Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I don’t know if I’m infected or not.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I don’t know if I’m infected or not.

Unread postby will_j » July 14th, 2011, 3:11 pm

Hi,

I am a newbie to this site so please forgive me if I don’t do everything “According to Hoyle” – I can learn if you tell me what I should do :)

I really appreciate your being there to help us, so I won’t waste your time with more introductory phrases (and praises).

I am running Win XP SP3. A week or so ago I was searching for “VLC media player” and when I went to install it I accidently installed something else. It was late and I was tired and not paying enough attention. I quickly uninstalled the program (whose name I have forgotten) but I’ve had problems ever since. At first I noticed it took a long time to shutdown and reboot. I have scanned my computer with my antivirus software, a couple of on-line scanners and the scanner from http://www.malwarebytes.org. Nothing showed up.
- I have been unable to use restore points – the computer would not restore to a previous state.
- I was unable to boot into safemode -- the menu would never appear.

After nothing worked I repaired my XP but have not yet re-applied all of MS updates and patches. After repairing XP I was able, after many attempts, boot into safemode. I re-ran my webroot scanner but wasn’t sure what else I should do. I haven’t tried setting a restore point and trying to go back to that point. I don’t know if I’m infected or not. I would hate to do a new install of XP given all the work of reinstalling software & drivers. Of course I’ll do it if I need to.

Any help is greatly appreciated!
Thanks,
Will
p.s. – the requested logs follow.
=======================================================================================


DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by dwl at 14:22:14 on 2011-07-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2504 [GMT -4:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\tsi32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r255264\payload\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtwTracePktWpp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\OA015Mon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\ZTree\ZTW.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.bing.com/sphome.aspx
uSearch Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windows\tsi32\tsircusr.exe
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"
mRun: [AESTFltr] "c:\windows\system32\AESTFltr.exe" /NoDlg
mRun: [IAStorIcon] "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [WavXMgr] "c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe"
mRun: [USCService] "c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [OA015Mon] "c:\windows\OA015Mon.exe"
mRun: [WinPatrol] "c:\program files\billp studios\winpatrol\winpatrol.exe" -expressboot
mRun: [SysTrayApp] "c:\program files\idt\wdm\sttray.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
mRun: [SRFirstRun] "rundll32" srclient.dll,CreateFirstRunRp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{A8E94F7F-E04A-45ED-932D-847D98F1DF08} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth m   ß øx ”̺¾Ó\bF¡àó1™I6ic\t4ð²„G‹g^Èp
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dwl\application data\mozilla\firefox\profiles\ymcz1zyr.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - component: c:\documents and settings\dwl\application data\mozilla\firefox\profiles\ymcz1zyr.default\extensions\{b58ca710-f62c-4f38-a0e8-cc9b177463e5}\lib\winnt\ff3\AbineComponent.dll
FF - plugin: c:\documents and settings\dwl\application data\mozilla\firefox\profiles\ymcz1zyr.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50611.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-6-4 17072]
R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [2010-7-28 2816]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-29 532224]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 376608]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-6-4 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-6-4 60928]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-4 59392]
R2 SSFMONM;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-12-9 45584]
R2 TSIREGMO;tsiregmo;c:\windows\system32\drivers\tsiregmo.sys [2010-7-28 5824]
R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [2010-7-28 42560]
R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [2010-7-28 5120]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-12-9 3907248]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-6-20 3363168]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-6-4 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-6-4 113664]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-6-4 143968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-6-4 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-6-4 167080]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-6-4 58600]
R3 OA015Afx;Provides a software interface to control audio effects of OA015 camera.;c:\windows\system32\drivers\OA015Afx.sys [2010-6-4 134144]
R3 OA015Vid;Creative Camera OA015 Function Driver;c:\windows\system32\drivers\OA015Vid.sys [2010-6-4 273568]
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [2010-7-28 9728]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [2010-7-28 5632]
S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [2010-7-28 9216]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-6-4 134144]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\NcBulk.SYS [2010-7-28 23628]
S3 NCBULK;NCBULK;c:\windows\system32\drivers\NcBulk.SYS [2010-7-28 23628]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-13 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
.
=============== File Associations ===============
.
FileExt: .txt: UltraEdit.txt="c:\progra~1\idmcom~1\ultrae~1\Uedit32.exe" "%1"
.
=============== Created Last 30 ================
.
2011-07-14 07:38:30 -------- d-----w- C:\zzc
2011-07-14 05:43:58 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-07-14 05:42:59 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2011-07-14 05:40:28 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-07-14 05:40:28 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-07-14 05:29:51 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-07-14 05:29:51 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-07-14 05:29:51 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-07-14 05:29:51 13312 ----a-w- c:\windows\system32\irclass.dll
2011-07-14 05:29:40 16535 ----a-r- c:\windows\SET123.tmp
2011-07-14 05:29:38 1088840 ----a-r- c:\windows\SET117.tmp
2011-07-14 05:29:36 1296669 ----a-r- c:\windows\SET114.tmp
2011-07-14 05:06:24 -------- d-----w- c:\windows\setup.pss
2011-07-14 01:20:55 -------- d-----w- c:\windows\Dell
2011-07-14 01:19:25 -------- d-----w- c:\documents and settings\dwl\application data\Malwarebytes
2011-07-14 01:19:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-13 21:32:16 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-08 01:22:26 -------- d-----w- c:\documents and settings\dwl\application data\QuickScan
2011-07-06 21:14:42 -------- d-----w- c:\program files\VideoLAN
2011-07-06 17:08:29 -------- d-----w- c:\documents and settings\dwl\local settings\application data\TechSmith
2011-07-06 17:07:41 102400 ----a-w- c:\windows\system32\tsccvid.dll
2011-07-04 04:41:40 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2011-07-01 16:47:59 -------- d-----w- c:\documents and settings\dwl\local settings\application data\Temp
2011-07-01 16:39:12 -------- d-----w- c:\documents and settings\all users\application data\TorrentEasy
2011-06-27 03:43:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-27 03:41:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-27 03:41:41 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 04:27:38 -------- d-----w- c:\documents and settings\all users\application data\IDMComp
2011-06-23 04:06:04 -------- d-----w- c:\documents and settings\dwl\local settings\application data\Downloaded Installations
2011-06-23 00:01:05 -------- d-----w- c:\program files\Insightful
2011-06-20 06:35:03 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-19 18:20:55 -------- d-----w- C:\xida3
2011-06-16 17:00:49 -------- d-----w- C:\zz2
2011-06-15 18:01:34 -------- d-----w- C:\xida2
.
==================== Find3M ====================
.
2011-05-23 17:09:30 45584 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-05-23 17:09:30 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-05-23 17:09:30 181008 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2008-04-14 12:00:00 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
.
============= FINISH: 14:24:32.17 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/14/2011 1:44:33 AM
System Uptime: 7/14/2011 2:10:46 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 041WH1
Processor: Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz | CPU 1 | 1728/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 464 GiB total, 394.319 GiB free.
D: is FIXED (FAT32) - 2 GiB total, 1.98 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 7/14/2011 2:16:08 AM - System Checkpoint
.
==== Installed Programs ======================
.
AccelerometerP11
Accord CD Ripper Free 6.6.5
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 2.0
Amos 6
Audacity 1.2.6
BioAPI Framework
Camtasia Studio 4
Codewright 5.1
CyberScrub® Privacy Suite™ 5.1
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell ControlVault Host Components Installer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
FLV Player
Gemalto
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P2030 Series
HP Photo and Imaging 2.2 - Scanjet 8200 Series
IMSI HiJaak 5.0
IMSL Fortran 90 MP Library 4.0
Integrated Webcam Driver (1.00.07.1208)
Intel PROSet Wireless
Intel(R) Network Connections 14.8.43.0
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 18
Lahey ED Developer v3.80
Lahey/Fujitsu Fortran 95 v5.6
LAME v3.98.3 for Audacity
LapLink Gold
LISREL8.80
MathType 6
Media Player Codec Pack 3.9.9
MediaMonkey 3.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB927977)
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA Performance Drivers
OverDrive Media Console
PowerDVD DX
Preboot Manager
Private Information Manager
Protected Music Converter version 1.9.7.1
Quick View Plus
Real Alternative 2.0.2
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
S-PLUS 7.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows XP (KB923789)
Security Wizards
ShareIns
SO32MMWrapper
SPSS 12.0.1 for Windows
Transym TOCR V3.0 Pro
Trusted Drive Manager
tsp patch
UltraCompare v7.20
UltraEdit
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Outlook 2007 Junk Email Filter (KB2443839)
UPEK TouchChip Fingerprint Reader
Virtual Account Numbers
VLC media player 1.1.10
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Webroot Software
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Management Framework Core
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinPatrol
WinRAR 4.00 (32-bit)
WinZip
X1
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm
ZTreeWin (remove only)
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 4:43:46 PM, error: Service Control Manager [7034] - The TSI Remote Control Service service terminated unexpectedly. It has done this 1 time(s).
7/9/2011 4:43:30 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
7/8/2011 11:13:46 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
7/7/2011 9:10:16 PM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
7/7/2011 8:48:59 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
7/7/2011 10:49:18 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BEV-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A8E94F7F-E04A-45ED-93. The master browser is stopping or an election is being forced.
7/7/2011 10:13:59 AM, error: Service Control Manager [7034] - The Adobe LM Service service terminated unexpectedly. It has done this 1 time(s).
7/14/2011 2:12:43 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: General access denied error
7/14/2011 1:45:23 AM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
7/14/2011 1:41:26 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
7/14/2011 1:14:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
7/14/2011 1:14:34 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
7/14/2011 1:14:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/14/2011 1:14:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/14/2011 1:14:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/14/2011 1:14:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/14/2011 1:13:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/14/2011 1:13:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
will_j
Active Member
 
Posts: 8
Joined: July 14th, 2011, 1:09 pm
Advertisement
Register to Remove

Re: I don’t know if I’m infected or not.

Unread postby pgmigg » July 18th, 2011, 2:39 pm

Hello will_j,

Welcome to the forum!

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I don’t know if I’m infected or not.

Unread postby will_j » July 18th, 2011, 4:16 pm

Thank you for your assistance. I await your instructions.
will_j
Active Member
 
Posts: 8
Joined: July 14th, 2011, 1:09 pm

Re: I don’t know if I’m infected or not.

Unread postby pgmigg » July 19th, 2011, 3:38 pm

Hello will_j,

I apologize for the delay in coming back to you on this and thank you again for your patience. :)

Please tell me, is this computer used for business purposes or connected to a business network?
I need to know it - so I can provide the proper instructions.

Step 1.
WVCheck
  1. Please download WVCheck.exe and save it to your Desktop.
  2. Double click WVCheck.exe, to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Step 2.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select Run as administrator..., then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by WVCheck.exe
  3. Contents of a log created by CKFiles.txt

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I don’t know if I’m infected or not.

Unread postby will_j » July 19th, 2011, 5:21 pm

pgmigg,

Thank you for your assistance.

- The computer is for personal use and is not connected to a business network.
A. My IE will not allow me to paste an address, I get a message "The requested lookup key was not found in any active activation context."
Firefox would not let me download the WVCheck.exe . I save the zipped file and extracted the WVCheck.exe file.
- When I right-clicked CKScanner.exe I had to create a password since blank passwords are not allowed.

B. & C. I ran the utilities to check the legitimacy of my windows. The logs are shown below. I have an OEM version of XP that was pre-installed by DELL and I have the CD used to reinstall it. As far as I know I have no pirated software on this machine.

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1641_19-07-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2011-07-19 20:02:16
Last Success Time for Update Download: 2011-06-29 14:06:07
Last Success Time for Update Installation: 2011-06-29 14:06:59


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\WINDOWS\Prefetch\KEYFINDER.EXE-2FBE74C8.pf
Size: 15644 bytes
Creation; 14/7/2011 3:7:23
Modification; 14/7/2011 3:7:23
MD5; 8721419b4199f420a84d8a68edd2ad2a
Matched: Keyfinder.exe
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


-------- End of File, program close at 1650_19-07-2011 --------

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.KEAAKH
----- EOF -----
will_j
Active Member
 
Posts: 8
Joined: July 14th, 2011, 1:09 pm

Re: I don’t know if I’m infected or not.

Unread postby will_j » July 20th, 2011, 11:45 am

Hi pgmigg,

Thank you for your assistance. Since it takes so long between posts I’m wondering if we can do a couple of tasks at once. For example, I ran the checks on whether I had a legit windows copy and no pirated software (i.e., wvcheck & ckscanner). I could have also completed the next step to give you more information at once. Just an idea to move things along. Thanks!
will_j
Active Member
 
Posts: 8
Joined: July 14th, 2011, 1:09 pm

Re: I don’t know if I’m infected or not.

Unread postby pgmigg » July 20th, 2011, 5:36 pm

Hello will_j,

MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Double click on MGADiag.exe to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I don’t know if I’m infected or not.

Unread postby will_j » July 20th, 2011, 5:59 pm

Hi pgmigg,

Since I see you're online I'll send this quickly. I don't want to install any MS utilities can I run something else instead. I'll post more explanation in a minute I just wanted to catch you.

Thanks.
will_j
Active Member
 
Posts: 8
Joined: July 14th, 2011, 1:09 pm

Re: I don’t know if I’m infected or not.

Unread postby will_j » July 20th, 2011, 6:22 pm

Hi pgmigg,

I have a genuine OEM copy of XP that Dell installed when I bought the computer brand new. I’ll scan my CD if you’d like to see that. I have read about Windows Genuine Advantage (WGA) and found that it has certain undesirable features that act like spyware (see http://en.wikipedia.org/wiki/Windows_Genuine_Advantage). These include taking resources to “call home” and having a fairly large false positive rate. MS still permits me to obtain critical updates without “validating” my copy of XP so it is not required by MS that I do so. I prefer not to install system software that behaves like spyware and that can stop working properly because it suddenly believes it is no longer legit. For this reason I will not run microsoft security essentials or any other program that requires installing WGA. If MS Genuine Advantage Diagnostic Tool (MGADiag.exe) installs WGA (or anything else) I will not run it.

I appreciate your help but so far we haven’t run any software other than those to check whether I have legit software. What is MGAdiag going to tell us that WVcheck and CKScanner didn’t? I don’t want to seem contrary, but I can’t install MS software on my system that will possibly cause me difficulties later.

Thanks.
will_j
Active Member
 
Posts: 8
Joined: July 14th, 2011, 1:09 pm

Re: I don’t know if I’m infected or not.

Unread postby pgmigg » July 21st, 2011, 10:28 am

Hello will_j,

Windows Validation Failed
:!: Because your operating system is not validate Windows for whatever reason and it never passed the Microsoft Genuine Advantage test, no further help will be provided. :!:
This is in accordance to MRU Forum Policy
This also means that you can not receive Microsoft updates as well, leaving your computer extremely vulnerable.
Any cleaning attempts would be wasted, because you will be re-infected again.
You have several options:
  • Get a legitimate copy of Windows.
  • Contact Microsoft, if you feel there has been a validation error - begin here
  • Use Linux. A list of Linux distributions can be found here or here.

Good luck.
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I don’t know if I’m infected or not.

Unread postby will_j » July 21st, 2011, 11:51 am

I have a legal copy and appropriate documentation. I sent you a pm indicating I will send you this information.
will_j
Active Member
 
Posts: 8
Joined: July 14th, 2011, 1:09 pm

Re: I don’t know if I’m infected or not.

Unread postby deltalima » July 21st, 2011, 12:24 pm

For this reason I will not run microsoft security essentials or any other program that requires installing WGA.


As you refuse to run one of the progams that you have been asked to we can provide no further help.

This topic is closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware