Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware overrun

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware overrun

Unread postby Dlanoz » June 28th, 2011, 11:06 am

Can't connect to internet, All Programs in Start menu missing, etc. It's a nasty one.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by User at 11:12:09 on 2011-06-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.605 [GMT -4:00]
.
AV: The Shield Deluxe Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
.
============== Pseudo HJT Report ===============
.
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\a30mjusm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.europeanautobodyoftampa.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R1 MpKsl78d3d2a7;MpKsl78d3d2a7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ecb5bdbd-6227-4d7f-b472-8715744bba6e}\MpKsl78d3d2a7.sys [2011-6-28 28752]
R1 SASDIFSV;SASDIFSV;c:\docume~1\user\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\user\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S1 MpKsl0761f5dc;MpKsl0761f5dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{302ce733-65a1-442b-8fdb-78aa8ed6a532}\mpksl0761f5dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{302ce733-65a1-442b-8fdb-78aa8ed6a532}\MpKsl0761f5dc.sys [?]
S1 MpKslbd2044a1;MpKslbd2044a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cfe13b4c-e552-4eb5-9b28-49f5e7df9c7c}\mpkslbd2044a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cfe13b4c-e552-4eb5-9b28-49f5e7df9c7c}\MpKslbd2044a1.sys [?]
S1 MpKslc8494b66;MpKslc8494b66;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6cfd7f3-847e-403e-8774-beb0ab921744}\mpkslc8494b66.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6cfd7f3-847e-403e-8774-beb0ab921744}\MpKslc8494b66.sys [?]
S1 MpKsldccef9b5;MpKsldccef9b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{229e5039-1a86-42b1-8e44-237a7951cd3c}\mpksldccef9b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{229e5039-1a86-42b1-8e44-237a7951cd3c}\MpKsldccef9b5.sys [?]
S1 MpKsle36e1dfe;MpKsle36e1dfe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b501284b-1a6c-45dd-88cb-e8f4ff4a6226}\mpksle36e1dfe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b501284b-1a6c-45dd-88cb-e8f4ff4a6226}\MpKsle36e1dfe.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-3-12 184968]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-24 24652]
.
=============== Created Last 30 ================
.
2011-06-28 14:42:21 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ecb5bdbd-6227-4d7f-b472-8715744bba6e}\MpKsl78d3d2a7.sys
2011-06-28 14:37:56 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-28 14:37:54 -------- d-----w- c:\program files\Trend Micro
2011-06-27 14:26:03 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ecb5bdbd-6227-4d7f-b472-8715744bba6e}\mpengine.dll
2011-06-25 14:05:41 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-25 14:05:40 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-16 13:21:35 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-16 13:21:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 13:21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-14 19:38:07 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-04 02:17:11 -------- d-----w- c:\program files\Risoria
2011-06-04 02:13:19 -------- d---a-w- c:\program files\FastTrak
2011-06-03 18:20:24 -------- d--h--w- c:\documents and settings\user\application data\TeamViewer
2011-06-03 18:20:01 -------- d-----w- c:\program files\TeamViewer
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 16:13:02 72080 ---ha-w- c:\documents and settings\user\g2mdlhlpx.exe
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 11:12:53.62 ===============
Dlanoz
Member+
 
Posts: 20
Joined: June 27th, 2008, 4:21 pm
Advertisement
Register to Remove

Re: Malware overrun

Unread postby Cypher » June 29th, 2011, 3:26 pm

I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware