Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

security sheild virus slowing my computer [Closed]


  • This topic is locked This topic is locked

#16
aswartz3

aswartz3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
2012/02/27 22:16:54 -0500 VALUED-71FC21E6 MESSAGE Starting protection
2012/02/27 22:17:07 -0500 VALUED-71FC21E6 MESSAGE Protection started successfully
2012/02/27 22:17:10 -0500 VALUED-71FC21E6 MESSAGE Starting IP protection
2012/02/27 22:17:11 -0500 VALUED-71FC21E6 ERROR IP protection failed: PfMakeLog failed with error code 21

OTL logfile created on: 2/29/2012 5:35:30 PM - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 78.54% Memory free
3.19 Gb Paging File | 2.79 Gb Available in Paging File | 87.42% Paging File free
Paging file location(s): C:\pagefile.sys 866 1712 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 25.17 Gb Free Space | 67.55% Space Free | Partition Type: NTFS
Drive D: | 288.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VALUED-71FC21E6 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/21 20:00:30 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/29 19:37:00 | 001,406,152 | ---- | M] (SpeedBit LTD) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2011/09/29 19:37:00 | 000,265,928 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 15:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 15:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/20 13:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/11/06 14:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Modules (No Company Name) ==========

MOD - [2011/05/27 15:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 15:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2003/11/06 14:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/29 19:37:00 | 000,265,928 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/11 12:02:34 | 000,263,888 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/05/07 16:18:22 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2011/03/10 09:08:22 | 000,233,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2010/08/22 21:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2007/11/29 16:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/10/30 18:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/02/11 12:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.cnz.com/search/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 29 63 71 53 DD CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\


O1 HOSTS File: ([2012/02/27 18:50:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SBCONVERT Class) - {4AF9DF3E-17A4-428F-A39E-28ADA0A3A522} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe File not found
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (SpeedBit LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1207760403906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E7F09AE-7D34-4AE8-8307-19DCB6CB6776}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{216F604B-61B7-4F28-836A-5EB420C6579E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 07:50:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/22 02:18:26 | 000,000,052 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{fdb32529-0595-11dd-96c9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{fdb32529-0595-11dd-96c9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdb32529-0595-11dd-96c9-806d6172696f}\Shell\AutoRun\command - "" = D:\Belkin_Setup_and_Monitor_Install.exe -- [2011/05/30 22:36:58 | 019,791,544 | R--- | M] ( )
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 20:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/27 20:19:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/27 20:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/27 18:50:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/21 20:00:21 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2012/02/07 20:35:08 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/02/07 20:35:08 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/02/07 20:35:07 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/02/07 20:35:03 | 000,263,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/02/07 20:35:03 | 000,160,576 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/02/07 20:35:02 | 000,233,976 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/02/07 20:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/02/07 20:34:57 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/02/07 20:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/02/07 20:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/02/07 20:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2008/07/01 00:12:45 | 000,017,280 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files - Modified Within 30 Days ==========

[2012/02/29 17:07:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 18:07:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 16:38:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/27 22:16:41 | 000,012,652 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/27 22:16:39 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1563985344-725345543-1003.job
[2012/02/27 22:15:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/27 20:19:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/27 18:53:45 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/02/27 18:50:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/26 23:24:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/26 17:06:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1563985344-725345543-1003.job
[2012/02/21 20:00:30 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2012/02/16 03:24:45 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 03:08:09 | 000,456,762 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 03:08:09 | 000,077,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 03:03:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/02/27 20:19:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 01:08:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 01:08:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/07 19:04:39 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\nuke-M.exe
[2011/06/17 21:08:15 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/31 15:42:23 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/29 17:24:44 | 000,000,596 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/27 21:05:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config.NAR01
[2011/05/27 21:05:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config.NAR00
[2011/05/21 22:55:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/21 22:55:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/12 04:01:24 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/03/27 23:47:26 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\prvlcl.dat
[2011/03/04 09:34:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2011/12/25 12:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/03/23 18:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2012/01/04 18:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2011/03/23 22:15:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/31 15:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/06 14:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/02 21:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/09/29 19:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/05/29 17:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/02/16 20:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/29 16:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG
[2011/03/23 18:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG7
[2011/05/25 17:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\DriverCure
[2011/05/07 21:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FrostWire
[2008/05/23 16:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\InterVideo
[2011/05/25 17:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\ParetoLogic
[2011/06/20 17:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Reviversoft
[2011/06/16 20:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Toolbar4
[2012/02/26 23:24:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Hi,

i did what you said and the above it what it printed out. it stopped during the scan and told me there was something dangerous in there and i quarantined it. hope that was right. my computer is still freezing up and still running slow. did the security sheild virus go away now?
  • 0

Advertisements


#17
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's see is there anything left... just to be sure.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#18
aswartz3

aswartz3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 15:27:07
-----------------------------
15:27:07.375 OS Version: Windows 5.1.2600 Service Pack 3
15:27:07.375 Number of processors: 1 586 0x209
15:27:07.375 ComputerName: VALUED-71FC21E6 UserName: Valued Customer
15:27:07.875 Initialize success
15:28:55.375 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt"


this is what you asked for i believe, i will send the second one serperatly. please let me know if the security sheild virus is gone now.
  • 0

#19
aswartz3

aswartz3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
15:22:57.0765 2784 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
15:22:58.0375 2784 ============================================================
15:22:58.0375 2784 Current date / time: 2012/03/03 15:22:58.0375
15:22:58.0375 2784 SystemInfo:
15:22:58.0375 2784
15:22:58.0375 2784 OS Version: 5.1.2600 ServicePack: 3.0
15:22:58.0375 2784 Product type: Workstation
15:22:58.0375 2784 ComputerName: VALUED-71FC21E6
15:22:58.0375 2784 UserName: Valued Customer
15:22:58.0375 2784 Windows directory: C:\WINDOWS
15:22:58.0375 2784 System windows directory: C:\WINDOWS
15:22:58.0375 2784 Processor architecture: Intel x86
15:22:58.0375 2784 Number of processors: 1
15:22:58.0375 2784 Page size: 0x1000
15:22:58.0375 2784 Boot type: Normal boot
15:22:58.0375 2784 ============================================================
15:23:00.0359 2784 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:23:00.0359 2784 \Device\Harddisk0\DR0:
15:23:00.0359 2784 MBR used
15:23:00.0359 2784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A88DD1
15:23:00.0390 2784 Initialize success
15:23:00.0390 2784 ============================================================
15:24:21.0765 2356 ============================================================
15:24:21.0765 2356 Scan started
15:24:21.0765 2356 Mode: Manual; SigCheck; TDLFS;
15:24:21.0765 2356 ============================================================
15:24:22.0187 2356 Abiosdsk - ok
15:24:22.0218 2356 abp480n5 - ok
15:24:22.0296 2356 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:24:24.0187 2356 ACPI - ok
15:24:24.0312 2356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:24:24.0531 2356 ACPIEC - ok
15:24:24.0609 2356 adpu160m - ok
15:24:24.0671 2356 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
15:24:24.0718 2356 aeaudio - ok
15:24:24.0812 2356 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:24:25.0000 2356 aec - ok
15:24:25.0109 2356 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:24:25.0171 2356 AFD - ok
15:24:25.0234 2356 AFGMp50 - ok
15:24:25.0296 2356 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
15:24:25.0359 2356 AFGSp50 - ok
15:24:25.0515 2356 AgereSoftModem (9074e4d73bb8b06758e530a20c592dac) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:24:25.0625 2356 AgereSoftModem - ok
15:24:25.0718 2356 Aha154x - ok
15:24:25.0750 2356 aic78u2 - ok
15:24:25.0781 2356 aic78xx - ok
15:24:25.0812 2356 AliIde - ok
15:24:25.0859 2356 amsint - ok
15:24:25.0906 2356 asc - ok
15:24:25.0937 2356 asc3350p - ok
15:24:25.0984 2356 asc3550 - ok
15:24:26.0062 2356 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:24:26.0250 2356 AsyncMac - ok
15:24:26.0359 2356 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:24:26.0562 2356 atapi - ok
15:24:26.0640 2356 Atdisk - ok
15:24:26.0703 2356 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:24:26.0906 2356 Atmarpc - ok
15:24:27.0031 2356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:24:27.0281 2356 audstub - ok
15:24:27.0375 2356 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:24:27.0437 2356 b57w2k - ok
15:24:27.0546 2356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:24:27.0765 2356 Beep - ok
15:24:27.0859 2356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:24:28.0093 2356 cbidf2k - ok
15:24:28.0171 2356 cd20xrnt - ok
15:24:28.0250 2356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:24:28.0453 2356 Cdaudio - ok
15:24:28.0562 2356 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:24:28.0765 2356 Cdfs - ok
15:24:28.0890 2356 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:24:29.0109 2356 Cdrom - ok
15:24:29.0187 2356 Changer - ok
15:24:29.0250 2356 CmdIde - ok
15:24:29.0296 2356 Cpqarray - ok
15:24:29.0359 2356 dac2w2k - ok
15:24:29.0421 2356 dac960nt - ok
15:24:29.0500 2356 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:24:29.0718 2356 Disk - ok
15:24:29.0859 2356 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:24:30.0093 2356 dmboot - ok
15:24:30.0218 2356 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:24:30.0421 2356 dmio - ok
15:24:30.0531 2356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:24:30.0734 2356 dmload - ok
15:24:30.0859 2356 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:24:31.0046 2356 DMusic - ok
15:24:31.0140 2356 dpti2o - ok
15:24:31.0187 2356 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:24:31.0406 2356 drmkaud - ok
15:24:31.0515 2356 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:24:31.0718 2356 E100B - ok
15:24:31.0843 2356 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
15:24:32.0031 2356 EL90XBC - ok
15:24:32.0156 2356 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:24:32.0375 2356 Fastfat - ok
15:24:32.0484 2356 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:24:32.0718 2356 Fdc - ok
15:24:32.0812 2356 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:24:33.0031 2356 Fips - ok
15:24:33.0140 2356 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:24:33.0343 2356 Flpydisk - ok
15:24:33.0484 2356 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:24:33.0687 2356 FltMgr - ok
15:24:33.0781 2356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:24:33.0984 2356 Fs_Rec - ok
15:24:34.0078 2356 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:24:34.0265 2356 Ftdisk - ok
15:24:34.0375 2356 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:24:34.0593 2356 Gpc - ok
15:24:34.0718 2356 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:24:34.0921 2356 hidusb - ok
15:24:35.0015 2356 hpn - ok
15:24:35.0078 2356 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
15:24:35.0281 2356 HSFHWBS2 - ok
15:24:35.0453 2356 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
15:24:35.0687 2356 HSF_DP - ok
15:24:35.0812 2356 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:24:35.0890 2356 HTTP - ok
15:24:36.0015 2356 i2omgmt - ok
15:24:36.0046 2356 i2omp - ok
15:24:36.0109 2356 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:24:36.0312 2356 i8042prt - ok
15:24:36.0484 2356 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:24:36.0593 2356 ialm - ok
15:24:36.0750 2356 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:24:36.0953 2356 Imapi - ok
15:24:37.0031 2356 ini910u - ok
15:24:37.0109 2356 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:24:37.0328 2356 IntelIde - ok
15:24:37.0453 2356 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:24:37.0656 2356 intelppm - ok
15:24:37.0703 2356 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:24:37.0921 2356 Ip6Fw - ok
15:24:38.0015 2356 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:24:38.0218 2356 IpInIp - ok
15:24:38.0296 2356 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:24:38.0515 2356 IpNat - ok
15:24:38.0609 2356 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:24:38.0812 2356 IPSec - ok
15:24:38.0953 2356 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:24:39.0046 2356 IRENUM - ok
15:24:39.0156 2356 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:24:39.0359 2356 isapnp - ok
15:24:39.0468 2356 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:24:39.0687 2356 Kbdclass - ok
15:24:39.0781 2356 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:24:39.0968 2356 kbdhid - ok
15:24:40.0062 2356 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:24:40.0265 2356 kmixer - ok
15:24:40.0390 2356 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:24:40.0484 2356 KSecDD - ok
15:24:40.0562 2356 lbrtfdc - ok
15:24:40.0640 2356 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:24:40.0656 2356 MBAMProtector - ok
15:24:40.0734 2356 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:24:40.0937 2356 mdmxsdk - ok
15:24:41.0031 2356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:24:41.0234 2356 mnmdd - ok
15:24:41.0343 2356 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:24:41.0546 2356 Modem - ok
15:24:41.0625 2356 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:24:41.0828 2356 MODEMCSA - ok
15:24:41.0984 2356 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:24:42.0187 2356 Mouclass - ok
15:24:42.0281 2356 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:24:42.0500 2356 mouhid - ok
15:24:42.0625 2356 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:24:42.0843 2356 MountMgr - ok
15:24:42.0953 2356 mraid35x - ok
15:24:43.0015 2356 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:24:43.0218 2356 MRxDAV - ok
15:24:43.0359 2356 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:24:43.0453 2356 MRxSmb - ok
15:24:43.0593 2356 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:24:43.0796 2356 Msfs - ok
15:24:43.0890 2356 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:24:44.0125 2356 MSKSSRV - ok
15:24:44.0218 2356 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:24:44.0406 2356 MSPCLOCK - ok
15:24:44.0500 2356 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:24:44.0703 2356 MSPQM - ok
15:24:44.0828 2356 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:24:45.0031 2356 mssmbios - ok
15:24:45.0125 2356 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:24:45.0171 2356 Mup - ok
15:24:45.0296 2356 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:24:45.0515 2356 NDIS - ok
15:24:45.0609 2356 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:24:45.0656 2356 NdisTapi - ok
15:24:45.0750 2356 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:24:45.0953 2356 Ndisuio - ok
15:24:46.0046 2356 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:24:46.0250 2356 NdisWan - ok
15:24:46.0359 2356 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:24:46.0421 2356 NDProxy - ok
15:24:46.0531 2356 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:24:46.0734 2356 NetBIOS - ok
15:24:46.0843 2356 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:24:47.0046 2356 NetBT - ok
15:24:47.0171 2356 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:24:47.0390 2356 Npfs - ok
15:24:47.0531 2356 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:24:47.0750 2356 Ntfs - ok
15:24:47.0875 2356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:24:48.0078 2356 Null - ok
15:24:48.0171 2356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:24:48.0359 2356 NwlnkFlt - ok
15:24:48.0437 2356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:24:48.0656 2356 NwlnkFwd - ok
15:24:48.0765 2356 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:24:48.0968 2356 Parport - ok
15:24:49.0046 2356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:24:49.0250 2356 PartMgr - ok
15:24:49.0328 2356 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:24:49.0515 2356 ParVdm - ok
15:24:49.0593 2356 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:24:49.0796 2356 PCI - ok
15:24:49.0859 2356 PCIDump - ok
15:24:49.0984 2356 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:24:50.0187 2356 PCIIde - ok
15:24:50.0281 2356 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:24:50.0484 2356 Pcmcia - ok
15:24:50.0593 2356 PCTCore (ccbbf4ddf14e779c2a63a1ca140663b3) C:\WINDOWS\system32\drivers\PCTCore.sys
15:24:50.0625 2356 PCTCore - ok
15:24:50.0734 2356 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
15:24:50.0765 2356 pctDS - ok
15:24:50.0875 2356 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\WINDOWS\system32\Drivers\PCTSD.sys
15:24:50.0906 2356 PCTSD - ok
15:24:50.0984 2356 PDCOMP - ok
15:24:51.0015 2356 PDFRAME - ok
15:24:51.0046 2356 PDRELI - ok
15:24:51.0078 2356 PDRFRAME - ok
15:24:51.0140 2356 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
15:24:51.0203 2356 pelmouse - ok
15:24:51.0296 2356 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
15:24:51.0328 2356 pelusblf - ok
15:24:51.0406 2356 perc2 - ok
15:24:51.0437 2356 perc2hib - ok
15:24:51.0531 2356 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:24:51.0734 2356 PptpMiniport - ok
15:24:51.0843 2356 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:24:52.0062 2356 PSched - ok
15:24:52.0171 2356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:24:52.0375 2356 Ptilink - ok
15:24:52.0468 2356 ql1080 - ok
15:24:52.0515 2356 Ql10wnt - ok
15:24:52.0562 2356 ql12160 - ok
15:24:52.0609 2356 ql1240 - ok
15:24:52.0656 2356 ql1280 - ok
15:24:52.0718 2356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:24:52.0937 2356 RasAcd - ok
15:24:53.0046 2356 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:24:53.0250 2356 Rasl2tp - ok
15:24:53.0359 2356 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:24:53.0562 2356 RasPppoe - ok
15:24:53.0656 2356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:24:53.0859 2356 Raspti - ok
15:24:54.0000 2356 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:24:54.0187 2356 Rdbss - ok
15:24:54.0265 2356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:24:54.0468 2356 RDPCDD - ok
15:24:54.0562 2356 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:24:54.0765 2356 rdpdr - ok
15:24:54.0906 2356 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:24:54.0968 2356 RDPWD - ok
15:24:55.0078 2356 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:24:55.0281 2356 redbook - ok
15:24:55.0453 2356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:24:55.0546 2356 Secdrv - ok
15:24:55.0671 2356 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:24:55.0859 2356 serenum - ok
15:24:56.0015 2356 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:24:56.0218 2356 Serial - ok
15:24:56.0359 2356 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:24:56.0546 2356 Sfloppy - ok
15:24:56.0609 2356 Simbad - ok
15:24:56.0687 2356 smwdm (eb3accc928b9d97da89e1d37928167e3) C:\WINDOWS\system32\drivers\smwdm.sys
15:24:56.0750 2356 smwdm - ok
15:24:56.0812 2356 Sparrow - ok
15:24:56.0875 2356 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:24:57.0093 2356 splitter - ok
15:24:57.0234 2356 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:24:57.0328 2356 sr - ok
15:24:57.0453 2356 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:24:57.0546 2356 Srv - ok
15:24:57.0640 2356 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:24:57.0843 2356 swenum - ok
15:24:57.0968 2356 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:24:58.0171 2356 swmidi - ok
15:24:58.0265 2356 symc810 - ok
15:24:58.0296 2356 symc8xx - ok
15:24:58.0328 2356 sym_hi - ok
15:24:58.0359 2356 sym_u3 - ok
15:24:58.0437 2356 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:24:58.0625 2356 sysaudio - ok
15:24:58.0765 2356 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:24:58.0859 2356 Tcpip - ok
15:24:58.0968 2356 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:24:59.0156 2356 TDPIPE - ok
15:24:59.0250 2356 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:24:59.0453 2356 TDTCP - ok
15:24:59.0562 2356 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:24:59.0765 2356 TermDD - ok
15:24:59.0875 2356 TosIde - ok
15:24:59.0937 2356 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:25:00.0140 2356 Udfs - ok
15:25:00.0218 2356 ultra - ok
15:25:00.0312 2356 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:25:00.0546 2356 Update - ok
15:25:00.0656 2356 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:25:00.0859 2356 usbehci - ok
15:25:00.0968 2356 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:25:01.0156 2356 usbhub - ok
15:25:01.0250 2356 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:25:01.0453 2356 usbscan - ok
15:25:01.0562 2356 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:25:01.0765 2356 USBSTOR - ok
15:25:01.0875 2356 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:25:02.0093 2356 usbuhci - ok
15:25:02.0203 2356 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:25:02.0406 2356 VgaSave - ok
15:25:02.0453 2356 ViaIde - ok
15:25:02.0515 2356 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:25:02.0750 2356 VolSnap - ok
15:25:02.0890 2356 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:25:03.0109 2356 Wanarp - ok
15:25:03.0187 2356 WDICA - ok
15:25:03.0265 2356 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:25:03.0468 2356 wdmaud - ok
15:25:03.0625 2356 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
15:25:03.0843 2356 winachsf - ok
15:25:04.0015 2356 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:25:04.0078 2356 WpdUsb - ok
15:25:04.0187 2356 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:25:04.0375 2356 WS2IFSL - ok
15:25:04.0484 2356 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:25:04.0546 2356 WudfPf - ok
15:25:04.0656 2356 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:25:04.0703 2356 WudfRd - ok
15:25:04.0765 2356 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:25:05.0000 2356 \Device\Harddisk0\DR0 - ok
15:25:05.0000 2356 Boot (0x1200) (6978e44a122ed79ade81ba5b8ac8fba3) \Device\Harddisk0\DR0\Partition0
15:25:05.0000 2356 \Device\Harddisk0\DR0\Partition0 - ok
15:25:05.0015 2356 ============================================================
15:25:05.0015 2356 Scan finished
15:25:05.0015 2356 ============================================================
15:25:05.0140 3532 Detected object count: 0
15:25:05.0140 3532 Actual detected object count: 0
  • 0

#20
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi aswartz3,

Infection is gone. Let's try to speed your system a little bit.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image
  • 0

#21
aswartz3

aswartz3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i ran the de frag program and did what you said.

my computer is still really slow two to three min between screens and i have now been getting a lot of pop up ads which i never got before. i had disabled teatimer on the first thing you told me to do. should i enable that again? just still running extrememly slow and it didnt use to be before that darn security sheild virus. you have been very patient and helpful and i thank you so much. is there anything else i should do?
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi aswartz3,

We will try everything what we can. Let's try this steps.

Step 1

Please download ResetDMS from the link bellow. You must right click on the link and choose Save as.... Save it as resetdma.vbs on your desktop

ResetDMS

Double click it to run it. Restart your system and see is there any difference in speed.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe &amp; follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#23
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP