52 replies to this topic

[brooklynsystems]

I did uninstall adaware- so any notices about that can be disregarded. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/1/2008 4:33:24 AM System Uptime: 1/20/2010 12:43:55 PM (4 hours ago) Motherboard: BIOSTAR Group | | TPower I45 Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2402/267mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 466 GiB total, 384.027 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_31061565&REV_00\3&11583659&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_31061565&REV_00\3&11583659&0&FB Service: ==== System Restore Points =================== RP1: 1/13/2010 10:47:11 AM - System Checkpoint RP2: 1/13/2010 11:45:17 AM - Installed SUPERAntiSpyware Free Edition RP3: 1/14/2010 1:04:17 PM - Removed Rosetta Stone V3. RP4: 1/14/2010 1:06:52 PM - Removed Styler RP5: 1/16/2010 1:03:35 PM - Installed Windows XP Service Pack 3. RP6: 1/17/2010 1:12:33 PM - System Checkpoint RP7: 1/18/2010 3:54:54 PM - Installed Windows XP -- Software Updates KB952011. RP8: 1/19/2010 8:44:26 PM - System Checkpoint ==== Installed Programs ====================== µTorrent 2007 Microsoft Office Suite Service Pack 1 (SP1) AC3Filter (remove only) Acrobat.com Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9.1 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AIM Lite 0.33 AirPort Alky for Applications (Windows XP) Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver AutoPlay Media Studio 7.0 Avira AntiVir Personal - Free Antivirus Babylon BlackBerry Desktop Software 4.7 BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone Bonjour Brother MFL-Pro Suite CCleaner ERUNT 1.1j ESET Online Scanner v3 FlvRecorder FreeRIP v3.1 Google Chrome HijackThis 2.0.2 Image Resizer Powertoy for Windows XP ImgBurn InterVideo XPack (DVD Only) iTunes Java™ 6 Update 10 Kels' CPL Bonus Pack! Malwarebytes' Anti-Malware Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2007 Recent Documents Gadget Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Mozilla Firefox (3.0.17) Nero 8 neroxml PDF Settings Picasa 3 PokerStars PostgreSQL 8.3 PowerISO QuickTime Realtek High Definition Audio Driver Roxio Media Manager Spybot - Search & Destroy SUPERAntiSpyware Free Edition Tweak UI VCRedistSetup Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.2 WebFldrs XP Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Sidebar WinPcap 4.0 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 1/20/2010 12:45:09 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified. 1/19/2010 9:54:27 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SamSs service. 1/19/2010 9:53:57 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ProtectedStorage service. 1/19/2010 9:53:27 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service. 1/19/2010 9:52:27 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirService service. 1/18/2010 5:23:25 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirScheduler service. 1/18/2010 4:33:12 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 1/18/2010 4:26:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service. 1/14/2010 9:37:58 AM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 1/14/2010 6:41:46 PM, error: PlugPlayManager [11] - The device Root\LEGACY_RIPYO\0000 disappeared from the system without first being prepared for removal. 1/14/2010 6:31:23 PM, error: Service Control Manager [7034] - The PostgreSQL Database Server 8.3 service terminated unexpectedly. It has done this 1 time(s). 1/14/2010 12:59:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect. 1/14/2010 12:59:06 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 1/14/2010 12:59:06 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 1/14/2010 1:01:02 PM, error: Service Control Manager [7034] - The Roxio Upnp Server 9 service terminated unexpectedly. It has done this 1 time(s). 1/14/2010 1:01:02 PM, error: Service Control Manager [7034] - The LiveShare P2P Server 9 service terminated unexpectedly. It has done this 1 time(s). 1/13/2010 12:10:36 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists. 1/13/2010 10:44:58 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). 1/13/2010 10:44:58 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. ==== End Of File ===========================

[jpshortstuff]

Nothing stands out of that. Was the crash around 10pm? Has it only done it once?

Does GMER still cause problems if you run it with Files checked?

[brooklynsystems]

GMER ran completely, with files checked. Haven't had anything weird happen since that night.

[jpshortstuff]

Sounds good, just a one-off crash then. These things happen sometimes. Only thing I can see from your logs now is that Java could do with an update, you can do so via Java's icon in your Control Panel. I will give you an extra day or so just to use the computer as normal and make sure there are no more problems at all, then we can uninstall the tools and clean up. The reason why it is important to be sure everything is fine and normal before uninstalling our tools is that when they go, they take their backups with them.

[brooklynsystems]

Haven't seen anything funny really- on fri night the computer got real slow- 100% CPU usage again- the following were using the cpu: lsass.exe 25% wuauclt.exe 24% avgnt.exe 25% svchost.exe 17% after a reboot the computer has been running for quite a few days now with no problems.

[jpshortstuff]

Hi,

wuauclt.exe is a Windows Update file, so could've just been the computer downloading or checking for updates, with AVG monitoring it closely. Nothing malicious as far as I can see.

Click Start >> Run, and then type ComboFix /Uninstall and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.

Now that your system appears to be clean, there's just a few steps I'd like you to take to prevent any future infections.

• Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.
  
  
• Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.
  
  
• Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff

[brooklynsystems]

I am completely satisfied- thanks so much for your assistance. I hope to be able to help people out in the future myself. Gonna sign up for the class.

[jpshortstuff]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.