Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected

Unread postby hubert » March 20th, 2011, 2:59 pm

Hi,

Please if you will, help me. I am currently trying to clean up an elderly couple's computer. It started when there password would not work while trying to connect to AOL. AoL sent them a new install disk, which still did not work. Windows has not been updated. It is still running Service pack 1. Any help would be greatly appreciated, for they cannot afford to take it to a computer repair shop. I ran a quick and full scan with malwarebytes. Ran combofix in safemode with networking from the flash drive. I know I should not have ran combofix on my own, but I did save the log. I then installed Avast free, did a scan which again found numerous items. Did not update or register the product, for fear of connecting the computer to the internet.

Best for me to turn to the experts
Thank you in advance for your time.

hubert

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by PATRICIA ANDERS at 13:13:04.62 on Sat 03/19/2011
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.126.23 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\slmss\slmss.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\mdvnii.exe
C:\WINDOWS\System32\a3d55481.exe
C:\WINDOWS\Nsda.exe
C:\WINDOWS\System32\AVWAV034.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\AOL\1189718484\ee\AOLSoftware.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Documents and Settings\PATRICIA ANDERS\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.crawler.com/?tbid=61000
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=61000
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_custo ... TbId=61000
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: {47e75560-e9a1-e35e-88fd-c36937f2d9cf} - c:\windows\system32\qyevfu.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [slmss] c:\program files\common files\slmss\slmss.exe
mRun: [mswspl]
mRun: [aqadcup] c:\windows\aqadcup.exe
mRun: [stcinstaller] c:\installer\id53.exe
mRun: [Xuia] c:\windows\mdvnii.exe
mRun: [fncsO] c:\documents and settings\patricia anders\local settings\temp\fncsO.exe
mRun: [f43b68d80286] c:\windows\system32\a3d55481.exe
mRun: [eaur] c:\windows\Nsda.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [HostManager] c:\program files\common files\aol\1189718484\ee\AOLSoftware.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
IE: Crawler Search - tbr:iemenu
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-10-27 138752]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-4-1 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-4-1 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2004-3-6 106496]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2004-3-6 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2004-3-6 23296]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-18 38224]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-4-1 245760]
SUnknown WinToolsSvc;WinToolsSvc; [x]
.
=============== Created Last 30 ================
.
2011-03-18 20:08:36 -------- d-----w- c:\docume~1\patric~1\applic~1\Malwarebytes
2011-03-18 20:08:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-18 20:08:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 20:08:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 19:36:59 21760 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
.
============= FINISH: 13:14:05.85 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2004 5:51:47 PM
System Uptime: 3/20/2011 4:15:10 AM (8 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2393/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 68.547 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_MUGSFDD_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_MUGSFDD_XX
Service: mugsfdd
.
==== System Restore Points ===================
.
RP50: 2/25/2011 3:32:59 PM - Restore Operation
RP51: 3/3/2011 3:23:20 PM - System Checkpoint
RP52: 3/15/2011 9:37:20 PM - System Checkpoint
RP53: 3/18/2011 3:35:42 PM - System Checkpoint
RP54: 3/19/2011 3:42:52 AM - Removed Java 2 Runtime Environment, SE v1.4.2
RP55: 3/19/2011 12:44:42 PM - Spyware Terminator - restore point
RP56: 3/19/2011 1:31:24 PM - Installed HiJackThis
RP57: 3/20/2011 11:07:42 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
avast! Free Antivirus
Banctec Service Agreement
BCM V.92 56K Modem
Broadcom Management Programs
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support
EarthLink Setup Files
Help and Support Customization
HiJackThis
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
MUSICMATCH® Jukebox
QuickTime
RealOne Player
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Support Software
Update for Windows XP (KB898461)
Viewpoint Media Player
WebFldrs XP
Windows XP Hotfix - KB817611
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB826959
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
3/20/2011 4:17:31 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/20/2011 4:17:31 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
3/20/2011 4:17:31 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/19/2011 12:11:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/19/2011 11:35:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor sp_rsdrv2
3/19/2011 11:29:51 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
3/18/2011 10:59:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/18/2011 10:58:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss sp_rsdrv2 Tcpip
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The Spyware Terminator Realtime Shield Service service depends on the Spyware Terminator Driver 2 service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:57:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/15/2011 4:08:33 PM, error: Service Control Manager [7000] - The WinTools for IE service service failed to start due to the following error: The system cannot find the file specified.
3/15/2011 3:22:33 PM, error: Service Control Manager [7000] - The ATWPKT2 service failed to start due to the following error: Access is denied.
.
==== End Of File ===========================
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm
Advertisement
Register to Remove

Re: Infected

Unread postby Carolyn » March 21st, 2011, 7:37 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.


Download and Run a Diagnostic Tool (MGADiag.exe) from here and save this to your desktop.
http://go.microsoft.com/fwlink/?linkid=56062
* Double-click on MGADiag.exe
* When the program has finished, click on the Validation tab and then click on Copy to Clipboard.
* Please post the results in your next reply.

-----------------------------------------------------

Download CKScanner from here
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

-----------------------------------------------------

Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

-----------------------------------------------------

Please include the following logs in your next reply (post all logs as text, no attachments please):
  • The MGADiag report
  • CKFiles.txt
  • DDS.txt
  • Attach.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 21st, 2011, 9:15 am

Hi Carolyn,

Thank you so much for your time. I have not done anything to the infected computer since posting to the forum asking for help. I also understand the need for MGADiag and ckscanner, but these poor people did not know anything about updates.
Here are the logs as requested.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.1.0.hom
ID: {52386C8F-0394-49C7-AA56-F92A32B86B1E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_78155E4D-232-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{52386C8F-0394-49C7-AA56-F92A32B86B1E}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.1.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1361832622-2035837001-3103575040</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 2400 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="3"/><Date>20031202******.******+***</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>B765324F01842032</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell DIMENSION DIM2400</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1B285:Dell Inc|1B285:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\jasc software inc\paint shop photo album\frames\black crackle.pspframe
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
scanner sequence 3.LB.11
----- EOF -----


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by PATRICIA ANDERS at 7:11:08.51 on Mon 03/21/2011
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.126.22 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\AOL\1189718484\ee\AOLSoftware.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\20113209149_mcinfo.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Documents and Settings\PATRICIA ANDERS\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://default-homepage-network.com/start.cgi?hkcu
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HostManager] c:\program files\common files\aol\1189718484\ee\AOLSoftware.exe
mRun: [msci] c:\docume~1\patric~1\locals~1\temp\20113209149_mcinfo.exe /insfin
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 165584]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
.
=============== Created Last 30 ================
.
2011-03-20 16:08:06 38848 ----a-w- c:\windows\avastSS.scr
2011-03-20 16:07:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-03-19 19:28:54 -------- d-sha-r- C:\cmdcons
2011-03-19 19:21:02 89088 ----a-w- c:\windows\MBR.exe
2011-03-19 19:21:01 98816 ----a-w- c:\windows\sed.exe
2011-03-19 19:21:01 256512 ----a-w- c:\windows\PEV.exe
2011-03-19 19:21:01 161792 ----a-w- c:\windows\SWREG.exe
2011-03-19 18:31:29 388096 ----a-r- c:\docume~1\patric~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-19 18:31:26 -------- d-----w- c:\program files\Trend Micro
2011-03-18 20:08:36 -------- d-----w- c:\docume~1\patric~1\applic~1\Malwarebytes
2011-03-18 20:08:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-18 20:08:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 20:08:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 19:36:59 21760 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
.
============= FINISH: 7:11:54.89 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2004 5:51:47 PM
System Uptime: 3/21/2011 1:51:16 AM (6 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 68.546 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_MUGSFDD_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_MUGSFDD_XX
Service: mugsfdd
.
==== System Restore Points ===================
.
RP50: 2/25/2011 3:32:59 PM - Restore Operation
RP51: 3/3/2011 3:23:20 PM - System Checkpoint
RP52: 3/15/2011 9:37:20 PM - System Checkpoint
RP53: 3/18/2011 3:35:42 PM - System Checkpoint
RP54: 3/19/2011 3:42:52 AM - Removed Java 2 Runtime Environment, SE v1.4.2
RP55: 3/19/2011 12:44:42 PM - Spyware Terminator - restore point
RP56: 3/19/2011 1:31:24 PM - Installed HiJackThis
RP57: 3/20/2011 11:07:42 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
avast! Free Antivirus
Banctec Service Agreement
BCM V.92 56K Modem
Broadcom Management Programs
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support
EarthLink Setup Files
Help and Support Customization
HiJackThis
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
MUSICMATCH® Jukebox
QuickTime
RealOne Player
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Support Software
Update for Windows XP (KB898461)
Viewpoint Media Player
WebFldrs XP
Windows XP Hotfix - KB817611
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB826959
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
3/20/2011 4:17:31 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/20/2011 4:17:31 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
3/20/2011 4:17:31 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/19/2011 12:11:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/19/2011 11:35:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor sp_rsdrv2
3/19/2011 11:29:51 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
3/18/2011 10:59:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/18/2011 10:58:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss sp_rsdrv2 Tcpip
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The Spyware Terminator Realtime Shield Service service depends on the Spyware Terminator Driver 2 service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:57:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/15/2011 4:08:33 PM, error: Service Control Manager [7000] - The WinTools for IE service service failed to start due to the following error: The system cannot find the file specified.
3/15/2011 3:22:33 PM, error: Service Control Manager [7000] - The ATWPKT2 service failed to start due to the following error: Access is denied.
.
==== End Of File ===========================
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 21st, 2011, 9:55 am

Go to this link: http://www.microsoft.com/genuine/diag/
Click on Start diagnostics
Click on continue
Click on Resolve now
Follow the prompts, you may be asked to download files/plugins, please save them to the desktop and run them.
After installation please run MGADiag.exe again and post the log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 21st, 2011, 10:55 am

Windows downloaded updates and wants to install. Would this be ok to do?? Or should I hold off?
Results of MGDiag below. Thank you again Carolyn.




Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.1.0.hom
ID: {52386C8F-0394-49C7-AA56-F92A32B86B1E}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{52386C8F-0394-49C7-AA56-F92A32B86B1E}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.1.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1361832622-2035837001-3103575040</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 2400 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="3"/><Date>20031202******.******+***</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>B765324F01842032</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell DIMENSION DIM2400</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1B285:Dell Inc|1B285:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 21st, 2011, 11:23 am

Windows downloaded updates and wants to install. Would this be ok to do?? Or should I hold off?


Please do not install any Windows Updates until the computer is clean.

I would like to see the ComboFix log that you mentioned in your opening post. Please post it for my review.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 21st, 2011, 12:07 pm

ComboFix 11-03-19.01 - Administrator 03/19/2011 17:29:38.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.126.4 [GMT -5:00]
Running from: G:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\Tvm.log
c:\documents and settings\PATRICIA ANDERS\Application Data\ttuh.exe
c:\documents and settings\PATRICIA ANDERS\Local Settings\Temporary Internet Files\Tvm.log
c:\program files\Common Files\fnts~1
c:\program files\Common Files\pppatc~1
c:\program files\Common Files\SLMSS
c:\program files\Common Files\SLMSS\slmss.exe
c:\program files\Common Files\smante~1
c:\windows\asembl~1
c:\windows\asks~1
c:\windows\crosof~1
c:\windows\fnts~1
c:\windows\mcroso~1
c:\windows\pppatc~1
c:\windows\system32\_000103_.tmp.dll
c:\windows\System32\a3d55481.exe
c:\windows\system32\drivers\ugffgeff.sys
c:\windows\system32\ecurit~1
c:\windows\system32\fnts~1
c:\windows\system32\mbols~1
c:\windows\system32\O.BAT
c:\windows\system32\racle~1
c:\windows\system32\scurit~1
c:\windows\system32\sembly~1
c:\windows\system32\stem32~1
c:\windows\system32\tsks~1
c:\windows\system32\wnsxs~1
c:\windows\system32\ystem~1
c:\windows\ymbols~1
.
c:\windows\system32\qmgr.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mugsfdd
.
.
((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))
.
.
2011-03-19 18:31 . 2011-03-19 18:31 388096 ----a-r- c:\documents and settings\PATRICIA ANDERS\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-19 18:31 . 2011-03-19 18:31 -------- d-----w- c:\program files\Trend Micro
2011-03-18 20:57 . 2011-03-18 20:57 -------- d-----w- c:\documents and settings\Administrator
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\PATRICIA ANDERS\Application Data\Malwarebytes
2011-03-18 20:08 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 20:08 . 2010-12-20 23:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 19:36 . 2002-08-29 06:32 21760 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35 . 2011-02-25 20:35 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
.
.
.
[-] 2003-05-30 15:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\SYSTEM32\d3d9.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 122880]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-09 122880]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-18 163840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-06 151597]
"aqadcup"="c:\windows\aqadcup.exe" [2004-08-04 249856]
"Xuia"="c:\windows\mdvnii.exe" [2004-09-11 155648]
"eaur"="c:\windows\Nsda.exe" [2004-10-19 151552]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HostManager"="c:\program files\Common Files\AOL\1189718484\ee\AOLSoftware.exe" [2006-09-26 50736]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-10-28 2834432]
"McRegWiz"="c:\progra~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-03 00:46 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 06:07 114688 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 06:19 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 16:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 16:05 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-03-06 17:29 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-03-06 17:30 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\SYSTEM32\DRIVERS\sp_rsdrv2.sys [10/27/2007 8:08 PM 138752]
S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [3/6/2004 12:41 PM 23296]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
.
2004-03-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 11:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/?tbid=61000
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{47E75560-E9A1-E35E-88FD-C36937F2D9CF} - c:\windows\System32\qyevfu.dll
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-slmss - c:\program files\Common Files\slmss\slmss.exe
HKLM-Run-mswspl - (no file)
HKLM-Run-stcinstaller - c:\installer\id53.exe
HKLM-Run-fncsO - c:\documents and settings\patricia anders\local settings\temp\fncsO.exe
HKLM-Run-f43b68d80286 - c:\windows\System32\a3d55481.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 17:52
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(480)
c:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(536)
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(2368)
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\progra~1\Crawler\Toolbar\ctbr.dll
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\BCMSMMSG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe
.
**************************************************************************
.
Completion time: 2011-03-19 18:04:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-19 22:59
.
Pre-Run: 74,012,303,360 bytes free
Post-Run: 73,862,086,656 bytes free
.
- - End Of File - - DD94990F55096CE45E1C1B829591FD68
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 21st, 2011, 12:30 pm

Hello hubert,

Please follow these instructions exactly as written:

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 21st, 2011, 3:45 pm

Hello Carolyn,

Could not run combofix from the desktop again. Proceeded to safe mode and ran it off the flash drive. Did not use networking, as trying not to connect to the internet as much as possible. Received "Virtual memory minimum too low" message during the scan. The infected computer has very little ram installed. I am going to add more after the clean up.


ComboFix 11-03-20.03 - Administrator 03/21/2011 13:44:07.2.1 - x86 MINIMAL
Running from: G:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\bsx32.ini
c:\windows\system32\drivers\fad.sys
c:\windows\system32\lmdv.bin
.
Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))
.
.
2011-03-21 12:02 . 2011-03-21 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-03-20 16:08 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-20 16:08 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-20 16:08 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-20 16:08 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-20 16:08 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-20 16:08 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-20 16:08 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2011-03-20 16:08 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-20 16:07 . 2011-03-20 16:07 -------- d-----w- c:\program files\Alwil Software
2011-03-20 16:07 . 2011-03-20 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-03-19 18:31 . 2011-03-19 18:31 388096 ----a-r- c:\documents and settings\PATRICIA ANDERS\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-19 18:31 . 2011-03-19 18:31 -------- d-----w- c:\program files\Trend Micro
2011-03-18 20:57 . 2011-03-18 20:57 -------- d-----w- c:\documents and settings\Administrator
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\PATRICIA ANDERS\Application Data\Malwarebytes
2011-03-18 20:08 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 20:08 . 2010-12-20 23:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 19:36 . 2002-08-29 06:32 21760 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35 . 2011-02-25 20:35 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
.
.
.
[-] 2003-05-30 15:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\SYSTEM32\d3d9.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 122880]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-06 151597]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HostManager"="c:\program files\Common Files\AOL\1189718484\ee\AOLSoftware.exe" [2006-09-26 50736]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-03 00:46 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 06:07 114688 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 06:19 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 16:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 16:05 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-03-06 17:29 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-03-06 17:30 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [3/20/2011 11:08 AM 165584]
.
Contents of the 'Scheduled Tasks' folder
.
2004-03-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 11:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://default-homepage-network.com/start.cgi?hkcu
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MediaLoads Enhanced - c:\program files\Support Software\install.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 14:09
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(480)
c:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(536)
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(2984)
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\BCMSMMSG.exe
c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
.
**************************************************************************
.
Completion time: 2011-03-21 14:15:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-21 19:14
ComboFix2.txt 2011-03-19 23:04
.
Pre-Run: 73,639,776,256 bytes free
Post-Run: 73,503,211,520 bytes free
.
- - End Of File - - 46B938A2911700152151B0E87EBB35BE
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 21st, 2011, 6:20 pm

Hi,

What exactly happens when you try to run ComboFix from the desktop?
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 21st, 2011, 6:23 pm

HI,

It hangs on scanning for infected files. It hung for about an hour.
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 21st, 2011, 6:32 pm

Try running ComboFix from the Desktop in Normal Mode once again. Please do so while connected to the internet. If the program still stalls, bring up Task Manage using CTRL+ALT+DELETE. See if any of these processes are running, and End Task on them one at a time and see if it frees up CF:

pev
findstr
sed
grep
nircmd
nircmd
swsc
* .. or any other process that has the .cfexe extension except for CFxxx.cfexe

If that does not work, post back and let me know. Please don't improvise. I can see that you know your way around computers, but we need to be on the same page or we will have problems.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 21st, 2011, 10:13 pm

Carolyn,

Finally! It worked! After opening task manager, I ended the the grep.cfxxe process. Also CF did not reboot the machine this time. Another thing I forgot to mention is that after I ran CF the first time you requested, that while I was transferring the CF log onto my comp, the windows update pop up message was up on the infected comp, please restart. I did not restart. I turned off updates. I had, had it set for D/L, let me choose to install. Somehow it got put back to auto after CF rebooted the machine. I apologize for any confusion.
Again, thank you for your time and patience with me.


ComboFix 11-03-21.01 - PATRICIA ANDERS 03/21/2011 19:41:56.3.1 - x86
Running from: c:\documents and settings\PATRICIA ANDERS\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000103_.tmp.dll
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-21 20:02 . 2011-03-21 20:02 -------- d-----w- c:\windows\system32\bits
2011-03-21 20:00 . 2011-03-21 20:02 -------- d-----w- c:\windows\LastGood
2011-03-21 14:25 . 2004-07-01 22:08 331776 ----a-w- c:\windows\system32\SET39.tmp
2011-03-21 14:25 . 2004-07-01 22:08 17408 ----a-w- c:\windows\system32\SET35.tmp
2011-03-21 14:25 . 2004-06-30 23:59 158720 ------w- c:\windows\system32\xpob2res.dll
2011-03-21 14:25 . 2004-07-01 22:08 7680 ------w- c:\windows\system32\dllcache\bitsprx2.dll
2011-03-21 14:25 . 2004-07-01 22:08 7168 ------w- c:\windows\system32\dllcache\bitsprx3.dll
2011-03-21 12:02 . 2011-03-21 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-03-20 16:08 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-20 16:08 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-20 16:08 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-20 16:08 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-20 16:08 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-20 16:08 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-20 16:08 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2011-03-20 16:08 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-20 16:07 . 2011-03-20 16:07 -------- d-----w- c:\program files\Alwil Software
2011-03-20 16:07 . 2011-03-20 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-03-19 18:31 . 2011-03-19 18:31 388096 ----a-r- c:\documents and settings\PATRICIA ANDERS\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-19 18:31 . 2011-03-19 18:31 -------- d-----w- c:\program files\Trend Micro
2011-03-18 20:57 . 2011-03-18 20:57 -------- d-----w- c:\documents and settings\Administrator
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\PATRICIA ANDERS\Application Data\Malwarebytes
2011-03-18 20:08 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-18 20:08 . 2011-03-18 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 20:08 . 2010-12-20 23:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 19:36 . 2002-08-29 06:32 21760 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35 . 2011-02-25 20:35 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
.
.
.
[-] 2003-05-30 15:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\SYSTEM32\d3d9.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 122880]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-06 151597]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HostManager"="c:\program files\Common Files\AOL\1189718484\ee\AOLSoftware.exe" [2006-09-26 50736]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-05-03 00:46 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-07 06:07 114688 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 06:19 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 16:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 16:05 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-03-06 17:29 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-03-06 17:30 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [3/20/2011 11:08 AM 165584]
.
Contents of the 'Scheduled Tasks' folder
.
2004-03-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 11:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://default-homepage-network.com/start.cgi?hkcu
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 19:49
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(480)
c:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(536)
c:\windows\System32\dssenh.dll
.
Completion time: 2011-03-21 19:53:12
ComboFix-quarantined-files.txt 2011-03-22 00:53
ComboFix2.txt 2011-03-21 19:15
ComboFix3.txt 2011-03-19 23:04
.
Pre-Run: 73,333,211,136 bytes free
Post-Run: 73,121,759,232 bytes free
.
- - End Of File - - E0F0F8278A9E0D44A7B27581D34A1932
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm

Re: Infected

Unread postby Carolyn » March 22nd, 2011, 7:57 am

Finally! It worked!


Well done :thumbright:

=================

I see that there are components of McAfee Security Center running. McAfee does not always uninstall cleanly and these components are leftovers that we need to remove.

Dowload and save McAfee Removal Tool to your desktop.

Run it to remove McAfee. After this, please restart your computer.

=================

I see you already have Malwarebytes Anti-Malware installed:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

=================

Disable Avast

  • Right click on the avast! icon in system tray (looks like this: Image) and choose (Avast shield control)
  • Chose disable permanently.
  • Note: Don't forget to re-enable it after the fix.

=================

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

=================

Please post the following in your next reply:
  • The Malwarebytes' log
  • The ESET log
  • Fresh DDS.txt and Attach.txt logs
  • A description of how the computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Infected

Unread postby hubert » March 22nd, 2011, 3:02 pm

All tasks completed with no issues. Computer seems fine. Some programs slow to load, but I'm sure thats to be expected, considering...

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 6133

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

3/22/2011 12:46:36 PM
mbam-log-2011-03-22 (12-46-36).txt

Scan type: Quick scan
Objects scanned: 157368
Time elapsed: 10 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Eset log

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP50\A0095241.exe a variant of Win32/Kryptik.LBN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP53\A0101045.exe Win32/Adware.PortalScan application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101694.exe Win32/Adware.ClickSpring application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101695.exe a variant of Win32/TrojanDownloader.PurityScan trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101697.exe probably a variant of Win32/Adware.Agent.HWMXXOU application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101698.exe Win32/Agent.CO trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101700.exe Win32/TrojanDropper.Mudrop.NAD trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101701.exe Win32/Spy.Briss.H trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101702.exe a variant of Win32/Agent.WBG trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101703.exe Win32/Adware.Suggestor application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101704.ocx Win32/Adware.Suggestor application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101705.exe a variant of Win32/Agent.WBG trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101706.exe multiple threats
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101707.EXE Win32/AdClicker.O trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101708.dll Win32/SecondThought.AG trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101709.exe Win32/TrojanDownloader.Agent.ADZ trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101711.exe Win32/TrojanDownloader.Small.GO trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101712.dll Win32/Spy.Idly.C trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101713.exe Win32/TrojanDownloader.Small.IQ trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101714.exe Win32/SecondThought.L trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101715.dll Win32/Spy.Briss.H trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101717.dll Win32/Adware.PurityScan application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101718.exe multiple threats
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101719.dll Win32/Adware.VirtualBouncer application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101720.exe Win32/Adware.WildMedia application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP57\A0101721.dll Win32/Adware.VirtualBouncer application
C:\WINDOWS\SYSTEM32\PopOops.dll Win32/Adware.VirtualBouncer application
C:\WINDOWS\SYSTEM32\SWLAD2.dll Win32/Adware.VirtualBouncer application

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by PATRICIA ANDERS at 13:38:34.45 on Tue 03/22/2011
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.126.26 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\AOL\1189718484\ee\AOLSoftware.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\PATRICIA ANDERS\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HostManager] c:\program files\common files\aol\1189718484\ee\AOLSoftware.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 165584]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-20 40384]
.
=============== Created Last 30 ================
.
2011-03-22 17:54:03 -------- d-----w- c:\program files\ESET
2011-03-21 20:02:12 -------- d-----w- c:\windows\system32\bits
2011-03-21 14:25:09 331776 ----a-w- c:\windows\system32\winhttp.dll
2011-03-21 14:25:09 17408 ----a-w- c:\windows\system32\qmgrprxy.dll
2011-03-21 14:25:09 158720 ------w- c:\windows\system32\xpob2res.dll
2011-03-21 14:25:08 7680 ------w- c:\windows\system32\dllcache\bitsprx2.dll
2011-03-21 14:25:08 7680 ------w- c:\windows\system32\bitsprx2.dll
2011-03-21 14:25:08 7168 ------w- c:\windows\system32\dllcache\bitsprx3.dll
2011-03-21 14:25:08 7168 ------w- c:\windows\system32\bitsprx3.dll
2011-03-20 16:08:06 38848 ----a-w- c:\windows\avastSS.scr
2011-03-20 16:07:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-03-19 19:28:54 -------- d-sha-r- C:\cmdcons
2011-03-19 19:21:02 89088 ----a-w- c:\windows\MBR.exe
2011-03-19 19:21:01 98816 ----a-w- c:\windows\sed.exe
2011-03-19 19:21:01 256512 ----a-w- c:\windows\PEV.exe
2011-03-19 19:21:01 161792 ----a-w- c:\windows\SWREG.exe
2011-03-19 18:31:29 388096 ----a-r- c:\docume~1\patric~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-19 18:31:26 -------- d-----w- c:\program files\Trend Micro
2011-03-18 20:08:36 -------- d-----w- c:\docume~1\patric~1\applic~1\Malwarebytes
2011-03-18 20:08:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-18 20:08:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 20:08:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 19:36:59 21760 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
.
============= FINISH: 13:39:29.25 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2004 5:51:47 PM
System Uptime: 3/22/2011 7:23:47 AM (6 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 68.23 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 2/25/2011 3:32:59 PM - Restore Operation
RP51: 3/3/2011 3:23:20 PM - System Checkpoint
RP52: 3/15/2011 9:37:20 PM - System Checkpoint
RP53: 3/18/2011 3:35:42 PM - System Checkpoint
RP54: 3/19/2011 3:42:52 AM - Removed Java 2 Runtime Environment, SE v1.4.2
RP55: 3/19/2011 12:44:42 PM - Spyware Terminator - restore point
RP56: 3/19/2011 1:31:24 PM - Installed HiJackThis
RP57: 3/20/2011 11:07:42 AM - avast! Free Antivirus Setup
RP58: 3/21/2011 2:36:44 PM - System Checkpoint
RP59: 3/21/2011 3:00:17 PM - Software Distribution Service 3.0
RP60: 3/21/2011 3:01:31 PM - Installed Windows Installer KB893803v2.
RP61: 3/21/2011 3:02:06 PM - Installed Windows XP KB842773.
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
avast! Free Antivirus
Banctec Service Agreement
BCM V.92 56K Modem
Broadcom Management Programs
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support
EarthLink Setup Files
Help and Support Customization
HiJackThis
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
MUSICMATCH® Jukebox
QuickTime
RealOne Player
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Update for Windows XP (KB898461)
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB817611
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB826959
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB842773
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
3/21/2011 8:26:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
3/20/2011 4:17:31 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/20/2011 4:17:31 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
3/20/2011 4:17:31 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/19/2011 12:11:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/19/2011 11:35:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor sp_rsdrv2
3/19/2011 11:29:51 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
3/18/2011 11:13:49 AM, error: Service Control Manager [7000] - The WinTools for IE service service failed to start due to the following error: The system cannot find the file specified.
3/18/2011 11:11:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/18/2011 10:59:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/18/2011 10:58:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss sp_rsdrv2 Tcpip
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The Spyware Terminator Realtime Shield Service service depends on the Spyware Terminator Driver 2 service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/15/2011 3:22:33 PM, error: Service Control Manager [7000] - The ATWPKT2 service failed to start due to the following error: Access is denied.
.
==== End Of File ===========================
hubert
Regular Member
 
Posts: 15
Joined: December 5th, 2010, 7:26 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware