Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have malware :-(

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have malware :-(

Unread postby tophersordz » May 17th, 2011, 4:38 am

I have an ASUS laptop that is definitely infected with malware. I have tried a few things get rid of it but at the moment I am beaten.

I would describe myself as having a 'medium' level of computer ability.

I'm going to write down all I can to help anybody who thinks they might be able to help me - sorry if it's longwinded but we just want our problems fixed.

THE PROBLEM

I think it started when we downloaded a video via a torrent from the internet (it was NOT porn!) that wouldn't play unless we downloaded an addon for our videoplayer (we were using winamp at the time). Being a little naive we clicked yes, something downloaded to our computer and the problems began from there. (The video still didn't play!)

We run our internet browser and every now and again we'll click a link and we'll be pulled to a completely different website in a classic malware kind of way. It seems to happen more when we click links after performing a search but this is not exclusive. Newspaper websites and html email accounts seem to always work. It gets worse as time goes by - the first ten minutes after a system restart are fine if we log into our browser straight away and use it but after about this period of time the frustration starts. The malware (almost) always opens in a new tab, not a completely new browser window and happens regardless of whether we are using iexplorer, chrome or firefox.

Having some knowledge of what this was we started to attempt to clean our computer. We are running a version of Nortons (we weren't at the time of the original infection for some reason) but it didn't seem to find anything on our hard drive. After switching it on we didn't see much of an improvement but quite often a "phishing attempt" warning will pop up in our browser window. When we click on it it'll come up with a report that says

An intrusion attempt by ringo-r0ads was blocked

also giving time and details. The attempts are always by different websites (lingvo0barcode, or some other random bunch of names/websites) but its always classed by nortons as a tidserv activity.

After running a full scan etc etc we tried downloading a few anti malware programs. It was very difficult to get any of these programs to run as the malware seems to block them. We tried a lot of things that were suggested - renaming files, creating new users, running direct from a usb, an html based scanner and ended up getting most programs to run. Malwarebytes found a few infections and performed a clean as did a few others - but none of them worked to the point where the malware is gone. It was bringing up a fake Windows Security Window and giving me the opportunity to buy some type of program fix at first but one of the malware flushers got rid of that and we haven't seen that aspect of it since.

At this point we made the decision to format the computer and reinstall windows. This notebook is communal and it's data isn't as important to us as it's functionality. We have two cd's with the notebook - an ASUS driver and utility cd and an ASUSTEK Windows Vista recovery CD. We ran the cd in from the start that began the 'recovery' process and reinstalled windows and our drivers. It should be noted at this point that the process offered us three option in regards to partitioning the drive but only the option "no partitioning" made the process actually work. This seemed strange, which is why I mention it.

After going through this process - and not entering any possibly infected usb stick into the computer - we ended up with a fresh version of vista. All of our data expunged.......YET STILL WITH MALWARE ON IT! I am smart enough to know that however this process works we didn't format the thing completely or properly but I am still pretty impressed with this malware that it can survive that process. None of our saved data did.

After that we decided to upload the service pack 2 for Vista. We got it on eventually but...still malware everywhere.

Running programs can be difficult but seems to work best if you run or install whatever the program is immediately after restart. This malware seems smart enough to kill anything off that looks like it's going to attack it. For instance, at the moment when I try run Malwarebytes it returns a "Runtime Error 0" message.

Lastly, we keep getting the following message after a five or ten minute period after startup. The malware is still there before and after it pops up but definitely gets worse after it does pop up:

HOST PROCESS FOR WINDOWS SERVICES STOPPED WORKING AND WAS CLOSED

A PROBLEM CAUSED THE APPLICATION TO STOP WORKING CORRECTLY.

WINDOWS WILL NOTIFY YOU IF A SOLUTION IS AVAILABLE.

Here are our logs. I am happy to reformat this computer properly if that will be the easiest and quickest way, as we basically already have and have no data to lose. Whether our ASUS software allows us to do this is the question.

Please help me!


DDS.TXT

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 17:34:00.96 on Tue 17/05/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.2084 [GMT 10:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ACEngSvr.exe
C:\ASUS.SYS\DVMExportService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\dds.scr
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe"
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Skytel] Skytel.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{dc905847-d537-427f-bf91-47cc7accde58}\_DF3A81D17C478A2A6C60A5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2011-5-14 15416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20110510.002\IDSvix86.sys [2011-5-14 287792]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-7 149864]
R2 MDES;DVM Meta Data Export Service;c:\asus.sys\DVMExportService.exe [2008-10-22 307200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2011-5-14 48128]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-2-5 41008]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-5-14 29736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2011-5-14 1245064]
.
=============== Created Last 30 ================
.
2011-05-17 07:29:57 -------- d--h--w- C:\dvmexp
2011-05-17 07:05:51 -------- d-----w- c:\windows\system32\eu-ES
2011-05-17 07:05:51 -------- d-----w- c:\windows\system32\ca-ES
2011-05-17 07:05:50 -------- d-----w- c:\windows\system32\vi-VN
2011-05-17 06:56:21 -------- d-----w- c:\windows\system32\SPReview
2011-05-17 06:46:17 928768 ----a-w- c:\windows\system32\scavenge.dll
2011-05-17 06:46:09 57856 ----a-w- c:\windows\system32\compcln.exe
2011-05-17 06:44:59 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-05-17 06:34:33 -------- d-----w- c:\windows\system32\EventProviders
2011-05-17 06:27:17 -------- d-----w- C:\cd5df04fab958835183766d5a93e
2011-05-17 05:52:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 07:05:51 -------- d-----w- c:\program files\IZArc
2011-05-16 03:00:19 -------- d-----w- c:\program files\uTorrent
2011-05-16 02:46:44 -------- d-----w- c:\users\user\appdata\roaming\uTorrent
2011-05-14 07:02:33 -------- d--h--w- C:\ASUS.SYS
2011-05-14 07:02:29 -------- d--h--w- C:\temp
2011-05-14 07:02:03 -------- d-----w- c:\program files\Downloaded Installations
2011-05-14 06:54:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-05-14 06:49:03 -------- d--h--w- C:\ASUS.DAT
2011-05-14 06:48:42 33136 ----a-w- c:\windows\ASScrPro.exe
2011-05-14 06:48:31 4814371 ----a-w- c:\windows\ASUS Camera ScreenSaver.exe
2011-05-14 06:48:31 47672 ----a-w- c:\windows\AsScrProlog.exe
2011-05-14 06:48:31 281144 ----a-w- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2011-05-14 06:48:30 520192 ----a-w- c:\windows\system32\Asus_Camera_ScreenSaver.scr
2011-05-14 06:48:30 -------- d-----w- c:\windows\system32\Asus_Camera_ScreenSaver dir
2011-05-14 06:47:51 155648 ----a-w- c:\windows\system32\ACEngSvr.exe
2011-05-14 06:46:07 -------- d-----w- c:\program files\P4G
2011-05-14 06:46:06 -------- d-----w- c:\progra~2\P4G
2011-05-14 06:44:48 32768 ----a-w- c:\windows\system32\TPESetting.dll
2011-05-14 06:44:48 106496 ----a-w- c:\windows\system32\ASUSTPE.exe
2011-05-14 06:44:16 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-05-14 06:44:15 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-05-14 06:44:15 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-05-14 06:44:15 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-05-14 06:44:15 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-05-14 06:43:46 15416 ----a-w- c:\windows\system32\drivers\lullaby.sys
2011-05-14 06:43:17 29752 ----a-w- c:\windows\system32\drivers\AsDsm.sys
2011-05-14 06:42:37 -------- d-----w- c:\program files\ATKGFNEX
2011-05-14 06:41:40 -------- d-----w- c:\program files\Synaptics
2011-05-14 06:38:33 81920 ----a-w- c:\windows\PGMONITOR.EXE
2011-05-14 06:38:04 262144 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-14 06:38:03 4754432 ----a-w- c:\windows\system32\atiumdva.dll
2011-05-14 06:38:01 4033536 ----a-w- c:\windows\system32\atiumdag.dll
2011-05-14 06:38:01 331776 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-14 06:38:01 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-05-14 06:38:00 81920 ----a-w- c:\windows\system32\ATIODE.exe
2011-05-14 06:38:00 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-05-14 06:38:00 10981376 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-14 06:37:59 98304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-14 06:37:59 720896 ----a-w- c:\windows\system32\Ati2evxx.exe
2011-05-14 06:37:59 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-14 06:37:59 50688 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-14 06:37:59 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-14 06:37:59 425984 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-14 06:37:59 4179968 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-14 06:37:59 274432 ----a-w- c:\windows\system32\Ati2evxx.dll
2011-05-14 06:37:59 2340352 ----a-w- c:\windows\system32\atidxx32.dll
2011-05-14 06:31:33 29736 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2011-05-14 06:31:33 100392 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-05-14 06:31:32 81960 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-05-14 06:31:32 17320 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-05-14 06:31:29 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-05-14 06:31:29 15928 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2011-05-14 06:31:24 -------- d-----w- c:\windows\system32\es-MX
2011-05-14 06:31:24 -------- d-----w- c:\windows\system32\es-AR
2011-05-14 06:31:22 -------- d-----w- c:\program files\WIDCOMM
2011-05-14 06:29:53 -------- d-----w- c:\program files\Wireless Console 2
2011-05-14 06:29:17 386 ----a-w- c:\windows\Uninstuxga.reg
2011-05-14 06:29:17 386 ----a-w- c:\windows\Uninstsxga.reg
2011-05-14 06:29:17 384 ----a-w- c:\windows\Uninstvga.reg
2011-05-14 06:29:17 2052 ----a-w- c:\windows\Uninstvga.bat
2011-05-14 06:29:17 1682 ----a-w- c:\windows\Uninstuxga.bat
2011-05-14 06:29:17 1580 ----a-w- c:\windows\Uninstsxga.bat
2011-05-14 06:29:16 28672 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2011-05-14 06:29:16 1752704 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2011-05-14 06:29:16 11776 ----a-w- c:\windows\DrvInst.exe
2011-05-14 06:28:38 -------- d-----w- c:\program files\Multimedia Card Reader
2011-05-14 06:27:18 1048576 ---ha-r- C:\F50SLAS.BIN
2011-05-14 06:27:16 48128 ----a-w- c:\windows\system32\drivers\SiSGB6.sys
2011-05-14 06:27:15 7680 ----a-w- c:\windows\system32\drivers\ATKACPI.sys
2011-05-14 06:26:29 -------- d-----w- c:\program files\Dolby
2011-05-14 06:17:47 -------- d-----w- c:\program files\Norton Internet Security
2011-05-14 06:17:09 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-14 06:17:01 -------- d-----w- c:\program files\Symantec
2011-05-14 06:16:46 -------- d-----w- c:\progra~2\Symantec
2011-05-14 06:16:44 -------- d-----w- c:\program files\common files\Symantec Shared
2011-05-14 06:15:59 -------- d-----w- c:\program files\ASUS
2011-05-14 06:15:36 -------- d-----w- c:\program files\ATK Hotkey
2011-05-14 06:11:56 0 ----a-w- c:\windows\ativpsrm.bin
2011-05-14 06:07:39 -------- d-----w- c:\program files\ATK
2011-05-14 05:48:49 -------- d-----w- c:\program files\ATI
2011-05-14 05:48:46 -------- d-----w- c:\program files\ATI Technologies
2011-05-14 05:48:45 -------- d-sh--w- c:\windows\Installer
2011-05-14 00:19:45 -------- d-----w- c:\users\user\appdata\local\Google
2011-05-14 00:18:41 -------- d-----w- c:\users\user\appdata\local\Deployment
2011-05-14 00:18:41 -------- d-----w- c:\users\user\appdata\local\Apps
2011-05-13 17:15:25 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2011-05-13 14:18:24 -------- d-----w- c:\users\user\appdata\local\ATI
2011-05-13 14:18:14 -------- d-----w- c:\users\user\appdata\roaming\Symantec
2011-05-13 14:16:20 -------- d-----w- c:\users\user\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2011-05-14 06:25:26 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-14 06:25:16 315392 ----a-w- c:\windows\HideWin.exe
2008-07-02 02:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 17:36:00.75 ===============

ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 14/05/2011 3:44:20 PM
System Uptime: 17/05/2011 5:28:51 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | F50SL
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU 1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 129.19 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AppCore
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear eXtreme
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
Asus_Camera_ScreenSaver
Atheros Client Installation Program
ATI Catalyst Install Manager
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ccCommon
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Component Framework
Dolby Control Center
Express Gate
Google Chrome
IZArc 4.1.6
LiveUpdate (Symantec Corporation)
Microsoft Visual C++ 2005 Redistributable
Multimedia Card Reader
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Realtek High Definition Audio Driver
Skins
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
USB 2.0 1.3M UVC WebCam
WIDCOMM Bluetooth Software
WinFlash
Wireless Console 2
.
==== Event Viewer Messages From Past Week ========
.
17/05/2011 4:58:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
17/05/2011 4:58:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
17/05/2011 4:35:40 PM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a0d.
17/05/2011 4:21:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
17/05/2011 4:20:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
16/05/2011 5:09:03 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.1.1.9. The computer with the IP address 10.1.1.2 did not allow the name to be claimed by this computer.
16/05/2011 10:47:11 AM, Error: EventLog [6008] - The previous system shutdown at 10:43:58 AM on 16/05/2011 was unexpected.
15/05/2011 10:48:34 PM, Error: EventLog [6008] - The previous system shutdown at 5:55:45 PM on 15/05/2011 was unexpected.
14/05/2011 5:09:26 PM, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The RPC server is unavailable.
14/05/2011 5:09:26 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The RPC server is unavailable.
.
==== End Of File ===========================
tophersordz
Active Member
 
Posts: 1
Joined: May 17th, 2011, 2:07 am
Advertisement
Register to Remove

Re: I have malware :-(

Unread postby MWR 3 day Mod » May 20th, 2011, 5:11 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: I have malware :-(

Unread postby deltalima » May 22nd, 2011, 5:36 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware