Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My computer is infected and I need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My computer is infected and I need help

Unread postby Countdemonet » December 25th, 2011, 3:41 am

Most programs on my computer will noe prompt me to identify what program i want to run it with. I cannot save any new malware programs or run a scan. I am currently working in safe mode with networking. Please see attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 1:22:29 on 2011-12-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.639 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: HP Credential Manager for ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hpq\iam\bin\ItIeAddIN.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SDMSSplash] "c:\program files\hp_sdms\sdmssplash\launcher.exe" "launchdir=c:\program files\hp_sdms\SDMSSplash"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hpq\iam\bin\AsTsVcc.dll,RegisterModule
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [jswtrayutil] "c:\program files\netgear\wn111v2\jswtrayutil.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: eform.com
Trusted Zone: eformrs.com
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} - hxxps://eformrs.com/FormOpen/RSFormsTV.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} - hxxps://eformrs.com/FormOpen/Dll/RSFCalc.cab
DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} - hxxps://eformrs.com/RSLoginModule.cab
DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} - hxxps://gosystemrs.fasttax.com/ocx/RSTabbedList.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 3938275703
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} - hxxps://eformrs.com/FormOpen/RSFormsDP.cab
DPF: {C5F6B73A-D6E8-46DD-895C-8FE98DC8CFA4} - hxxps://eformrs.com/RSFConvert.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/device ... Loader.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{16E50D04-998D-4DD0-9E61-FE343DAF8178} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: OneCard - c:\program files\hpq\iam\bin\AsWlnPkg.dll
LSA: Notification Packages = scecli AsWlnPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\tiqa8wg1.default\
FF - plugin: c:\documents and settings\administrator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-4-7 31104]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-1-27 36608]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-2-12 57440]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
S2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-28 10384]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-1-27 540184]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-5-31 434688]
.
=============== File Associations ===============
.
.exe=F2N
.
=============== Created Last 30 ================
.
2011-12-18 22:49:03 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-25 15:33:52 -------- d-----w- c:\program files\Rovio
.
==================== Find3M ====================
.
.
============= FINISH: 1:23:07.17 ===============








UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2009 1:38:12 PM
System Uptime: 12/24/2011 11:39:16 PM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 0A58h
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | XU1 PROCESSOR | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 92.427 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 8.187 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&696F438&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&696F438&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&696F438&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&696F438&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP879: 9/13/2011 3:00:19 AM - Software Distribution Service 3.0
RP880: 9/14/2011 3:00:20 AM - Software Distribution Service 3.0
RP881: 9/15/2011 3:00:19 AM - Software Distribution Service 3.0
RP882: 9/16/2011 3:00:15 AM - Software Distribution Service 3.0
RP883: 9/17/2011 3:00:15 AM - Software Distribution Service 3.0
RP884: 9/17/2011 11:11:53 PM - Installed TurboTax 2010 wrapper
RP885: 9/18/2011 11:24:55 AM - Software Distribution Service 3.0
RP886: 9/19/2011 8:28:59 AM - Software Distribution Service 3.0
RP887: 9/19/2011 7:01:01 PM - Software Distribution Service 3.0
RP888: 9/21/2011 12:07:32 AM - System Checkpoint
RP889: 9/21/2011 4:01:47 PM - Installed TurboTax 2010 wrapper
RP890: 9/21/2011 4:27:40 PM - Installed %1 %2.
RP891: 9/22/2011 7:35:49 PM - System Checkpoint
RP892: 9/23/2011 7:54:40 PM - System Checkpoint
RP893: 9/24/2011 8:24:34 PM - System Checkpoint
RP894: 9/25/2011 9:24:36 PM - System Checkpoint
RP895: 9/26/2011 10:24:34 PM - System Checkpoint
RP896: 9/27/2011 10:36:34 PM - System Checkpoint
RP897: 9/28/2011 11:26:22 PM - System Checkpoint
RP898: 9/29/2011 11:36:36 PM - System Checkpoint
RP899: 10/1/2011 12:36:36 AM - System Checkpoint
RP900: 10/2/2011 1:36:36 AM - System Checkpoint
RP901: 10/3/2011 2:24:38 AM - System Checkpoint
RP902: 10/4/2011 2:36:36 AM - System Checkpoint
RP903: 10/5/2011 3:24:36 AM - System Checkpoint
RP904: 10/6/2011 4:24:37 AM - System Checkpoint
RP905: 10/7/2011 4:36:37 AM - System Checkpoint
RP906: 10/8/2011 5:24:37 AM - System Checkpoint
RP907: 10/9/2011 6:24:37 AM - System Checkpoint
RP908: 10/10/2011 6:36:37 AM - System Checkpoint
RP909: 10/11/2011 7:24:38 AM - System Checkpoint
RP910: 10/12/2011 7:36:38 AM - System Checkpoint
RP911: 10/13/2011 8:35:08 AM - System Checkpoint
RP912: 10/14/2011 9:32:23 AM - System Checkpoint
RP913: 10/15/2011 9:34:53 AM - System Checkpoint
RP914: 10/16/2011 10:20:21 AM - System Checkpoint
RP915: 10/17/2011 11:20:21 AM - System Checkpoint
RP916: 10/18/2011 12:20:21 PM - System Checkpoint
RP917: 10/19/2011 12:32:21 PM - System Checkpoint
RP918: 10/20/2011 1:20:17 PM - System Checkpoint
RP919: 10/21/2011 2:20:13 PM - System Checkpoint
RP920: 10/22/2011 3:19:34 PM - System Checkpoint
RP921: 10/23/2011 3:21:18 PM - System Checkpoint
RP922: 10/24/2011 4:20:14 PM - System Checkpoint
RP923: 10/25/2011 5:20:13 PM - System Checkpoint
RP924: 10/26/2011 6:20:14 PM - System Checkpoint
RP925: 10/27/2011 7:35:45 PM - System Checkpoint
RP926: 10/28/2011 8:20:14 PM - System Checkpoint
RP927: 10/29/2011 10:38:46 PM - System Checkpoint
RP928: 10/30/2011 11:45:22 PM - System Checkpoint
RP929: 11/1/2011 12:20:14 AM - System Checkpoint
RP930: 11/2/2011 1:20:16 AM - System Checkpoint
RP931: 11/3/2011 2:20:18 AM - System Checkpoint
RP932: 11/4/2011 3:20:17 AM - System Checkpoint
RP933: 11/5/2011 4:20:17 AM - System Checkpoint
RP934: 11/6/2011 9:09:36 AM - System Checkpoint
RP935: 11/7/2011 9:20:17 AM - System Checkpoint
RP936: 11/8/2011 9:32:35 AM - System Checkpoint
RP937: 11/9/2011 10:20:17 AM - System Checkpoint
RP938: 11/10/2011 11:20:18 AM - System Checkpoint
RP939: 11/11/2011 12:20:18 PM - System Checkpoint
RP940: 11/12/2011 12:21:25 PM - System Checkpoint
RP941: 11/13/2011 12:32:18 PM - System Checkpoint
RP942: 11/14/2011 1:20:18 PM - System Checkpoint
RP943: 11/15/2011 2:20:38 PM - System Checkpoint
RP944: 11/16/2011 3:20:18 PM - System Checkpoint
RP945: 11/17/2011 4:20:19 PM - System Checkpoint
RP946: 11/18/2011 4:32:21 PM - System Checkpoint
RP947: 11/19/2011 5:20:21 PM - System Checkpoint
RP948: 11/20/2011 6:20:22 PM - System Checkpoint
RP949: 11/21/2011 7:20:22 PM - System Checkpoint
RP950: 11/22/2011 8:06:36 PM - System Checkpoint
RP951: 11/23/2011 9:06:33 PM - System Checkpoint
RP952: 11/24/2011 10:06:35 PM - System Checkpoint
RP953: 11/25/2011 9:33:30 AM - Removed Angry Birds Rio
RP954: 11/25/2011 9:33:51 AM - Installed Angry Birds Rio
RP955: 11/26/2011 2:35:24 PM - System Checkpoint
RP956: 11/27/2011 3:06:35 PM - System Checkpoint
RP957: 11/28/2011 3:22:34 PM - System Checkpoint
RP958: 11/29/2011 4:14:50 PM - System Checkpoint
RP959: 11/30/2011 5:00:43 PM - System Checkpoint
RP960: 12/1/2011 5:09:23 PM - System Checkpoint
RP961: 12/2/2011 6:04:56 PM - System Checkpoint
RP962: 12/3/2011 6:49:39 PM - System Checkpoint
RP963: 12/4/2011 6:53:14 PM - System Checkpoint
RP964: 12/5/2011 6:55:11 PM - System Checkpoint
RP965: 12/6/2011 7:49:33 PM - System Checkpoint
RP966: 12/7/2011 8:46:40 PM - System Checkpoint
RP967: 12/8/2011 9:34:52 PM - System Checkpoint
RP968: 12/9/2011 10:27:00 PM - System Checkpoint
RP969: 12/10/2011 10:33:29 PM - System Checkpoint
RP970: 12/24/2011 11:26:03 PM - Restore Operation
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Angry Birds Rio
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Bonjour
Camera Support Core Library
Camera Window DS
Camera Window DVC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PhotoRecord
Canon PowerShot SD3500 IS_IXUS 210 Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CDDRV_Installer
Citrix Presentation Server Client
e-Form RS
erLT
ESET NOD32 Antivirus
eWallet 5.0.2 Professional Edition (Windows Mobile)
Free RAR Extract Frog
Global fx Components
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP BIOS Configuration for ProtectTools 2.00 J2
HP Credential Manager for ProtectTools
hp deskjet 5600
HP Embedded Security for ProtectTools
HP Help and Support
HP Product Detection
HP ProtectTools Security Manager 2.00 D3
Intel(R) Management Engine Interface
Intel(R) PRO Network Connections
InterVideo Register Manager
InterVideo WinDVD
ISScript
iTunes
Java(TM) SE Runtime Environment 6 Update 1
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PDF Complete
QuickTime
RangeMax Wireless-N USB Adapter WN111v2
RAW Image Task 2.2
Realtek High Definition Audio Driver
Safari
SDMSSplash
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SereneScreen Marine Aquarium 2.6
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
W Photo Studio
WebEx
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WN111v2
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/24/2011 11:40:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/24/2011 11:26:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service IFXSpMgtSrv with arguments "-Service" in order to run the server: {FBCD9C6A-72CB-47BB-99DD-2317551491DE}
12/24/2011 11:26:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips i8042prt intelppm
12/24/2011 11:24:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/24/2011 11:24:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service IFXSpMgtSrv with arguments "-Service" in order to run the server: {FBCD9C66-72CB-47BB-99DD-2317551491DE}
12/18/2011 8:32:14 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
12/18/2011 8:30:42 PM, error: DCOM [10000] - Unable to start a DCOM Server: {E0632EEB-9CF1-4BB5-95BF-8079CC3C6BB0}. The error: "%233" Happened while starting this command: C:\WINDOWS\system32\DllHost.exe /Processid:{7429F543-2A60-4CB7-8BC5-F27EA898FB44}
12/18/2011 8:24:53 PM, error: Service Control Manager [7038] - The UMWdf service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/18/2011 8:24:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
12/18/2011 8:24:53 PM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================
You do not have the required permissions to view the files attached to this post.
Countdemonet
Active Member
 
Posts: 1
Joined: December 25th, 2011, 3:04 am
Advertisement
Register to Remove

Re: My computer is infected and I need help

Unread postby deltalima » December 25th, 2011, 4:05 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: My computer is infected and I need help

Unread postby deltalima » December 25th, 2011, 4:13 pm

Hi Countdemonet,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

There is no need to attach the logs, please just paste them into any future posts.

Rootkit Warning
Your computer has multiple infections, including a rootkit.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
    If you don't mind the hassle, change all your account numbers.
  3. From a clean computer, change all your passwords
    (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
  4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of Trojan,
the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...


We can attempt to clean this machine but we will not guarantee that it won't still be compromised, afterwards.
Please let me know how you wish to proceed.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: My computer is infected and I need help

Unread postby deltalima » December 28th, 2011, 12:05 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware