Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Vista

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Vista

Unread postby cdmccreary » January 1st, 2012, 2:04 pm

I have not been using my laptop for a while. On my administrator user, I can start logging on; then the blue background I have chosen comes up but the system will not seemingly proceed further.

On my wifes user, I did notice a secondary network connection came up in addition to my wireless. (no rj-45 was connected) I disabled it... then I realized "VIRUS!"

Logged onto my user in safe mode and I ran dds.


dds.txt
Code: Select all
.

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 7.0.6001.18000  BrowserJavaVersion: 10.1.0

Run by charles at 11:42:22 on 2012-01-01

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2038.1687 [GMT -6:00]

.

AV: Doctor Web Anti-Virus *Enabled/Updated* {6CC6AE29-BD86-6306-5444-113FA6A626D8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Doctor Web Anti-Virus *Enabled/Updated* {D7A74FCD-9BBC-6C88-6EF4-2A4DDD216C65}

FW: Dr.Web Firewall *Enabled* {54FD2F0C-F7E9-625E-7F1B-B80A587561A3}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919

mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: WRShell.BHO: {255215e2-87dc-4819-8724-d0b4c94dbef5} - c:\program files\webresearch\WRShell.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: WRShell.ToolBand: {8f0f47b1-7d4b-4834-a981-91e2a3dce069} - c:\program files\webresearch\WRShell.dll

TB: WRShell.EditBand: {5338df6c-3b3b-4e38-8b31-7b99986627b2} - c:\program files\webresearch\WRShell.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [SkinClock] c:\program files\clock tray skins\ClockTraySkins.exe

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent

mRun: [NapsterShell] c:\program files\napster\napster.exe /systray

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Cm102Sound] RunDll32 cm102.cpl,CMICtrlWnd

mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe" -autorun

mRun: [Dr.Web Firewall] "c:\program files\drweb\frwl_notify.exe"

mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe"

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

StartupFolder: c:\users\charles\appdata\roaming\micros~1\windows\startm~1\programs\startup\captur~1.lnk - c:\program files\capturewiz\pro\CaptureWiz.exe

StartupFolder: c:\users\charles\appdata\roaming\microsoft\windows\start menu\programs\startup\odrive.bat

StartupFolder: c:\users\charles\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: WebResearch: Save Link Address As... - c:\progra~1\webres~1\wrshell.dll/#110

IE: WebResearch: Save Page Area (Frame) - c:\progra~1\webres~1\wrshell.dll/#102

IE: WebResearch: Save Page Area (Frame) As... - c:\progra~1\webres~1\wrshell.dll/#106

IE: WebResearch: Save Picture - c:\progra~1\webres~1\wrshell.dll/#101

IE: WebResearch: Save Picture As... - c:\progra~1\webres~1\wrshell.dll/#108

IE: WebResearch: Save Selected Targets As... - c:\progra~1\webres~1\wrshell.dll/#111

IE: WebResearch: Save Selection - c:\progra~1\webres~1\wrshell.dll/#104

IE: WebResearch: Save Selection As... - c:\progra~1\webres~1\wrshell.dll/#109

IE: WebResearch: Save Target - c:\progra~1\webres~1\wrshell.dll/#103

IE: WebResearch: Save Target As... - c:\progra~1\webres~1\wrshell.dll/#107

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll

LSP: c:\program files\drweb\drwebsp.dll

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.254

TCP: Interfaces\{12121B48-7C6E-4A78-A74B-243A0A7A7BD4} : DhcpNameServer = 129.107.31.80 129.107.62.80 129.107.45.80

TCP: Interfaces\{1AA66C24-F5AD-4973-875D-B23365C7DEFE} : DhcpNameServer = 192.168.2.254

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\charles\appdata\roaming\mozilla\firefox\profiles\1z9lwc1b.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\users\charles\appdata\roaming\mozilla\firefox\profiles\1z9lwc1b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com

FF - Ext: Copy Link URL: copylinkurl@bluelightdev.com - %profile%\extensions\copylinkurl@bluelightdev.com

FF - Ext: WorldIP: {f36c6cd1-da73-491d-b290-8fc9115bfa55} - %profile%\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}

FF - Ext: Zotero OpenOffice.org Integration: zoteroOpenOfficeIntegration@zotero.org - %profile%\extensions\zoteroOpenOfficeIntegration@zotero.org

FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu

.

============= SERVICES / DRIVERS ===============

.

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-1-1 149272]

R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-1-1 111896]

R1 DRWEBAF;DrWEB Firewall Application Filter;c:\windows\system32\drivers\drwebaf.sys [2011-1-1 84728]

R3 DrWebPF;DrWeb Packet Filter Driver;c:\windows\system32\drivers\drwebpf.sys [2011-1-1 72568]

R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-8-15 116016]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\clock tray skins\timeserv.exe [2011-9-22 415744]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\pc tools utilities\tools\defrag\DMDefragSrv.exe [2010-12-5 1034208]

S2 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\pc tools utilities\tools\repair\DMRepairSrv.exe [2010-12-5 1021920]

S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2010-6-21 1844056]

S2 DrWebFWSvc;Dr.Web Firewall Application Filter;c:\program files\drweb\frwl_svc.exe [2011-1-1 2267120]

S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-4 135664]

S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2011-9-19 14976]

S2 XWNTSERV;XWP_Services;c:\windows\system32\XWNTSERV.EXE [2011-9-20 205952]

S2 XwpNTrdr;XwpNTrdr;c:\windows\system32\drivers\XWPFSW2K.SYS [2011-9-20 177918]

S2 XwpXSetSrvProNFS;XwpXSetSrvProNFS service;c:\users\public\program files\lab-nc\pronfs\xsetsrv.exe [2011-1-18 106496]

S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2011-9-21 68096]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-12-3 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-4 135664]

S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM102.sys [2010-12-17 1499648]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-8-15 104752]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

.

==================== Find3M  ====================

.

2011-11-24 10:59:31	111896	----a-w-	c:\windows\system32\drivers\spiderg3.sys

2011-11-24 10:59:28	149272	----a-w-	c:\windows\system32\drivers\dwprot.sys

2011-10-31 17:47:25	544656	----a-w-	c:\windows\system32\deployJava1.dll

.

============= FINISH: 11:43:40.42 ===============
User avatar
cdmccreary
Member+
 
Posts: 32
Joined: August 9th, 2010, 6:57 pm
Advertisement
Register to Remove

Re: Windows Vista

Unread postby deltalima » January 3rd, 2012, 7:31 am

This is not the first time you have posted for help on our forum.
Your topic is being closed for one (or more) of the following reasons:

  • Repeated use of P2P software, despite warnings of their use and requests for removal.
  • Repeated use of cracked, illegal or pirated software.
  • Use of outdated or unpatched versions of Windows, after previously agreeing to update as a condition for receiving help on our forum.
  • Returning for help with no Anti-virus software installed, despite being advised to install.
  • Continued practice of unsafe surfing.
  • Posting for help for many different computers, repair tech.
  • Continuing to post in multiple malware removal forums, for the same computer issue.
  • Repeatedly failing to reply to your topic within the necessary time frames.

This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware