2724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/12 19:39:28.0703 2724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/12 19:39:28.0718 2724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/12 19:39:28.0734 2724 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/12 19:39:28.0765 2724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/12 19:39:28.0796 2724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/12 19:39:28.0812 2724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/12 19:39:28.0843 2724 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/12 19:39:28.0875 2724 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/12 19:39:28.0906 2724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/12 19:39:28.0921 2724 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/12 19:39:28.0937 2724 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/12 19:39:28.0984 2724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/12 19:39:29.0062 2724 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/12 19:39:29.0078 2724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/12 19:39:29.0125 2724 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/12 19:39:29.0156 2724 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/12 19:39:29.0171 2724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/12 19:39:29.0187 2724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/12 19:39:29.0203 2724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/12 19:39:29.0218 2724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/12 19:39:29.0250 2724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/12 19:39:29.0296 2724 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/12 19:39:29.0328 2724 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
2011/08/12 19:39:29.0343 2724 JRAID (f561c67e8e9c598051d4f83296fd1201) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/08/12 19:39:29.0359 2724 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/12 19:39:29.0390 2724 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/12 19:39:29.0421 2724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/12 19:39:29.0437 2724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/12 19:39:29.0515 2724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/12 19:39:29.0546 2724 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/12 19:39:29.0625 2724 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/12 19:39:29.0671 2724 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/12 19:39:29.0750 2724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/12 19:39:29.0765 2724 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/12 19:39:29.0812 2724 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/12 19:39:29.0828 2724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/12 19:39:29.0859 2724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/12 19:39:29.0921 2724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/12 19:39:29.0937 2724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/12 19:39:29.0953 2724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/12 19:39:29.0984 2724 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/08/12 19:39:30.0015 2724 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/12 19:39:30.0062 2724 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/12 19:39:30.0109 2724 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/12 19:39:30.0125 2724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/12 19:39:30.0140 2724 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/12 19:39:30.0171 2724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/12 19:39:30.0203 2724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/12 19:39:30.0312 2724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/12 19:39:30.0406 2724 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/12 19:39:30.0421 2724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/12 19:39:30.0484 2724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/12 19:39:30.0531 2724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/12 19:39:30.0671 2724 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/12 19:39:30.0734 2724 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
2011/08/12 19:39:30.0812 2724 Boot (0x1200) (274bf4cf717624c312381a8066527413) \Device\Harddisk0\DR0\Partition0
2011/08/12 19:39:30.0828 2724 Boot (0x1200) (5269c6ff089a08a164571e8eea23eaf6) \Device\Harddisk0\DR0\Partition1
2011/08/12 19:39:30.0843 2724 Boot (0x1200) (a9b91a73ad89c56f78ccfc3566b9519e) \Device\Harddisk0\DR0\Partition2
2011/08/12 19:39:30.0875 2724 Boot (0x1200) (611c087093717c1bf3a501fd1b14d25b) \Device\Harddisk0\DR0\Partition3
2011/08/12 19:39:30.0890 2724 ================================================================================
2011/08/12 19:39:30.0890 2724 Scan finished
2011/08/12 19:39:30.0890 2724 ================================================================================
2011/08/12 19:39:30.0890 2716 Detected object count: 0
2011/08/12 19:39:30.0890 2716 Actual detected object count: 0

Edited by theocyt, 12 August 2011 - 12:02 PM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK well that sailed right past it and combofix did not want to play - I would like you to run an AV and Analysis scan now using AVPTool. After the virus check is done it will then conduct a system analysis for me and I should then be able to locate the miscreant. The scan could take a while, so if you do not have time then go direct to the analysis scan.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Automatic Scan report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#10
theocyt

theocyt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello Essex !

Seems to be really mecreants !!
When I dl the kaspersky removal tool on the infested computer I'm not able to set-up the prog because of corrupt file.
With the same DL on other computer, I'm able to install and scan...

Sorry for that,

Claire
  • 0

Advertisements


#11
theocyt

theocyt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Essex,

Did you think that installation on dual boot, or with a 'linux' system installed on usb key will not allow us to run what ever scanning program to locate the mecreant.
(but I don't know which anti virus/malwares... is able to run on such OS.

Claire
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We have an alternative - but this will mean creating a boot cd so that we can work outside of windows

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.
    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#13
theocyt

theocyt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello Essex,

I spend all the afternoon to scan with webDr .. ! some files containing erros but no mecreants detected.
After this I lucnh OTL. Please find enclose the log file.
Then I try to reinstall Kaspersky Virus removal Tool. The same install used on a "clean pc" still does not work.

Claire
  • 0

#14
theocyt

theocyt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
to quick !

Attached Files


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that means that the AVP download is corrupt - I will check out the site myself

Avast appears to be running from the log, what are your current problems ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP