Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Rogue: XP Home Security 2012 (DDS logs inside)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Rogue: XP Home Security 2012 (DDS logs inside)

Unread postby blizzard » August 7th, 2011, 4:02 pm

Hi, I would rather have somebody help me rather than try it manually. This one seems very serious. I tried to remove few reg entries, but nothing helped. Malware closes MBAM automatically so I could not use it. I can't use the internet for searches b/c of redirects. I am currently posting from another computer.


I used rkill before the DDS scans. Here are the scans:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Owner at 15:46:32 on 2011-08-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.603 [GMT -4:00]
.
.
============== Running Processes ===============
.
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG9\avgchsvx.exe
C:\Program Files\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AirPort\APAgent.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hotmail.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [2661322974] c:\documents and settings\owner\local settings\application data\iom.exe
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: google.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 7422631299
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\ybo0x6t0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg9\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-11 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-11 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-11 243152]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2009-11-5 71961]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-13 41272]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg9\avgwdsvc.exe [2010-7-16 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
S3 SMC2336W;SMC2336W-AG v2 Universal Wireless Cardbus Adapter Service;c:\windows\system32\drivers\SMC2336W.sys [2009-11-5 324288]
S3 WPC600N;Linksys Dual Band Wireless-N Notebook Adapter WPC600N;c:\windows\system32\drivers\WPC600N.sys [2011-8-13 1265536]
.
=============== Created Last 30 ================
.
2011-08-14 19:45:35 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-08-13 17:01:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-13 17:01:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 17:01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-13 16:24:13 1265536 ----a-w- c:\windows\system32\drivers\WPC600N.sys
2011-08-06 15:20:05 709968 ----a-w- c:\windows\is-PIFFS.exe
2011-08-04 21:51:02 0 ----a-w- c:\documents and settings\owner\local settings\application data\ntcn.exe
2011-08-04 21:51:02 0 ----a-w- c:\documents and settings\owner\local settings\application data\kcfr.exe
2011-08-04 21:51:02 0 ----a-w- c:\documents and settings\owner\local settings\application data\bcmi.exe
2011-08-04 21:51:02 0 ----a-w- c:\documents and settings\all users\application data\tdub.exe
2011-08-04 21:51:02 0 ----a-w- c:\documents and settings\all users\application data\ncmb.exe
2011-08-04 21:51:02 0 ----a-w- c:\documents and settings\all users\application data\gebf.exe
2011-08-04 21:51:01 360960 ----a-w- c:\documents and settings\owner\local settings\application data\iom.exe
2011-08-04 21:51:01 0 ----a-w- c:\documents and settings\owner\local settings\application data\uctr.exe
2011-08-04 21:51:01 0 ----a-w- c:\documents and settings\all users\application data\pyoo.exe
.
==================== Find3M ====================
.
2011-06-19 20:47:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 18:47:27 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-06-11 18:42:40 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK4032GAX rev.AD101A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86013AA0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x86776AB8]
3 CLASSPNP[0xF78C1FD7] -> nt!IofCallDriver[0x804E37C5] -> [0x864E6F08]
\Driver\00001801[0x864ECA48] -> IRP_MJ_CREATE -> 0x86013AA0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x866EF51B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:47:14.03 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2009 7:03:12 AM
System Uptime: 8/14/2011 2:08:03 PM (1 hours ago)
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | N/A | 1988/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 21.452 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP225: 6/11/2011 2:42:52 PM - Avg Update
RP226: 6/11/2011 2:46:03 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP227: 6/11/2011 3:21:34 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP228: 6/11/2011 3:23:49 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP229: 6/17/2011 3:07:23 PM - Installed Linksys Dual Band Wireless-N Notebook Adapter
RP230: 6/17/2011 3:24:30 PM - Software Distribution Service 3.0
RP231: 6/19/2011 5:09:55 PM - System Checkpoint
RP232: 6/20/2011 5:53:05 PM - System Checkpoint
RP233: 6/21/2011 6:11:40 PM - System Checkpoint
RP234: 6/22/2011 9:27:34 PM - System Checkpoint
RP235: 6/23/2011 9:27:38 PM - System Checkpoint
RP236: 6/24/2011 10:12:10 PM - System Checkpoint
RP237: 6/25/2011 10:55:09 PM - System Checkpoint
RP238: 6/27/2011 3:03:17 PM - System Checkpoint
RP239: 6/28/2011 3:58:46 PM - System Checkpoint
RP240: 6/29/2011 4:44:47 PM - System Checkpoint
RP241: 7/1/2011 10:33:47 AM - Installed AirPort
RP242: 7/5/2011 10:24:50 AM - System Checkpoint
RP243: 7/6/2011 10:44:43 AM - System Checkpoint
RP244: 7/7/2011 11:44:42 AM - System Checkpoint
RP245: 7/8/2011 5:19:53 PM - System Checkpoint
RP246: 7/9/2011 5:44:42 PM - System Checkpoint
RP247: 7/10/2011 6:30:28 PM - System Checkpoint
RP248: 7/11/2011 7:30:28 PM - System Checkpoint
RP249: 7/12/2011 8:30:28 PM - System Checkpoint
RP250: 7/13/2011 9:30:29 PM - System Checkpoint
RP251: 7/14/2011 10:30:28 PM - System Checkpoint
RP252: 7/15/2011 11:30:29 PM - System Checkpoint
RP253: 7/17/2011 12:30:29 AM - System Checkpoint
RP254: 7/18/2011 1:30:30 AM - System Checkpoint
RP255: 7/19/2011 2:30:30 AM - System Checkpoint
RP256: 7/23/2011 3:59:35 PM - System Checkpoint
RP257: 7/24/2011 5:13:31 PM - System Checkpoint
RP258: 7/25/2011 5:14:29 PM - System Checkpoint
RP259: 7/26/2011 6:14:28 PM - System Checkpoint
RP260: 7/27/2011 7:14:29 PM - System Checkpoint
RP261: 7/28/2011 7:46:20 PM - System Checkpoint
RP262: 7/29/2011 8:46:19 PM - System Checkpoint
RP263: 7/30/2011 9:46:19 PM - System Checkpoint
RP264: 7/31/2011 10:46:20 PM - System Checkpoint
RP265: 8/2/2011 12:45:21 AM - System Checkpoint
RP266: 8/3/2011 11:54:01 AM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP267: 8/4/2011 12:08:59 PM - System Checkpoint
RP268: 8/6/2011 11:27:22 AM - Installed Linksys Dual Band Wireless-N Notebook Adapter
RP269: 8/6/2011 11:32:00 AM - Removed Linksys Dual Band Wireless-N Notebook Adapter
RP270: 8/13/2011 12:20:59 PM - Installed Linksys Dual Band Wireless-N Notebook Adapter
RP271: 8/13/2011 12:25:10 PM - Removed Linksys Dual Band Wireless-N Notebook Adapter
RP272: 8/14/2011 3:11:36 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9.4.5
AirPort
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Bonjour
CameraHelperMsi
erLT
Family Tree Maker
GolfLogix Course Manager 3.5
Google Earth Plug-in
Google Update Helper
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel(R) PRO Ethernet Adapter and Software
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Logitech Vid
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft XML Parser
Mozilla Firefox (3.5.16)
Nero 8
PL-2303 USB-to-Serial
QuickTime
Recipe Calc 4.0
Savings Bond Wizard
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype Toolbars
Skype™ 5.1
SoftK56 Data Fax
Sony Download Taxi 1.5.0.0
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VCRedistSetup
VLC media player 1.0.3
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
.
==== Event Viewer Messages From Past Week ========
.
8/14/2011 7:44:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/14/2011 2:56:04 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/13/2011 12:27:24 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
8/13/2011 12:27:16 PM, error: Pcmcia [10] -
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The Process Monitor service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 3 service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The Ati HotKey Poller service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
8/13/2011 12:27:15 PM, error: Service Control Manager [7000] - The Adobe Active File Monitor V6 service failed to start due to the following error: Access is denied.
8/13/2011 12:17:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/13/2011 1:46:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/13/2011 1:19:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
8/13/2011 1:06:13 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer NATHAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{488FB966-3DAB-4BCA-9C. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================


Thanks for the help.
blizzard
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 11:41 pm
Location: usa
Advertisement
Register to Remove

Re: Rogue: XP Home Security 2012 (DDS logs inside)

Unread postby pgmigg » August 9th, 2011, 11:33 am

Hello blizzard,

Welcome to the forum!

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Rogue: XP Home Security 2012 (DDS logs inside)

Unread postby blizzard » August 10th, 2011, 9:06 pm

Hello. I have been waiting patiently. Still there?
blizzard
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 11:41 pm
Location: usa

Re: Rogue: XP Home Security 2012 (DDS logs inside)

Unread postby pgmigg » August 11th, 2011, 12:21 am

Hello blizzard,

Thank you for your patience... :)

Rootkit Warning

Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and re-installation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
Why are rootkits dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Rogue: XP Home Security 2012 (DDS logs inside)

Unread postby blizzard » August 11th, 2011, 11:56 am

Thanks! I have decided to do a backup/clean install. You may close the thread. :cherry:
blizzard
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 11:41 pm
Location: usa

Re: Rogue: XP Home Security 2012 (DDS logs inside)

Unread postby Cypher » August 13th, 2011, 5:30 am

As the resolution of this issue requires a reformat, and there have been no further questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 86 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware