Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

2x error messages on starting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

2x error messages on starting

Unread postby Vicaroo » July 2nd, 2011, 7:12 am

Hi
I have recently had a Trojan attack on my computer and have been left with 2 error messages on starting up my laptop. My antivirus is saying the computer in clear but I'd like to repair the damage the attack did. The two messages are as follows.......

Could not load or run C:\Users\Vicky\AppData\Local\Temp\csrss.exe specified in the registry. Make sure the files exist on your computer or remove the reference to it in the registry

and

Error loading C:\Users\Vicky\AppData\Local\fomsvct.dll - The specified module could not be found.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17
Run by Vicky at 11:43:54 on 2011-07-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1915.544 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by Wanadoo
uSearch Bar = hxxp://www.wanadoo.co.uk/iesearch/default.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEA
uInternet Settings,ProxyOverride = <local>
uWinlogon: Shell=explorer.exe,c:\users\vicky\appdata\roaming\dwm.exe
uWindows: Load=c:\users\vicky\appdata\local\temp\csrss.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110625174450.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON Stylus DX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticde.exe /fu "c:\windows\temp\E_S49CB.tmp" /EF "HKCU"
uRun: [MicrosoftWinUpdate] c:\users\vicky\appdata\roaming\spoolsv.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [{8BC4ABD0-AE87-380B-DC7E-5B1B119DE18B}] c:\users\vicky\appdata\roaming\ataqu\fayqi.exe
uRun: [{8BC4ABDA-AE8D-380B-DC7E-5B1B119DE18B}] c:\users\vicky\appdata\roaming\ataqu\fayqi.exe
uRun: [Xcaxewid] rundll32.exe "c:\users\vicky\appdata\local\fomsvct.dll",Startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05846807-2F0A-49DD-B01A-AF196DE6BC77} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-6-25 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-6-25 163400]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-6-25 54776]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-2-25 25896]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-20 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-25 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-25 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-25 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-25 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-25 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-25 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-25 57432]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-25 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-25 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-25 337912]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-8-7 290304]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 136176]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-10-26 124368]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-22 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-25 85984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-01 17:32:23 -------- d-----w- c:\users\vicky\appdata\local\{6030D4D8-4328-4BC5-912C-3AC0FD9D7385}
2011-07-01 06:17:13 -------- d-----w- c:\users\vicky\appdata\local\{8B0F2B0E-796B-41F1-93CD-0725E9CFD5C4}
2011-06-30 21:02:06 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-30 20:55:09 -------- d-----w- c:\users\vicky\appdata\local\{039A633B-990C-4252-94EC-B1F646D2DD9D}
2011-06-28 20:38:05 -------- d-----w- c:\users\vicky\appdata\local\{859BB925-3D0A-45BE-BEE9-D3CE770EEB96}
2011-06-27 21:25:22 -------- d-----w- c:\users\vicky\appdata\local\{99B3D009-E179-43B6-A4FB-7DB84C669F44}
2011-06-27 17:32:54 -------- d-----w- c:\users\vicky\appdata\local\{2BDE9E4D-4B81-4CAB-B9FE-E9AFC866BEFA}
2011-06-27 07:09:03 -------- d-----w- c:\users\vicky\appdata\local\{691175FC-7A67-41CB-9E8A-F1F0CB14A8FF}
2011-06-26 14:19:52 -------- d-----w- c:\users\vicky\appdata\local\{CBEC673E-87F4-4020-8982-65D4107868E0}
2011-06-25 21:00:04 -------- d-----w- c:\users\vicky\appdata\roaming\McAfee
2011-06-25 17:40:13 -------- d-----w- c:\programdata\TOSHIBA Tempro
2011-06-25 16:50:23 -------- d-----w- c:\program files\McAfeeMOBK
2011-06-25 16:50:07 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-06-25 16:49:54 -------- d-----w- c:\program files\McAfee Online Backup
2011-06-25 16:44:50 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-25 16:44:42 85984 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-25 16:44:42 64648 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-06-25 16:44:42 163400 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-06-25 16:44:41 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-25 16:44:41 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-25 16:44:41 337912 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-25 16:44:41 179248 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-25 16:44:26 -------- d-----w- c:\program files\McAfee.com
2011-06-25 16:34:32 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-25 14:25:42 -------- d-----w- c:\users\vicky\appdata\local\{0EEE7DE6-4354-412A-8283-2F107C7B7D6D}
2011-06-24 21:40:29 -------- d-----w- c:\users\vicky\appdata\local\{C1829D77-CFD9-46C4-847E-1BE569E5D811}
2011-06-24 17:18:49 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{05e7f450-3d83-4723-a091-79c283007bfc}\mpengine.dll
2011-06-24 17:11:37 -------- d-----w- c:\users\vicky\appdata\local\{A8458742-3E46-4C39-934B-59B4448582D6}
2011-06-24 17:05:46 -------- d-----w- c:\users\vicky\appdata\local\{91CC45F1-01A4-42CE-A629-CEE9F88B0240}
2011-06-23 18:50:46 -------- d-----w- c:\users\vicky\appdata\local\{DEB84D7F-3E2E-4FA9-B17F-EAD729E2012B}
2011-06-20 18:00:14 -------- d-----w- c:\program files\AC3Filter
2011-06-20 17:41:47 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-06-20 17:40:07 -------- d-----w- c:\program files\DivX
2011-06-19 09:19:42 -------- d-----w- c:\users\vicky\appdata\local\{3A01A0AC-E4C9-45EF-9323-BF8EC125900C}
2011-06-18 15:28:09 -------- d-----w- c:\users\vicky\appdata\local\{5CF460BC-03CD-4C28-987C-A0620E3DFAE1}
2011-06-17 21:45:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 21:45:51 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-17 21:45:50 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-17 21:42:25 -------- d-----w- c:\users\vicky\appdata\local\{DD7A7E0A-9BC2-48C0-B4A1-50849D93E5D1}
2011-06-16 17:38:41 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 17:38:39 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 17:38:37 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 17:38:37 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 17:38:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 17:37:30 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 17:37:22 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 17:37:21 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 17:37:21 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 17:35:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-16 17:29:46 -------- d-----w- c:\users\vicky\appdata\local\{9E58029C-EDCF-4C7E-A55C-D9CB25FD5CF2}
2011-06-16 00:35:11 -------- d-----w- c:\users\vicky\appdata\local\{76E28481-B265-49C0-95E7-390AA7CBDFC4}
2011-06-14 13:42:28 -------- d-----w- c:\users\vicky\appdata\local\{CC411DF7-0FE7-4BFD-840C-1161378EE56D}
2011-06-13 18:41:23 -------- d-----w- c:\users\vicky\appdata\local\{5A8BDB22-689A-48D0-8685-8D95C193440E}
2011-06-13 06:33:48 -------- d-----w- c:\users\vicky\appdata\local\{8A537C1D-0148-4C37-90EB-220ED1D36ED9}
2011-06-12 10:40:32 -------- d-----w- c:\users\vicky\appdata\local\{4647F2B5-BE04-42B5-B7C7-DF2669CB5850}
2011-06-11 12:48:15 -------- d-----w- c:\users\vicky\appdata\local\{81E8FCFD-3DA9-4D52-8EE5-B88FD5E01E68}
2011-06-10 22:29:45 -------- d-----w- c:\users\vicky\appdata\local\{86CFD5D7-EFBE-4098-B805-58EAA6150E96}
2011-06-09 18:55:07 -------- d-----w- c:\users\vicky\appdata\local\{314C69A8-2BF5-4FED-ABB3-E7CFC3FE9C60}
2011-06-08 22:26:12 -------- d-----w- c:\users\vicky\appdata\local\{73D28B7C-70D8-40EC-BC1F-294F1776E9B6}
2011-06-08 06:33:16 -------- d-----w- c:\users\vicky\appdata\local\{4F5843F3-195B-4C59-AC39-E89B64DC72AC}
2011-06-07 17:26:19 -------- d-----w- c:\users\vicky\appdata\local\{95F81F98-9A3C-44E6-BC51-EC356E7D23E4}
2011-06-06 16:32:52 -------- d-----w- c:\users\vicky\appdata\local\{9A13F3EA-CA6D-4004-8B16-82F1AEE432D6}
2011-06-05 19:54:40 -------- d-----w- c:\users\vicky\appdata\local\{23CE638B-3B80-4894-A1A2-F9C070C54BE5}
2011-06-05 19:14:42 -------- d-----w- c:\users\vicky\appdata\local\{59A8C08E-7961-4EF1-857F-6CF42645785B}
2011-06-05 15:57:49 -------- d-----w- c:\users\vicky\appdata\local\{9C3F1A5A-D3A2-408A-9679-82088F912851}
2011-06-02 18:14:19 -------- d-----w- c:\users\vicky\appdata\local\{CC896D23-4795-498F-883D-12231E2DB20A}
.
==================== Find3M ====================
.
2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 11:45:32.67 ===============


Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/02/2009 19:40:22
System Uptime: 02/07/2011 10:56:26 (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | CPU | 1000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 58.499 GiB free.
E: is FIXED (NTFS) - 115 GiB total, 100.758 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3D Home Architect 4.0
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
D3DX10
DVD MovieFactory for TOSHIBA
EPSON Printer Software
EPSON Scan
Facebook Plug-In
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Junk Mail filter update
McAfee Internet Security
McAfee Online Backup
McAfee Virtual Technician
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Software Modem
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
25/06/2011 22:11:15, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control.
25/06/2011 19:59:23, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
25/06/2011 17:44:13, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
25/06/2011 17:44:13, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/06/2011 17:44:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/07/2011 10:59:40, Error: Service Control Manager [7034] - The Notebook Performance Tuning Service (TEMPRO) service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


Thanks
Vicaroo
Active Member
 
Posts: 2
Joined: July 2nd, 2011, 6:24 am
Advertisement
Register to Remove

Re: 2x error messages on starting

Unread postby diver79 » July 5th, 2011, 4:44 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer only! Using these instructions on a different computer, can make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

I am currently researching your log and will post back soon.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: 2x error messages on starting

Unread postby Vicaroo » July 7th, 2011, 1:08 pm

Hi diver 79 and thank you for helping.
Vicaroo
Active Member
 
Posts: 2
Joined: July 2nd, 2011, 6:24 am

Re: 2x error messages on starting

Unread postby diver79 » July 8th, 2011, 3:37 am

Hi Vicaroo,

You have signs of a banking trojan on your computer.

uRun: [MicrosoftWinUpdate] c:\users\vicky\appdata\roaming\spoolsv.exe

http://www.systemlookup.com/Startup/218 ... v_exe.html
http://www.microsoft.com/security/porta ... fBancos.TA

This means any financial information on your computer will be being forwarded to your attacker, who may also have full remote access to your computer and be able to use it as if he were sat in front of it.

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, and financial institutions. Inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

IF YOU USE THIS COMPUTER FOR ONLINE BANKING OR OTHER FINANCIAL TRANSACTIONS, OR HAVE DATA OF A CONFIDENTIAL NATURE ON IT, MY RECOMMENDATION IS THAT YOU RE-FORMAT AND RE-INSTALL YOUR OPERATING SYSTEM AND PROGRAMMES. WE CAN NEVER BE TOTALLY SURE WE HAVE GOT RID OF ALL MODIFICATIONS WHICH MAY HAVE BEEN MADE BY THE ATTACKER, AND THEREFORE CANNOT GUARANTEE THE SAFETY OF YOUR DATA.

If you don't have the resources to reinstall your OS and/or would like me to attempt to clean your machine, I'll be happy to do so.

To help you decide, please take some time to read the following articles, then let me know how you want to proceed.

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I do a reformat and reinstallation of my OS
How to backup your files in Windows Vista
Restoring your backups
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: 2x error messages on starting

Unread postby Gary R » July 11th, 2011, 5:31 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware