Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus removal. Conficker

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus removal. Conficker

Unread postby MarcusG » January 24th, 2012, 5:15 pm

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_30
Run by Administrator at 20:55:44 on 2012-01-24
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1913.1533 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TOSDCR] TOSDCR.EXE
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TFNF5] TFNF5.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 95.86.129.42 62.212.239.43 95.86.128.67
TCP: Interfaces\{7B18331A-CD2C-4420-B160-C1E0C7CDCA11} : DhcpNameServer = 95.86.129.42 62.212.239.43 95.86.128.67
Notify: igfxcui - igfxdev.dll
Notify: TosBtNP - TosBtNP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\2h18w3uj.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2009-7-22 40496]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-1-11 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-4-30 4992]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-17 41216]
S1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-4-22 201288]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKslfe7f9096;MpKslfe7f9096;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba364bd8-c710-4654-bd8f-16e222c5b80e}\MpKslfe7f9096.sys [2012-1-24 29904]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2008-7-17 5888]
S2 fbnzqxum;Monitor Time;c:\windows\system32\svchost.exe -k netsvcs [2008-7-17 14336]
S2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [2004-4-1 10829]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-24 652872]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-22 359248]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-22 144704]
S2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2005-3-7 37376]
S2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2005-3-7 21504]
S2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2005-3-7 674304]
S2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
S2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2005-3-1 145920]
S2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2005-3-7 50688]
S2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [2005-3-7 160768]
S2 nilvaik;nilvaik;c:\windows\system32\drivers\nilvaik.dll [2005-3-5 11264]
S2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2005-3-7 30208]
S2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [2005-3-4 18944]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2004-10-19 41075]
S2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2005-3-7 111616]
S2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [2005-3-5 456704]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
S2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2008-7-17 114688]
S2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2008-5-27 628072]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-7-17 244368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-24 20464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-24 40776]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-22 695624]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-4-22 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-4-22 35240]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2009-4-22 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2009-4-22 40488]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [2005-3-5 169472]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [2005-3-7 712192]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [2005-3-14 477184]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [2005-3-1 237056]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [2005-3-5 126976]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2004-12-9 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2004-12-9 151683]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [2005-3-4 50688]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [2005-3-5 500736]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [2005-3-5 230912]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftk.dll [2005-3-7 163328]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [2005-3-5 43008]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [2005-3-14 644096]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [2005-3-5 163328]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [2005-3-5 110080]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [2005-3-10 691200]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [2004-7-14 24576]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [2005-3-14 416768]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrk.dll [2005-3-14 860672]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2008-7-17 435072]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2011-3-4 704000]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2011-3-4 24192]
.
=============== Created Last 30 ================
.
2012-01-24 20:37:08 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba364bd8-c710-4654-bd8f-16e222c5b80e}\MpKslfe7f9096.sys
2012-01-24 19:56:23 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba364bd8-c710-4654-bd8f-16e222c5b80e}\offreg.dll
2012-01-24 19:46:54 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba364bd8-c710-4654-bd8f-16e222c5b80e}\mpengine.dll
2012-01-24 19:46:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 19:43:01 -------- d-----w- c:\windows\system32\PreInstall
2012-01-24 19:42:59 -------- d--h--w- c:\windows\$hf_mig$
2012-01-24 19:30:20 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-01-24 19:30:20 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-24 19:30:20 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-01-24 19:28:39 -------- d-----w- c:\windows\LastGood.Tmp
2012-01-24 19:28:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-24 19:27:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-24 19:27:09 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-01-24 19:27:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 19:27:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 19:27:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-24 19:12:55 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-01-24 19:11:53 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-01-24 19:02:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
2012-01-24 17:38:08 -------- d-----w- c:\documents and settings\administrator\application data\OpenOffice.org
2012-01-17 22:17:48 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-01-17 22:17:47 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-01-17 22:17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-17 22:17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-01-15 19:39:46 -------- d-----w- c:\program files\VideoLAN
2012-01-13 21:44:09 -------- d-----w- C:\Video
2012-01-13 21:07:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-13 20:54:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2012-01-13 20:54:07 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-13 20:54:07 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-01-13 20:53:44 -------- d-----w- c:\program files\iPod
2012-01-13 20:53:41 -------- d-----w- c:\program files\iTunes
2012-01-13 20:53:41 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-01-13 20:53:28 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
2012-01-13 20:53:20 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-01-13 20:53:20 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-13 20:53:09 -------- d-----w- c:\program files\Bonjour
2012-01-13 20:49:21 -------- d-----w- c:\program files\OpenOffice.org 3
2012-01-13 20:49:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-11 09:35:18 -------- d-----w- C:\Baku
.
==================== Find3M ====================
.
2011-11-10 03:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 20:56:04.48 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/9/2009 1:50:29 PM
System Uptime: 1/24/2012 8:54:54 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | uFC-PGA Socket | 1995/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 7.83 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Fingerprint Sensor
Device ID: USB\VID_08FF&PID_1600\5&207CC5DF&0&2
Manufacturer:
Name: Fingerprint Sensor
PNP Device ID: USB\VID_08FF&PID_1600\5&207CC5DF&0&2
Service:
.
==== System Restore Points ===================
.
RP1: 1/19/2012 8:17:09 AM - System Checkpoint
RP2: 1/20/2012 9:45:36 PM - System Checkpoint
RP3: 1/22/2012 6:29:29 PM - System Checkpoint
RP4: 1/24/2012 7:42:04 PM - Software Distribution Service 3.0
RP5: 1/24/2012 7:46:28 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Foreign File Handler
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 6.0.1
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
CutePDF Writer 2.8
Google Chrome
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
Intel® Matrix Storage Manager
iTunes
IVI Shared Component
IVI Shared Components
IVI VISA COM Standard Components
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 6 Update 6
Keyspan USB Serial Adapter
LoggerNet 2.1b
LoggerNet 3.4.1
Malwarebytes Anti-Malware version 1.60.0.1800
MATLAB Component Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 9.0.1 (x86 en-GB)
MRC - MRU Configuration
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
National Instruments Software
NI-653x Support
NI-DAQ C API 7.4
NI-DAQ Document Set 1.0.5
NI-DAQ INF Files
NI-DAQ Provider for MAX
NI-DAQmx 7.4
NI-DAQmx Documentation 1.1.1
NI-DAQmx DSA Support 1.4.0
NI-DAQmx MAX Support 1.3.0
NI-DAQmx Switch Core 1.4.0
NI-DIM 1.2.0f0
NI-IVI Provider for MAX
NI-MDBG 1.2.0f0
NI-MRU 2.3.0f0
NI-MXDF 1.3.0f0
NI-ORB 1.2.0f0
NI-PAL 1.9.0f0
NI-RPC 3.2.0f0
NI-RPC 3.2.0f0 for Phar Lap ETS
NI-SWITCH 2.4
NI-VISA 3.2f1
NI-VISA Provider 3.2 for MAX
NI-VISA Runtime 3.2f1
NI Assistant Framework
NI Assistant Framework LabVIEW Code Generator 6.1
NI Assistant Framework LabVIEW Code Generator 7.0
NI Assistant Framework LabVIEW Code Generator 7.1
NI Calibration Provider for MAX
NI Common Digital 1.2.0
NI DAQ Assistant 1.4.0
NI DDSP
NI DPPH
NI IVI Class Drivers
NI IVI Compliance Package 2.2
NI IVI Engine 2.0
NI LabVIEW Run-Time Engine 7.0
NI LabVIEW Run-Time Engine 7.1
NI LabWindows/CVI 7.0 Code Generator
NI Legacy DAQmxRF
NI License Manager
NI LVBroker
NI LVBrokerAux1071
NI LVBrokerAux70
NI LVBrokerAux71
NI Measurement & Automation Explorer 3.1.1
NI Measurement Studio for VS2003 Update 7.1.0.308
NI Measurement Studio Recipe Processor
NI Measurements eXtensions for PAL 1.3.0
NI MIO Device Drivers 1.5.0
NI PXI Platform Services for Windows 1.3.2
NI PXI Provider for MAX 1.4.1
NI Remote Provider for MAX
NI Remote PXI Provider for MAX
NI SCXI 1.2.0
NI Session Manager 3.0
NI Software Provider for MAX
NI Spy 2.1.0f0
NI STC 1.2.0
NI Timing 1.2.0
NI Uninstaller
OpenOffice.org 3.3
OZ776 SCR Driver V1.1.4.202
Paragon Drive Backup™ 9 Personal
PC200W 4.0
PL-2303 USB-to-Serial
Presto! BizCard 5 SE (English Version)
Presto! BizCard5 SE
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
RSSigEdit
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
SPiDAR (Standard)
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Cooling Performance Diagnostic Tool
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Display Devices Change Utility
TOSHIBA DVD PLAYER
TOSHIBA HDD Protection
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Manuals
TOSHIBA Mic Effect
TOSHIBA Mobile Extension3
Toshiba Online Product Information
TOSHIBA Password Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA PC Health Monitor
TOSHIBA Power Saver
TOSHIBA SD Memory Boot Utility
TOSHIBA SD Memory Utilities
TOSHIBA Security Assist
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.5.1.0
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Utilities
TOSHIBA Wireless Key Logon
TOSHIBA Zooming Utility
Traditional NI-DAQ 7.4 (Legacy)
Traditional NI-DAQ Documentation 1.0.3
UltraVnc
Uninstall for TOSHIBA Mobile Extension3
Update for Windows XP (KB898461)
VC 9.0 Runtime
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
WinFlash
Wireless Hotkey
.
==== Event Viewer Messages From Past Week ========
.
1/24/2012 8:55:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/24/2012 8:55:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/24/2012 7:28:46 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/24/2012 7:02:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/24/2012 6:06:44 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7B18331A-CD2C-4420-B. The master browser is stopping or an election is being forced.
1/22/2012 11:13:48 AM, error: Dhcp [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 00216339906E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/21/2012 11:15:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
1/21/2012 11:15:03 AM, error: Service Control Manager [7024] - The McAfee Real-time Scanner service terminated with service-specific error 5046 (0x13B6).
1/21/2012 11:15:03 AM, error: Service Control Manager [7023] - The Monitor Time service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
1/20/2012 10:39:58 AM, error: Dhcp [1002] - The IP address lease 192.168.1.99 for the Network Card with network address 00216339906E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/19/2012 6:16:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.98 for the Network Card with network address 00216339906E has been denied by the DHCP server 192.168.1.93 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


Hello can someone help to check if my pc is now free from malware.
I was trying to view bbc iplayer while abroad so i was changing the settings in Firefox to view iplayer via a proxy server. I noticed I could not access some sites. So i restored the settings in Firefox. The problem persisted. Suspecting a virus i tried to download Microsoft Security Essentials (MSE), alas i could not access any anti-virus (AV) site.

I googled this problem, and found the workaround solution of typing "net stop dnscache" in the command line, allowing me to avoid the poisoned DNS cache.

I changed my windows update settings to automatic download but ask me before installing. A task bar pop up showed i had an update available. Following the link to read more about the update the internet explorer page did not look right. i did not apply the update. the process responsible for the update notification was wuauclt.exe.

I then downloaded MSE, MalwareBytes Antimalware (MBAM) Trial version, and Trend Micro HijackThis (HJT). I ran full scans of MSE and MBAM. MSE found the conficker B virus. I removed it, MSE said it was successfully removed. MBAM found nothing.
I them ran HJT.
i ran DDS.scr, this caused my pc to crash, blue screen, before restarting. I could not see my desktop after restart. Explorer.exe was running though. Restarted in safe mode, ran DDS.scr, saved the log files. Restarted in normal mode, still no desktop, i killed the process consuming the most memory, MsMpEng.exe, and my desktop appeared. MSE gave a warning, and suggested actions to remove virus, conficker B again. Apparently successfully removed this time also.

About 3 years ago when i had a different pc, I recall having to change the name of HJT so that potential viruses could not hide from it. Is this step required to check if my laptop is free from malware?

Many thanks in advance for your time and expertise.
Marc
MarcusG
Active Member
 
Posts: 2
Joined: January 24th, 2012, 4:15 pm
Advertisement
Register to Remove

Re: Virus removal. Conficker

Unread postby askey127 » January 25th, 2012, 7:55 am

We are sorry, but we do not handle machines used for business purposes.
This is a carefully considered policy issue, detailed here: http://malwareremoval.com/forum/viewtop ... 10#p531110
This is included as part of the thread at the top of the malware removal forum, titled: ALL USERS OF THIS FORUM MUST READ THIS FIRST
This thread will be closed.

Due to Our Policy On Business Machines, this Topic is Now Closed
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware