Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with infected computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with infected computer

Unread postby Roberta » December 1st, 2011, 9:18 am

I contacted a virus a couple of days ago which removed my start menu and taskbar, among other things.

I sent my computer in to be cleaned but when I got it back all my files are read only, so I'm guessing it wasn't cleaned correctly.

Here is my log. I appreciate any help you can give me. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by VirginiaB at 8:09:07 on 2011-12-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.529 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\program files\common files\protexis\license service\psiservice_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ACT\Act for Windows\ActSage.exe
C:\Downloads\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} -

mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\virgin~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org

3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd

smartware\WDDMStatus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupda ... 6387459859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microso ... 6387580406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/pub/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.112 10.0.0.113
TCP: Interfaces\{71025960-07C5-4403-AAE9-8731D6168AE3} : DhcpNameServer = 10.0.0.112 10.0.0.113
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-10-7 11448]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsld8e4456b;MpKsld8e4456b;c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{377a6447-3fc8-4490-a41f-4caf61cffa0a}\MpKsld8e4456b.sys [2011-12-1 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BarTender System Service;BarTender System Service;c:\program files\seagull\bartender

suite\BtSystem.Service.exe [2011-3-10 34200]
R2 Commander Service;Commander Service;c:\program files\seagull\bartender suite\CmdrSrv.exe [2011-3-10 2225088]
R2 Maestro;Printer Maestro;c:\program files\seagull\bartender suite\Maestro.Service.exe [2011-3-10 229272]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe

[2010-12-10 29293408]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-6-29 263056]
R2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-6-29 1592208]
R2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-6-29

1091984]
S1 MpKsl8e0a48f1;MpKsl8e0a48f1;\??\c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{f61fe804-de1c-43f0-aee4-a8e51988f68f}\mpksl8e0a48f1.sys --> c:\documents and

settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{f61fe804-de1c-43f0-aee4-a8e51988f68f}\MpKsl8e0a48f1.sys [?]
S1 MpKslb41a663b;MpKslb41a663b;\??\c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{a010ea95-420f-461c-9ce8-b1bf4a033d1a}\mpkslb41a663b.sys --> c:\documents and

settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{a010ea95-420f-461c-9ce8-b1bf4a033d1a}\MpKslb41a663b.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-6 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys -->

c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-8-4 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-01 12:58:55 29904 ----a-w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition updates\{377a6447-3fc8-4490-a41f-4caf61cffa0a}\MpKsld8e4456b.sys
2011-12-01 12:58:09 56200 ----a-w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition updates\{377a6447-3fc8-4490-a41f-4caf61cffa0a}\offreg.dll
2011-12-01 12:58:07 6823496 ----a-w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition updates\{377a6447-3fc8-4490-a41f-4caf61cffa0a}\mpengine.dll
2011-11-30 20:19:33 -------- d-----w- c:\documents and settings\virginiab\application

data\SUPERAntiSpyware.com
2011-11-30 20:18:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-30 20:18:21 -------- d-----w- c:\documents and settings\all users\application

data\SUPERAntiSpyware.com
2011-11-29 21:28:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-29 21:18:50 11264 ----a-w- c:\documents and settings\virginiab\local settings\application

data\klartew.dll
2011-11-29 21:07:10 -------- d-----w- c:\documents and settings\virginiab\application

data\Malwarebytes
2011-11-29 21:07:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-29 20:48:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 20:37:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-29 20:37:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 20:26:37 -------- d-----w- C:\ricci.src
2011-11-29 14:01:46 -------- d-----w- c:\documents and settings\all users\application

data\Malwarebytes
2011-11-29 14:01:36 -------- d-----w- c:\program files\Malwarebytes'-old Anti-Malware
2011-11-29 13:47:13 -------- d-----w- c:\documents and settings\all users\application

data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2011-12-01 12:52:30 848 --sha-w- c:\documents and settings\all users\application

data\KGyGaAvL.sys
2011-11-17 14:26:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 11:59:29 21073936 ----a-w- C:\vlc-1.1.11-win32.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:10:30.70 ===============
Roberta
Active Member
 
Posts: 1
Joined: December 1st, 2011, 9:01 am
Advertisement
Register to Remove

Re: Help with infected computer

Unread postby deltalima » December 1st, 2011, 10:43 am

I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware