Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

mouse trap. more windows than one can close

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

mouse trap. more windows than one can close

Unread postby ejames82 » January 26th, 2012, 3:37 am

hello, thanks for your time.

this inspiron mini was sold to my sister two months ago and she sold it to me yesterday because when she tried to use it (the very first time), windows popped up faster than she could close them. her only recourse was to hard-kill.
this morning the display froze the first time I tried to start it. I restarted it and discovered that 'live messenger' was making the cpu run at 100%, so I unchecked it's box in msconfig.
I have done just what was needed so that I could function reasonably and get help here.

1. I installed revo uninstaller
2. I uninstalled outdated mcafee antivirus

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jason at 2:15:22 on 2012-01-26
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.422 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{294B54CD-9A79-442E-9C06-427C363FA3D1} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F9F4F60C-45F4-43F2-A5B5-4D1E1EC7566A} : DhcpNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-26 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-6-24 87968]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2010-9-30 1692480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-30 143840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-30 275048]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192ce.sys [2010-9-30 853536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-24 191008]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-23 52224]
.
=============== Created Last 30 ================
.
2012-01-26 05:28:47 -------- d-----w- c:\program files\VS Revo Group
2012-01-21 22:01:47 -------- d-----w- c:\windows\system32\SPReview
2012-01-21 21:39:33 -------- d-sh--w- C:\found.000
2012-01-19 05:49:45 -------- d-----w- c:\windows\system32\EventProviders
2012-01-17 15:38:50 362268 ---ha-w- c:\programdata\5DrSpjUPng4J6D.exe
2012-01-11 21:41:46 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 21:41:43 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 21:41:40 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 21:41:39 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 10:11:16 -------- d-----w- C:\437f678f23918983676b9187
2012-01-06 03:56:00 -------- d--h--w- c:\users\jason\Tracing
2012-01-03 13:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-12-29 04:18:07 -------- d--h--w- c:\users\jason\My Backup Files
2011-12-29 04:04:29 -------- d-----w- c:\windows\system32\SL-SL
.
==================== Find3M ====================
.
2012-01-21 22:41:43 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-11 21:44:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 2:17:47.54 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume3
Install Date: 12/24/2010 11:37:55 PM
System Uptime: 1/26/2012 1:29:18 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0GHG2G
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU 1 | 983/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 117.941 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP28: 1/19/2012 3:24:51 AM - Windows 7 Service Pack 1
RP29: 1/21/2012 4:49:25 PM - Windows Update
RP30: 1/22/2012 5:00:00 PM - Windows Update
RP31: 1/25/2012 11:02:49 PM - Windows Update
RP33: 1/26/2012 12:38:12 AM - Revo Uninstaller's restore point - McAfee Security Center
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Advanced Audio FX Engine
Battery Meter
CapsLKNotify
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cozi
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Download Updater (AOL LLC)
EMSC
Function Keys
GoToAssist 8.0.0.514
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Live! Cam Avatar Creator
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
MSVCRT
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
REALTEK PCIE Wireless LAN Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.93
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype Toolbars
Skype™ 4.1
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WSED
.
==== Event Viewer Messages From Past Week ========
.
1/26/2012 2:10:07 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/26/2012 12:42:57 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/26/2012 1:29:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/26/2012 1:29:45 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/26/2012 1:29:44 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/26/2012 1:29:44 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/25/2012 9:46:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
1/25/2012 11:18:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/25/2012 11:15:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
1/25/2012 11:12:00 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2012 11:12:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/25/2012 11:11:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/25/2012 11:11:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/25/2012 11:11:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/25/2012 11:11:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/25/2012 11:11:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/25/2012 11:10:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
1/25/2012 11:10:57 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2012 11:10:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2012 6:33:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/21/2012 7:39:05 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
1/21/2012 5:00:09 PM, Error: Microsoft-Windows-Service Pack Installer [6] - The Service Pack cannot be installed when the computer is running on battery power.
1/21/2012 2:46:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
1/21/2012 12:54:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
1/21/2012 12:37:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
1/21/2012 1:34:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
1/20/2012 12:38:11 PM, Error: Service Control Manager [7043] - The McShield service did not shut down properly after receiving a preshutdown control.
1/20/2012 1:22:07 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
1/20/2012 1:11:41 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
1/19/2012 4:42:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/19/2012 3:24:21 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F9F4F60C-45F4-43F2-A5B5-4D1E1EC7566A} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york
Advertisement
Register to Remove

Re: mouse trap. more windows than one can close

Unread postby torreattack » January 27th, 2012, 11:54 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi ejames82 and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.


Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: mouse trap. more windows than one can close

Unread postby ejames82 » January 27th, 2012, 8:10 pm

I broke the forum rules. I am at the mercy of the fair folks at malwareremoval. I installed macrium reflect in hopes to back up my OS to an external hard drive. This is the only software that has been installed on this pc (by me since I posted here), and in fact, the pc hasn't been used for anything else. What I did was selfish and I am sorry.

I know I deserve to be punished and refused help, but could you please forgive me?
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » January 28th, 2012, 1:48 pm

torreattack,

I did create a restore point and keep checking back for a reply. as I said before, I am sorry.
the infected computer sits unused. this is a different computer.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby torreattack » January 28th, 2012, 9:43 pm

Hi ejames82:

I did create a restore point and keep checking back for a reply.

Apologies for the delay.

Please note:
1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

As I am still in training at the Malware Removal University all of my fixes need to be checked and approved by an instructor. My proposed fix for your log is currently being assessed. I will get back to you with instructions as soon as possible.

Sorry,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: mouse trap. more windows than one can close

Unread postby torreattack » January 29th, 2012, 5:10 am

Hi ejames82 :

I uninstalled outdated mcafee antivirus

Please install a new one now.

1. No Anti-virus Software Installed!
Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors.

  1. Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
  2. Antivir PersonalEdition Classic- Superior detection, the "free" version has no email scan.
  3. avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.


Installing a new AV product.
Do NOT unistall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product... following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.



2.Please download SystemLook from one of the links below, and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\437f678f23918983676b9187
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
This scan can take some time to run so please be patient.


3. Upload File/Files for testing

Please go to Virustotal
Copy/paste this file and path into the white box at the top:
c:\programdata\5DrSpjUPng4J6D.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image


4. Please provide me more details of your problem:
a)What windows open non-stop? Windows explorer or browser windows?
b)Have you tried waiting or did they stop after some time?

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: mouse trap. more windows than one can close

Unread postby ejames82 » January 29th, 2012, 1:09 pm

torreattack,

thank you.
I just installed avast. the mcafee was removed with revo four days ago. I am unaware of any other antimalware programs that have been installed. should we find any, I am totally for getting rid of all of it. avast is all I want.
I am doing a complete avast scan. I will keep you informed about the scan's findings. after that I will run systemlook.
anything avast finds I will scan with virustotal. all of this will be copied and pasted for you.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby torreattack » January 29th, 2012, 5:07 pm

hi ejames82:

Thanks for the update, AVAST is a good choice.


waiting for your logs.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: mouse trap. more windows than one can close

Unread postby ejames82 » January 30th, 2012, 1:59 am

torreattack,

the outlook is not good. the avast scan found numerous infections. one of the dilemmas surrounding avast that I was unaware of, is that they don't provide a text scan log, which would be most helpful now because there is a problem. to make a long story short, avast says folders are there that the computer doesn't show. I even temporarily tried showing hidden files and folders, to no avail. because of this, I am unable to scan the files with virustotal.
I will do my best to retrieve a text copy of the avast scan.

here is systemlook
SystemLook 30.07.11 by jpshortstuff
Log created at 00:40 on 30/01/2012 by Jason
Administrator - Elevation successful

========== dir ==========

C:\437f678f23918983676b9187 - Parameters: "(none)"

---Files---
$shtdwn$.req --ah--- 788 bytes [10:11 11/01/2012] [10:11 11/01/2012]
DHtmlHeader.html --a---- 16118 bytes [08:38 26/12/2011] [08:38 26/12/2011]
header.bmp --a---- 3628 bytes [10:09 26/12/2011] [10:09 26/12/2011]
NDP40-KB2656351.msp --a---- 5115392 bytes [10:06 26/12/2011] [10:06 26/12/2011]
ParameterInfo.xml --a---- 27846 bytes [10:09 26/12/2011] [10:09 26/12/2011]
Setup.exe --a---- 79112 bytes [08:51 26/12/2011] [08:51 26/12/2011]
SetupEngine.dll --a---- 810256 bytes [08:51 26/12/2011] [08:51 26/12/2011]
SetupUi.dll --a---- 296712 bytes [08:51 26/12/2011] [08:51 26/12/2011]
SetupUi.xsd --a---- 30120 bytes [08:38 26/12/2011] [08:38 26/12/2011]
SetupUtility.exe --a---- 97048 bytes [04:00 26/12/2011] [04:00 26/12/2011]
SplashScreen.bmp --a---- 196662 bytes [10:09 26/12/2011] [10:09 26/12/2011]
sqmapi.dll --a---- 196416 bytes [08:38 26/12/2011] [08:38 26/12/2011]
Strings.xml --a---- 13606 bytes [10:09 26/12/2011] [10:09 26/12/2011]
UiInfo.xml --a---- 36180 bytes [10:09 26/12/2011] [10:09 26/12/2011]
watermark.bmp --a---- 104072 bytes [10:09 26/12/2011] [10:09 26/12/2011]

---Folders---
1025 d------ [10:11 11/01/2012]
1028 d------ [10:11 11/01/2012]
1029 d------ [10:11 11/01/2012]
1030 d------ [10:11 11/01/2012]
1031 d------ [10:11 11/01/2012]
1032 d------ [10:11 11/01/2012]
1033 d------ [10:11 11/01/2012]
1035 d------ [10:11 11/01/2012]
1036 d------ [10:11 11/01/2012]
1037 d------ [10:11 11/01/2012]
1038 d------ [10:11 11/01/2012]
1040 d------ [10:11 11/01/2012]
1041 d------ [10:11 11/01/2012]
1042 d------ [10:11 11/01/2012]
1043 d------ [10:11 11/01/2012]
1044 d------ [10:11 11/01/2012]
1045 d------ [10:11 11/01/2012]
1046 d------ [10:11 11/01/2012]
1049 d------ [10:11 11/01/2012]
1053 d------ [10:11 11/01/2012]
1055 d------ [10:11 11/01/2012]
2052 d------ [10:11 11/01/2012]
2070 d------ [10:11 11/01/2012]
3076 d------ [10:11 11/01/2012]
3082 d------ [10:11 11/01/2012]
Graphics d------ [10:11 11/01/2012]

-= EOF =-

thanks, torreattack
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby torreattack » January 31st, 2012, 6:11 am

Hi ejames82 :

Before we start, I want you to update your email address. The email address that you are using in this forum is no longer valid. As a result, you are not receiving email notifications sent by the board when posts are made to your topic.

Please update your email address now.



the outlook is not good. the avast scan found numerous infections.
1. Please provide me more detail about the infection, if possible, the name of the infection.

I will do my best to retrieve a text copy of the avast scan.
2. You logs are located in C:\ProgramData\AVAST Software\Avast\report. Please post the Full system scan.txt and Quick scan.txt.


I even temporarily tried showing hidden files and folders, to no avail. because of this, I am unable to scan the files with virustotal.

You are browsing for the file, please retry with copy and pasting the path and filename.

3. Upload File/Files for testing
Please go to Virustotal
Copy/paste this file and path into the white box at the top:
c:\programdata\5DrSpjUPng4J6D.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image


4. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Minimal Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



You did not answer my previous question.
5. Please provide me more details of your problem:
a)What windows open non-stop? Windows explorer or browser windows?
b)Have you tried waiting or did they stop after some time?


6. Checklist
Please post:
  • Change your email
  • Name of the infection, if possible
  • Avast scanning result
  • Online Scanning result
  • OTL.txt and Extra.txt
  • An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: mouse trap. more windows than one can close

Unread postby ejames82 » January 31st, 2012, 12:20 pm

torreattack,

Hello, thank you for you time and your quick reply.

today I am replying on a different (more user friendly), uninfected computer. there is alot to say.

my sister recently purchased the infected pc (inspiron mini) a little over a month ago. she bought it used from some site like amazon. it sat on the shelf for most of the month. then one day she plugged it up to the internet with several witnesses present (I was not one of them, but several were there and told me the story) and the very first website she went to (I don't recall if they told me the website, if it's relevant) windows popped up so fast that they could not close them out. she said the only way out of the problem was to pull the outlet from the wall. I have always told her not to click on anything in a panic. I hope she didn't. She disconnected it and put it back in the box.
I offered her the price she paid for it and she accepted. I have less than an hour of use on the infected inspiron mini.


Before we start, I want you to update your email address. The email address that you are using in this forum is no longer valid. As a result, you are not receiving email notifications sent by the board when posts are made to your topic.

Please update your email address now.

I would be glad to. I tried, minutes ago. I went to control panel>board preferences (I went everywhere else in there too, my eyes don't see it) but could not see a dialog box, or any way to provide it. I don't think you want me to post it here in the thread. I could PM it to you. I have nothing to hide. Just let me know how, and it's done. :)
Oh, and I have been checking the thread regularly, and I am available when I am not at my job.


You logs are located in C:\ProgramData\AVAST Software\Avast\report. Please post the Full system scan.txt and Quick scan.txt.
I think I see a problem here. do you remember how I told you that the avast scan said folders existed that the inspiron mini didn't show in it's directory? C:\ProgramData does not exist in the file system. the folder ProgramData doesn't exist.
the same goes for:
C:\Users\Jason where many infections were found. The folder Jason doesn't exist.

every infection I tried to scan with virustotal was blocked by a folder that didn't exist. I will admit that my knowledge of windows7 file system/directory tree is limited, but I think this is the malware at work.


unfortunately, there's more to the story about the avast scan. I started it before I went to work two days ago. when I got home the mini was shut off. I restarted the mini and the avast gui was on the screen fortunately and appears to have completed. I was unable to recall any specific instructions in regards to the choices the scan results offer. I tried to ignore, but it didn't do anything. nothing in the screen would change. I clicked on the 'apply' button and nothing would happen. I chose quarantine (hope I didn't do the wrong thing here, I could have hard killed). all the files but the last one quarantined. the last one had an error.

if I didn't have to work later today I could go to the avast interface, read outloud the scan report to a cassette tape and post it for you, but I don't have time today. I have the next two days off. :):) you will hear from me. and if you can be here, I will be here. I will log in at about this time tomorrow.

I will also do a quick google search for the folder ProgramData but I am not very hopeful. It really hurts not being able to get a text scan report. I like avast, but other AVs provide one automatically.

if I overlooked anything in your post it was not deliberate. I will get to it. I promise. thank you torreattack.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » January 31st, 2012, 12:51 pm

torreattack,

just a quick message to let you know that I found the ProgramData folder. I don't know how it got hidden. I specifically went looking for it with that in mind. the report didn't provide anything. you didn't know that most of the stuff was quarantined. once the infection is quarantined, I guess that report will have nothing in it. sorry.

I will be here tomorrow. thanks.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 1st, 2012, 11:30 am

torreattack,

Hello,

Edit: I typed this out at about 10:30 and will correct mistakes by approximately 11:45. these corrections will be posted two posts later. the infections will be included and mistakes will be corrected. sorry. :oops:

I had to visually type it from one screen to the other, so capital o may be switched for 0 (zero). its not as thorough as copying and pasting would have been. I think it will suffice.
I add other info that I think you will need to know in bold text.


C:\ProgramFiles\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_TGG_Tag_ini_Update.exe|>DataSafe_Green.ico
C:\ProgramFiles\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_TGG_Tag_ini_Update.exe|>diff_000001.dif
C:\ProgramFiles\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_TGG_Tag_ini_Update.exe|>IRIMG1.BMP
C:\ProgramFiles\Dell DataSafe Local Backup\Components\DSUpdate\Updates\DataSafe_TGG_Tag_ini_Update.exe|>IRIMG1.JPG

these above were errors while scanning. not necessarily (and probably not) infections


C:\ProgramData\5DrSpjUPng4J6D.exe
C:\Users\Jason\AppData\Local\gbi.exe
C:\Users\Jason\AppData\Local\Temp\480.0984.exe
C:\Users\Jason\AppData\Local\Temp\9XBIBQ2Il1nkZF.exe.tmp
C:\Users\Jason\AppData\Local\Temp\ErKvvqN4SsRxxB.exe.tmp
C:\Users\Jason\AppData\Local\Temp\kna0.7285776298927835.exe
C:\Users\Jason\AppData\Local\Temp\msimg32.dll
C:\Users\Jason\AppData\Local\Temp\qessaeuxoq
C:\Users\Jason\AppData\Local\Temp\sghj0.9470953159697454.exe
C:\Users\Jason\AppData\Local\Temp\viw.dll
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\68619c2c-297e29c5
C:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\75a038ae-5fd870ab
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\ContentIE5\INSTNEXX\search[1].htm

these above were all quarantined successfully.



C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys

this file had an error while avast tried to quarantine it


I am going to submit this right now. but I am not leaving. I want you to have this right away in case you may be here.
I am going to give you everything you require (if possible) today.
thank you for your help.
Last edited by ejames82 on February 1st, 2012, 12:27 pm, edited 1 time in total.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby ejames82 » February 1st, 2012, 12:07 pm

torreattack,

here's a quick reply.

it's a file you needed to have scanned by virustotal
https://www.virustotal.com/file/dd35103 ... 328111736/

a little extra info.

SHA256:

dd351036a41fc96262a17f8bf029551b80dae270db01cb41de6dcc6f39089bac





















File name:

~5DrSpjUPng4J6D









Detection ratio:

5 / 43



Analysis date:

2012-02-01 15:55:36 UTC ( 1 minute ago )
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: mouse trap. more windows than one can close

Unread postby torreattack » February 1st, 2012, 12:12 pm

Hi ejames82:

Thanks for the list of infection.

Just to let you know I still waiting for my teacher to approve my proposed fix.

I think I am not able to post to you now. However, I will be back as soon as possible.

Sorry,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware