Forum Home |  MWR University |  New to the Board? |  IRC Chatroom |  Who Runs This Site? |  ASAP Members |  Microsoft MVP Members |  Downloads |  Good & Bad P2P Programs |  Our Rules

MalWare Removal Forum

Malware Removal University - Teaching people how to support those with infected computers - Teaching them to never give up untill your computer is clean and secure.

Tutorials (etc.) : Boot to Safe Mode - Safely - What to do if your Computer's running slowly
It is currently Wed 22 May, 2013 12:40 pm

View unanswered posts | View active topics


Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Forum rules


Please read > >THIS ANNOUNCEMENT< < before posting your NEW topic about your problem.

Please do NOT reply to your topic until a staff member has responded as they are looking for topics that have ZERO replies.

Paste your logs into your post. DO NOT USE ATTACHMENTS! Logs posted as attachments will be ignored and the topic will be closed.

If no expert has replied after 3 days, and you still require assistance, please post in our 72 hour bump room > > CLICK HERE < < Please do NOT reply to your own topic in an attempt to "bump" it. Bumped topics will be closed, requiring you to start again from the beginning.

If you are being helped and you haven't replied to your helper within 3 days of their last post, your topic will be closed as inactive. If that happens, you will need to start a new topic when you have the time available to promptly complete all instructions.

If your topic has been closed due to inactivity, do NOT request that your topic be reopened - we do NOT reopen topics unless they have been closed in error - you will need to start a NEW topic with NEW DDS logs. Do NOT attempt to start a new topic with a post that is essentially a reply to your closed topic.



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 2 of 2
  [ 22 posts ]  Go to page Previous  1, 2
  Previous topic | First unread post | Next topic 
Author Message
askey127
 Post subject: Re: Faulting application svchost.exe, version 5.1.2600.5512
New postPosted: Thu 29 Mar, 2012 12:30 pm 
Offline
Admin/Teacher
Admin/Teacher
User avatar

Joined: Sun 17 Apr, 2005 8:25 pm
Posts: 13439
Location: New Hampshire USA
orepsam,
The copy/paste routine you used for the TDSSKiller log was the correct way to post a text log.
(We do not need attachment uploads at all).
--------------------------------------------------------
Run DDS
Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it doesn't allow it, please turn off your AntiVirus first.
  • Double click DDS.scr to run it; give permission if necessary, and wait for the scan to finish
  • As the scan nears completion, DDS.txt will open.
  • DDS will continue scanning
  • When DDS is finished scanning, a second text file named Attach.txt will also open.
  • Please ignore the pop up instruction to zip and attach the Attach.txt file.
  • Save both the DDS.txt and the Attach.txt files to your desktop.
  • Copy and paste the contents of the Attach.txt and DDS.txt files in your next reply.
  • Use separate replies if you wish.
askey127

Top
 Profile  
 
orepsam
 Post subject: Re: Faulting application svchost.exe, version 5.1.2600.5512
New postPosted: Fri 30 Mar, 2012 6:58 am 
Offline
Active Member

Joined: Fri 16 Mar, 2012 11:31 am
Posts: 12
Hi Askey
Here goes more of your web space!
Over and out for a while-- last day at work and changed my e-mail. However, my first few attempts to log on from home did not work.
I'll keep trying!
" .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ADSL USB Modem
Agere Systems AC'97 Modem
ATI Display Driver
CCleaner
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
ESET NOD32 Antivirus
Garmin BaseCamp
Garmin MapSource
Garmin nRoute
Garmin USB Drivers
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
IBM ThinkPad Power Management Driver
IBM ThinkPad UltraNav Driver
Intel(R) PRO Network Connections Drivers
Java 2 Runtime Environment, SE v1.4.1_07
Java Web Start
Logitech Print Service
Logitech Webcam Software
Logitech Webcam Software Driver Package
MapSource
MapSource - City Select Europe v7 Update
MapSource - European City Select v6
MapSource Product Install
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft WSE 3.0 Runtime
MSVC80_x86
Nokia Connectivity Cable Driver
PC Connectivity Solution
Quick Bridge (remove only)
Rapport
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skype™ 5.1
SMS Advanced Client
T4A Maps Traveller's Africa
TreeSize Free V2.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
ZipCentral 4.01
.
==== End Of File ===========================
And the next one:
" .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jen at 18:30:51 on 2012-03-29
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mweb.co.za/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4 ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4 ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: Interfaces\{4E7BB365-FB6E-458E-82BB-E02041B20F7E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BDA64BE5-DB1B-4FE8-AE97-6B4A4FFB8C8F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CD83DDD8-8BF4-4353-ABC7-B9EFE934A09F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EA2A06F8-B157-4D6D-96C1-F497EAAED2E8} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\jen\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 168.210.129.2 commerce.sars.gov.za
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-03-17 09:36:56 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2012-03-17 09:36:56 483840 ----a-w- c:\windows\system32\dllcache\wzcsvc.dll
2012-03-14 15:45:04 -------- d-----w- C:\Garmin
2012-03-13 16:42:31 49152 ------w- c:\windows\system32\INETWH32.dll
2012-03-13 16:42:31 1089536 ------w- c:\windows\system32\ROBOEX32.DLL
2012-03-13 16:35:10 -------- d-----w- c:\documents and settings\jen\local settings\application data\Garmin
2012-03-13 16:34:55 -------- d-----w- c:\documents and settings\jen\application data\Garmin
2012-03-13 16:34:55 -------- d-----w- c:\documents and settings\all users\application data\Garmin
2012-03-13 16:34:40 -------- d-----w- c:\documents and settings\jen\local settings\application data\GARMIN_Corp
2012-03-13 16:32:36 -------- d-----w- c:\program files\Garmin
2012-03-13 15:51:33 -------- d-----w- C:\GPS 4 X 4
2012-03-13 13:46:00 371272 ----a-r- c:\documents and settings\jen\application data\microsoft\installer\{e633d396-5188-4e9d-8f6b-bfb8bf3467e8}\SkypeIcon.exe
2012-03-12 18:01:19 -------- d-----w- c:\program files\Eset
2012-03-12 16:34:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-12 16:34:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-12 16:19:08 -------- d-----w- c:\program files\Tracks4Africa
2012-03-12 16:19:08 -------- d-----w- c:\program files\ParetoLogic
2012-03-11 19:42:04 -------- d-----w- c:\documents and settings\jen\application data\JAM Software
2012-03-11 19:41:38 -------- d-----w- c:\program files\JAM Software
2012-03-05 06:59:11 -------- d-----w- c:\documents and settings\jen\local settings\application data\Trusteer
2012-03-04 19:01:20 123 ----a-w- c:\windows\TMPCPYIS.BAT
2012-03-04 19:01:20 122 ----a-w- c:\windows\TMPDELIS.BAT
2012-03-04 19:01:19 26 ----a-w- c:\windows\WINSTART.BAT
2012-03-04 18:59:59 57328 ----a-w- c:\windows\system\OLE2CONV.DLL
.
==================== Find3M ====================
.
2012-03-12 12:29:14 299392 ----a-w- c:\windows\system32\imon(2).dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:32:50.03 ===============
_________________

Top
 Profile E-mail  
 
askey127
 Post subject: Re: Faulting application svchost.exe, version 5.1.2600.5512
New postPosted: Fri 30 Mar, 2012 12:45 pm 
Offline
Admin/Teacher
Admin/Teacher
User avatar

Joined: Sun 17 Apr, 2005 8:25 pm
Posts: 13439
Location: New Hampshire USA
orepsam,
Tell me how important the Rapport Trusteer program is for you.
It has been known to cause undesirable side effects, and it makes fixing a PC online extremely difficult.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Java 2 Runtime Environment, SE v1.4.1_07
Take extra care in answering questions posed by any Uninstaller.
-------------------------------------------------------
Check Status of System Restore
Got to Start, Settings, Control Panel or Start Control Panel and double click on System
Click the System Restore and verify that the status of all your drives status is listed as Monitoring.
If not, Highlight your main system drive, (usually C:\) click the Settings button, and start System Restore. Click OK, then OK again.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix..
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Quote:
    DISABLE ESET NOD32 ANTIVIRUS
    Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
    • click it -> click on the Imagebutton.
    • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
    NOD32 Guard is now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your Antivirus protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.

Let me know how it goes.
askey127

Top
 Profile  
 
orepsam
 Post subject: Re: Faulting application svchost.exe, version 5.1.2600.5512
New postPosted: Mon 02 Apr, 2012 8:13 am 
Offline
Active Member

Joined: Fri 16 Mar, 2012 11:31 am
Posts: 12
Hi Askey
Just a bit of catch-up.
I've retired as of last Friday. Since then, I have re-registered my association with MWR under my new e-mail, and duly received your notification of a reply at my home e-mail.
BUT I can't access the MWR website from home--it just tells me the page can't be found, but the diagnoststic says no problem with connection, "... try different spelling...etc.". (that's not the problem, the MWR link works fine from my work computer, as you can see from this reply.) However, I obviously won't be able to just pop into the office much more!
If you have any thoughts, could you possible e-mail what I should try--q_jenpet_m@mweb.co.za. I tried to link with you on facebook--I could see evidence of you but no apparent way of dropping you a note.
Now for your latest:
Rapport is not critical to me, it is my banking protection, and can easily be re-installed once we have recovered.
In your instructions you say make sure connected to the internet as Combofix needs a connection. I don't have connectivity on the laptop any more--probably the on board network card (or the thingy that enables a USB cable link to my ADSL modem) has been de-activated at some stage during early treatment steps in the laptop's 'hospitalisation'.
Just to remind you, the USB port does work--wireless mouse and transfers from flash drive.
Kind regards
_________________

Top
 Profile E-mail  
 
orepsam
 Post subject: Re: Faulting application svchost.exe, version 5.1.2600.5512
New postPosted: Mon 02 Apr, 2012 8:17 am 
Offline
Active Member

Joined: Fri 16 Mar, 2012 11:31 am
Posts: 12
ps
I noticed on reading that my hyperlink was wrongly put in after sending, this is the correct one q_jenpet_m@mweb.co.za
Thanks

Top
 Profile E-mail  
 
askey127
 Post subject: Re: Faulting application svchost.exe, version 5.1.2600.5512
New postPosted: Mon 02 Apr, 2012 12:32 pm 
Offline
Admin/Teacher
Admin/Teacher
User avatar

Joined: Sun 17 Apr, 2005 8:25 pm
Posts: 13439
Location: New Hampshire USA
orepsam,
I am not on Facebook, at all, and do not have an account there.

Unfortunately, I don't know everything that went on between you and Microsoft, so I don't know what was done to break your Internet connection.
-----------------------------------------------------------
Check Hard Disk For Errors
Press Start->Run, then type or copy/paste the following command into the box and press OK:
Code:
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.

If you type it in, be sure all the spaces are there. For example, here is the line, with a plus sign (+) to show where the spaces should be:
cmd+/c+chkdsk+c:+|find+/v+"percent"+>>+"%userprofile%\desktop\checkhd.txt"

A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Trusteer
Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine

Make sure the wireless switch/button is activated, and check for connectivity.

askey127

Top
 Profile  
 
askey127
 Post subject: Re: Faulting application svchost.exe, version 5.1.2600.5512
New postPosted: Thu 05 Apr, 2012 12:31 pm 
Offline
Admin/Teacher
Admin/Teacher
User avatar

Joined: Sun 17 Apr, 2005 8:25 pm
Posts: 13439
Location: New Hampshire USA
Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum, include a
fresh DDS log, and wait for a new helper.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 2 of 2
  [ 22 posts ]  Go to page Previous  1, 2

Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Who is online

Users browsing this forum: No registered users and 14 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.

Member site: Alliance of Security Analysis Professionals | UNITE Against Malware

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group