Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Brutal Virus!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Brutal Virus!

Unread postby 123_apocalypse » September 10th, 2011, 12:23 am

Hey guys, I've done quite a bit of virus removal but haven't seen this before, virus that deleted program files. My mom was complaining about her computer running slowly and popups and strange things happening. Ran ATF Cleaner to clean up some junk files, then installed MalwareBytes (love that program) ran a quick scan, came up with about 32 infections, most were from "mywebsearch" 2 were Vundu, a few others that didnt really stand out to me. Restarted computer and ran a full scan, didn't find anything. Updated AVG antivirus ran a scan, nothing found. Symptoms weren't around anymore so I thought it was good. 2 days later she told me that her computer was going crazy, when I took a look at it, the first thing I noticed was almost all her icons on her desktop were broken links and the games/programs including malwarebytes were no longer installed, they were deleted?! Im guessing that one of the viruses that were removed went rogue and started deleting things, also some wierd things were going on but seemed to slow down... my mom said that she didn't create the user account MCX1 so I deleted it, also there was wierd install window that kept coming up when you would open internet explorer/my computer and random folders... not doing that anymore though. Also task manager is messed up, think its the virus doing it "don't have the programs tab or process tab or anything its all small and i cant minimize it or close it after it opens.
thank-you in advance for being so kind and friendly with helping my mom out :) Not used to the DDS thing, more used to posting HJT logs lol.

here you go

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Debbie at 21:32:00 on 2011-09-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3061.1696 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FCToolbarURLSearchHook Class: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - c:\program files\gamers unite! snag bar\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - c:\program files\gamers unite! snag bar\Toolbar.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: AddThis: {3710d257-884e-4cd0-b562-ee94ac159107} - c:\program files\addthis\addthis toolbar\AddThisToolBar.dll
TB: AddThis Toolbar: {b43176cc-4d9e-493b-a636-d9cbfe39c6da} - c:\program files\addthis toolbar\Toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Jewel%20Match/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{CC8A7BEC-3660-41F2-9C66-4A9DBDA07AD1} : DhcpNameServer = 192.168.43.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9fa659fcbeaf3;Google Update Service (gupdate1c9fa659fcbeaf3);c:\program files\google\update\GoogleUpdate.exe [2011-9-7 136176]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iwintrusted.exe --> c:\program files\iwin games\iWinTrusted.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 BBSvc;Bing Bar Update Service;"c:\program files\microsoft\bingbar\bbsvc.exe" --> c:\program files\microsoft\bingbar\BBSvc.EXE [?]
S3 GamesAppService;GamesAppService;"c:\program files\wildtangent games\app\gamesappservice.exe" --> c:\program files\wildtangent games\app\GamesAppService.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-7 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-10 03:09:38 -------- d-----w- C:\HijackThis
2011-09-08 04:22:35 -------- d-----w- c:\users\debbie\appdata\local\Deployment
2011-09-08 04:22:35 -------- d-----w- c:\users\debbie\appdata\local\Apps
2011-09-08 03:07:15 -------- d-----w- c:\users\debbie\appdata\local\Google
2011-09-08 02:49:26 -------- d-----w- c:\program files\Gamers Unite! Snag Bar
2011-09-08 00:15:14 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{80989db2-b761-4b23-82a9-86d3e06ea3e2}\mpengine.dll
2011-09-08 00:08:55 -------- d-----w- c:\users\debbie\appdata\local\Temp
2011-09-08 00:07:11 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-09-08 00:07:11 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-09-08 00:07:11 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-09-08 00:07:11 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-09-08 00:07:11 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-09-08 00:07:10 -------- d-----w- c:\users\debbie\appdata\roaming\Simply Super Software
2011-09-08 00:07:10 -------- d-----w- c:\programdata\Simply Super Software
2011-09-08 00:07:10 -------- d-----w- c:\program files\Trojan Remover
2011-09-08 00:07:01 -------- d-----w- c:\users\debbie\is-KO49J.tmp
2011-09-06 13:22:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-09-06 04:01:08 -------- d-----w- c:\windows\pss
2011-09-06 03:10:52 -------- d-----w- c:\users\debbie\appdata\roaming\Malwarebytes
2011-09-06 03:10:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-06 03:10:45 -------- d-----w- c:\programdata\Malwarebytes
2011-09-06 03:10:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-06 03:10:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 01:18:13 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-12 21:54:01 -------- d-----w- c:\program files\iPod
2011-08-12 21:53:55 -------- d-----w- c:\program files\iTunes
2011-08-12 21:49:11 -------- d-----w- c:\program files\Bonjour
2011-08-11 14:59:41 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 14:59:39 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 14:59:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-11 14:59:25 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 14:59:24 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 14:59:24 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-08-21 09:29:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2002-07-26 22:02:06 153088 ------w- c:\program files\UNWISE.EXE
.
============= FINISH: 21:32:33.58 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/08/2008 5:22:57 AM
System Uptime: 09/09/2011 9:08:38 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30ED
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | CPU | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 77.079 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.015 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
RP639: 07/09/2011 - Scheduled Checkpoint
RP640: 07/09/2011 3:00:11 AM - Windows Update
RP641: 07/09/2011 6:14:33 PM - Windows Update
RP642: 07/09/2011 8:38:12 PM - Windows Update
RP643: 09/09/2011 7:10:25 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7 Wonders - Treasures of Seven
7 Wonders 2 (remove only)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
AddThis Toolbar
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Age of Emerald
Age of Emerald (remove only)
AIM 6
Amazing Adventures The Lost Tomb 1.0.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AVG 2011
Bejeweled 2 Deluxe 1.1
Bejeweled 3
Bejeweled Blitz
Bejeweled Deluxe 1.87
Bejeweled Twist
Big Fish Games: Game Manager
Bing Bar
Bonjour
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Cards_Calendar_OrderGift_DoMorePlugout
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Cradle of Persia (remove only)
Cradle of Rome (remove only)
CyberLink YouCam
D3DX10
Diamond Drop 2 (remove only)
DVD Suite
EA Link
EasyBits GO
Enchanted Cavern (remove only)
Gamers Unite! Snag Bar
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Heroes of Hellas 2 - Olympia
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 B2
HP Smart Web Printing 4.60
HP Total Care Advisor
HP Update
HP User Guides 0092
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
iTunes
iWin Games (remove only)
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Jewel Match
Jewel Match 2
Jewel Quest (remove only)
Jewel Quest 2 (remove only)
Jewel Quest II
Jewel Quest III
Jewel Quest III (remove only)
Jewel Quest Solitaire (remove only)
Jewel Quest Solitaire III (remove only)
Junk Mail filter update
Kings Collection
LabelPrint
LightScribe System Software 1.10.13.1
Lost Realms: Legacy of the Sun Princess (remove only)
Magicians Handbook (remove only)
Mah Jong Quest (remove only)
Mahjong Escape: Ancient China 1.0.0.5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MovieEdit Task
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
MyKakuroThing
Mystery of Unicorn Castle (remove only)
NetWaiting
OpenAL
Parchisi
Peggle Deluxe 1.0
PhotoshopdotcomInspirationBrowser
PhotoStitch
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
RAW Image Task 2.2
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
Rise Of Atlantis (remove only)
Saqqarah (remove only)
Season Match (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype™ 5.5
SmartWebPrinting
The Lost Inca Prophecy
The Lost Inca Prophecy (remove only)
The Sims™ Life Stories
Touch Pad Driver
Treasures of the Serengeti (remove only)
Trojan Remover 6.8.2
Ultimate Mahjongg 15
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VideoToolkit01
Viewpoint Media Player
WeatherBug Gadget
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
09/09/2011 9:11:14 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The Intel(R) Matrix Storage Event Monitor service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The Canon Camera Access Library 8 service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified.
09/09/2011 9:10:39 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
07/09/2011 8:49:46 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} as /. The error: "3" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
07/09/2011 8:32:53 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c9fa659fcbeaf3) service failed to start due to the following error: The system cannot find the file specified.
07/09/2011 6:13:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} to the user Debbie-PC\Debbie SID (S-1-5-21-3412196672-30515996-2915601883-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
07/09/2011 5:54:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
07/09/2011 5:54:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
07/09/2011 5:49:09 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
07/09/2011 5:48:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
07/09/2011 5:48:32 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
07/09/2011 5:48:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
07/09/2011 5:47:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
07/09/2011 5:47:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
07/09/2011 5:47:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
07/09/2011 5:47:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
07/09/2011 5:47:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
07/09/2011 5:47:09 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
07/09/2011 5:47:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
07/09/2011 5:42:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
06/09/2011 12:32:37 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
05/09/2011 9:02:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
05/09/2011 9:02:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
03/09/2011 5:49:01 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0022690F394E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
123_apocalypse
Active Member
 
Posts: 2
Joined: September 8th, 2011, 1:00 am
Advertisement
Register to Remove

Re: Brutal Virus!

Unread postby MWR 3 day Mod » September 16th, 2011, 11:04 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Brutal Virus!

Unread postby NonSuch » September 19th, 2011, 11:28 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware