Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected MRT.exe / other malware issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected MRT.exe / other malware issues

Unread postby jw4774 » March 18th, 2012, 4:03 pm

Hello, first of all thank you for any offered help, it will be much appreciated. I am having problems with Mozilla Firefox not opening and also had my hotmail account hacked which I had accessed from this computer recently so not sure if that has contributed to the problem. But mainly saw mrt.exe running unexpectedly at start up using a large amount of procesing speed, the program was saved in a randomly named folder made up of letters and numbers. I have deleted this but am sure it will re-appear. See the requested log files below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jonathan at 19:39:07 on 2012-03-18
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonathan\Desktop\dds.scr
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k eapsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 6362389710
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9FA942FD-6553-4CDC-A3D2-3DB50F486873} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9B9C8A2-5AA7-4721-95A6-D99282B7B8B7} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jonathan\application data\mozilla\firefox\profiles\86dlqyid.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\jonathan\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R? AWINDIS5;AWINDIS5 Protocol Driver
R? PRISM_ICB;NETGEAR WG511 Wireless LAN Driver
S? cmdAgent;COMODO Internet Security Helper Service
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? MBAMSwissArmy;MBAMSwissArmy
.
=============== Created Last 30 ================
.
2012-03-18 19:06:29 -------- d-----w- c:\documents and settings\jonathan\local settings\application data\COMODO
2012-03-18 18:51:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-18 18:50:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 21:21:39 388096 ----a-r- c:\documents and settings\jonathan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-15 21:21:36 -------- d-----w- c:\program files\Trend Micro
2012-03-15 21:16:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-15 21:16:37 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-12 20:44:22 -------- d-----w- c:\documents and settings\jonathan\application data\Malwarebytes
2012-03-12 20:43:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-12 20:41:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-23 13:53:26 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJEPPEX2
2012-02-23 13:53:26 -------- d--h--w- c:\documents and settings\all users\application data\CanonEPP
2012-02-23 13:48:55 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-02-23 13:48:55 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-02-23 13:48:35 307200 ----a-w- c:\windows\system32\CNC280L.dll
2012-02-23 13:48:35 1335296 ----a-w- c:\windows\system32\CNC280C.dll
2012-02-23 13:48:35 114688 ----a-w- c:\windows\system32\CNC280I.dll
2012-02-23 13:48:35 106496 ----a-w- c:\windows\system32\CNC280U.dll
2012-02-23 13:48:34 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-02-23 13:48:27 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-02-23 13:48:27 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-02-23 13:47:21 -------- d-----w- c:\documents and settings\all users\application data\CanonIJMSetup
2012-02-23 13:46:09 -------- d-----w- c:\program files\common files\CANON
2012-02-23 13:45:30 -------- d-----w- c:\documents and settings\all users\application data\CanonIJWSpt
2012-02-23 13:35:40 73216 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAA.DLL
2012-02-23 13:35:40 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAA.DLL
2012-02-23 13:35:39 290816 ----a-w- c:\windows\system32\CNMLMAA.DLL
2012-02-23 13:30:33 94208 ----a-w- c:\windows\system32\CNC280O.dll
2012-02-23 13:30:28 180224 ----a-w- c:\windows\system32\CNMIUAA.DLL
2012-02-23 13:25:51 -------- d-----w- c:\program files\Canon
2012-02-18 09:36:44 -------- d-----w- c:\documents and settings\jonathan\local settings\application data\Google
.
==================== Find3M ====================
.
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 00:19:16 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 19:50:01.87 ===============


And the Attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 16/02/2010 22:28:28
System Uptime: 18/03/2012 18:44:01 (1 hours ago)
.
Motherboard: Dell Computer Corporation | |
Processor: Mobile Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 1594/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 63 GiB total, 35.806 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_10DE&DEV_0324&SUBSYS_015F1028&REV_A1\4&1AB4B779&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_10DE&DEV_0324&SUBSYS_015F1028&REV_A1\4&1AB4B779&0&0008
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_015F1028&REV_01\4&39A85202&0&08F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_015F1028&REV_01\4&39A85202&0&08F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_015F1028&REV_01\3&61AAA01&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_015F1028&REV_01\3&61AAA01&0&FD
Service:
.
==== System Restore Points ===================
.
RP272: 09/01/2012 19:09:50 - System Checkpoint
RP273: 11/01/2012 18:03:18 - Software Distribution Service 3.0
RP274: 12/01/2012 19:02:27 - System Checkpoint
RP275: 16/01/2012 19:18:18 - System Checkpoint
RP276: 18/01/2012 19:55:39 - System Checkpoint
RP277: 27/01/2012 20:33:04 - Software Distribution Service 3.0
RP278: 01/02/2012 21:09:11 - System Checkpoint
RP279: 03/02/2012 18:51:47 - System Checkpoint
RP280: 06/02/2012 20:15:36 - System Checkpoint
RP281: 07/02/2012 20:21:37 - System Checkpoint
RP282: 10/02/2012 12:49:46 - System Checkpoint
RP283: 12/02/2012 15:06:17 - System Checkpoint
RP284: 13/02/2012 17:11:18 - System Checkpoint
RP285: 14/02/2012 18:00:27 - System Checkpoint
RP286: 15/02/2012 19:28:53 - System Checkpoint
RP287: 15/02/2012 23:05:54 - Software Distribution Service 3.0
RP288: 17/02/2012 08:49:55 - System Checkpoint
RP289: 17/02/2012 10:11:16 - Software Distribution Service 3.0
RP290: 18/02/2012 08:00:18 - Software Distribution Service 3.0
RP291: 18/02/2012 09:37:32 - Installed Windows XP -- Software Updates KB952011.
RP292: 18/02/2012 23:57:22 - Software Distribution Service 3.0
RP293: 19/02/2012 17:53:34 - Software Distribution Service 3.0
RP294: 20/02/2012 18:08:59 - Software Distribution Service 3.0
RP295: 21/02/2012 18:34:04 - Software Distribution Service 3.0
RP296: 22/02/2012 08:07:19 - Software Distribution Service 3.0
RP297: 22/02/2012 10:00:34 - Software Distribution Service 3.0
RP298: 22/02/2012 17:14:55 - Software Distribution Service 3.0
RP299: 23/02/2012 00:18:20 - Software Distribution Service 3.0
RP300: 23/02/2012 09:45:23 - Software Distribution Service 3.0
RP301: 23/02/2012 13:23:47 - Software Distribution Service 3.0
RP302: 23/02/2012 14:15:09 - Software Distribution Service 3.0
RP303: 27/02/2012 08:55:10 - System Checkpoint
RP304: 28/02/2012 09:03:43 - System Checkpoint
RP305: 29/02/2012 09:58:31 - System Checkpoint
RP306: 03/03/2012 16:02:51 - System Checkpoint
RP307: 04/03/2012 16:04:38 - System Checkpoint
RP308: 06/03/2012 19:53:52 - System Checkpoint
RP309: 08/03/2012 12:08:57 - System Checkpoint
RP310: 11/03/2012 17:59:27 - System Checkpoint
RP311: 12/03/2012 22:40:17 - System Checkpoint
RP312: 15/03/2012 09:25:21 - Software Distribution Service 3.0
RP313: 15/03/2012 21:13:24 - Restore Operation
RP314: 15/03/2012 21:21:33 - Installed HiJackThis
RP315: 15/03/2012 21:23:36 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
Audacity 1.2.6
BCM V.92 56K Modem
BurnAware Free 2.2.3
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
CCleaner
COMODO Internet Security
CutePDF Writer 2.7
HiJackThis
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IEEE802.11a/b/g Wireless LAN Software
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LP Recorder - Magazine CD
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Silverlight
Mozilla Firefox (3.6.27)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG511 54 Mbps Wireless PC Card
OpenMG Secure Module 4.3.00
OpenOffice.org 3.0
PDF Manual NW-A10003000
Picasa 3
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
TreeSize Professional 5.2.2
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VLC media player 1.0.5
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
Wiseval Photophant 1.0.2
.
==== Event Viewer Messages From Past Week ========
.
15/03/2012 21:01:42, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
15/03/2012 20:07:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
15/03/2012 20:07:03, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
15/03/2012 20:07:03, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
15/03/2012 20:07:03, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
15/03/2012 20:07:03, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
15/03/2012 20:06:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
15/03/2012 20:06:27, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/03/2012 09:20:43, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
15/03/2012 09:20:43, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Canon\Solution Menu EX\MFC80U.DLL. Reference error message: The operation completed successfully. .
15/03/2012 09:20:43, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================
jw4774
Active Member
 
Posts: 1
Joined: March 18th, 2012, 3:23 pm
Advertisement
Register to Remove

Re: Suspected MRT.exe / other malware issues

Unread postby pgmigg » March 18th, 2012, 8:22 pm

Hello jw4774,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected MRT.exe / other malware issues

Unread postby pgmigg » March 21st, 2012, 12:31 pm

Hello jw4774,

Thank you for your patience... :)

Step 1.
Security Check
  1. Please download Security Check by screen317 from one of the links below:
  2. Save it to your Desktop.
  3. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  4. A Notepad document should open automatically called checkup.txt
  5. Please post the contents of that document.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it
to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 3.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of checkup.txt report;
  3. Contents of a OTL.txt log file
  4. Contents of a Extras.txt log file
  5. Contents of scan results from C:\Program Files\ESET\EsetOnlineScanner\log.txt file.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected MRT.exe / other malware issues

Unread postby Cypher » March 25th, 2012, 5:15 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware