Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Before I chuck this thing out the window...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Before I chuck this thing out the window...

Unread postby sswimr88 » July 12th, 2011, 4:11 pm

Well, a couple of days ago it went completely on the fritz, but something tells me I had viruses and malware long before that and just didn't realize it. I was able to run Internet Explorer and get to this point by logging into the Administrator account rather than my usual one (also an account with Administrator privileges), creating a new third Administrator account ("Viruses Suck -edited-"...classy, I'm aware), and then running this DDS thingy. In case this tidbit of info makes any difference. I don't know where to begin with all the issues, so I'll just list some of the things I've noticed:

-some Google (as well as every other search engine, including MSN Bing) redirect virus...every time I try to use a search engine to search for something it redirects me to a different random site advertising something or other.

-YouTube will not play sounds on any of the videos

-I get asked to enter passwords twice pretty often, especially on Facebook...mildly scary

-I found a random Limited User Account called Machine.Asp.Net or something of that sort...I deleted it. All that I personally set up prior to that was my own "Toy" account (administrator privileges) and the "Administrator" account (administrator privileges), and the Guest account was turned off.

-I no longer have control of the Add/Remove Programs window in the Control Panel...there is no Remove or Uninstall function for any of the programs, and there are many things listed that were not there before. I was pretty familiar with every program on that list, and there are many new items listed that don't even sound like programs.

-The "Toy" account with administrator privileges (my primary account) is completely useless...there is some Malware Program that appeared that does a little "security scan" and is blocking every other program from starting up (like internet, my usual McAffee antivirus, the task manager, etc.).

-Internet Explorer keeps informing me, upon being opened, that it is not the primary program despite that I make it the primary program every time.

-Last night my computer started running an ad with sound about google and vista rent-a-car. I closed the internet, to the best of what i could see, no other user account was open, and yet the ad continued until I shut it off.

-I've run AdAware, MalwareBytes, and McAfee scans and removed what they found, but this infestation has only gotten progressively worse.

I did download HiJackThis and can run and post a log if necessary. Here is the DDS log first, then the Attach log after:


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Viruses Suck -edited- at 14:43:04 on 2011-07-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.852 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ITunes\iTunesHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/ ... 5835081531
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B73034FD-43D7-4A10-BAB7-445BD252D185} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-25 64512]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2151640]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-2-9 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2006-11-30 54872]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-2-9 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-2-9 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-2-9 168776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-7 30560]
.
=============== Created Last 30 ================
.
2011-07-12 19:12:54 388096 ----a-r- c:\documents and settings\viruses suck -edited-\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-12 17:22:50 -------- d-----w- c:\documents and settings\viruses suck -edited-\local settings\application data\Ahead
2011-07-12 17:22:47 -------- d-----w- c:\documents and settings\viruses suck -edited-\local settings\application data\Apple Computer
2011-07-12 17:22:42 -------- d-sh--w- c:\documents and settings\viruses suck -edited-\PrivacIE
2011-07-12 17:22:04 -------- d-----w- c:\documents and settings\viruses suck -edited-\local settings\application data\Google
2011-07-12 17:20:39 -------- d-sh--w- c:\documents and settings\viruses suck -edited-\IETldCache
2011-07-12 17:20:32 -------- d-----w- c:\documents and settings\viruses suck -edited-\local settings\application data\Microsoft
2011-07-12 17:20:32 -------- d-----w- c:\documents and settings\viruses suck -edited-\application data\Intel
2011-07-11 07:21:52 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-07-11 01:29:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-11 01:29:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-11 01:12:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-11 01:12:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-16 02:27:49 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 00:03:10 -------- d-----w- C:\Becker Applications
.
==================== Find3M ====================
.
2011-07-11 05:12:39 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-20 15:31:32 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-06-03 17:16:07 6280056 ----a-w- C:\Silverlight.exe
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 14:49:30.93 ===============



And the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2009 7:54:44 PM
System Uptime: 7/12/2011 1:54:25 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0HP728
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 40 GiB total, 19.563 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 52.329 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_413C&PID_8140\5&28EF422B&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_413C&PID_8140\5&28EF422B&0&2
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_02001028&REV_02\4&1E93A591&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_02001028&REV_02\4&1E93A591&0&00E5
Service: b57w2k
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\7D371A1384FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\7D371A1384FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP549: 4/24/2011 8:10:52 PM - System Checkpoint
RP550: 4/25/2011 9:47:47 PM - System Checkpoint
RP551: 4/26/2011 10:00:20 PM - Software Distribution Service 3.0
RP552: 4/28/2011 8:32:49 PM - System Checkpoint
RP553: 4/30/2011 1:41:19 PM - System Checkpoint
RP554: 5/1/2011 2:07:12 PM - System Checkpoint
RP555: 5/2/2011 9:30:35 PM - System Checkpoint
RP556: 5/4/2011 10:34:00 AM - System Checkpoint
RP557: 5/5/2011 9:14:39 PM - System Checkpoint
RP558: 5/7/2011 7:37:25 PM - System Checkpoint
RP559: 5/9/2011 2:29:16 AM - System Checkpoint
RP560: 5/10/2011 2:12:16 PM - System Checkpoint
RP561: 5/11/2011 12:16:21 PM - Software Distribution Service 3.0
RP562: 5/12/2011 8:01:48 PM - System Checkpoint
RP563: 5/13/2011 10:14:38 PM - System Checkpoint
RP564: 5/14/2011 10:19:50 PM - System Checkpoint
RP565: 5/16/2011 2:27:34 PM - System Checkpoint
RP566: 5/17/2011 3:32:53 PM - System Checkpoint
RP567: 5/18/2011 5:50:53 PM - System Checkpoint
RP568: 5/20/2011 1:27:16 PM - System Checkpoint
RP569: 5/23/2011 3:08:19 PM - System Checkpoint
RP570: 5/24/2011 7:32:59 PM - System Checkpoint
RP571: 5/25/2011 10:02:04 PM - System Checkpoint
RP572: 5/26/2011 11:37:18 PM - System Checkpoint
RP573: 5/28/2011 4:23:18 PM - System Checkpoint
RP574: 5/29/2011 11:25:58 PM - System Checkpoint
RP575: 6/2/2011 11:08:00 PM - System Checkpoint
RP576: 6/4/2011 10:59:45 PM - System Checkpoint
RP577: 6/6/2011 12:50:07 PM - System Checkpoint
RP578: 6/8/2011 4:34:47 PM - System Checkpoint
RP579: 6/13/2011 12:22:03 PM - System Checkpoint
RP580: 6/13/2011 7:03:08 PM - Installed Becker's CPA Exam Review and PassMaster - 2011 Edition
RP581: 6/14/2011 10:45:57 PM - System Checkpoint
RP582: 6/16/2011 12:53:20 PM - Software Distribution Service 3.0
RP583: 6/17/2011 2:16:11 PM - System Checkpoint
RP584: 6/18/2011 10:01:12 PM - System Checkpoint
RP585: 6/19/2011 10:50:23 PM - System Checkpoint
RP586: 6/20/2011 11:18:51 PM - System Checkpoint
RP587: 6/21/2011 11:27:37 PM - System Checkpoint
RP588: 6/23/2011 12:10:39 AM - System Checkpoint
RP589: 6/24/2011 1:10:41 AM - System Checkpoint
RP590: 6/25/2011 1:20:11 AM - System Checkpoint
RP591: 6/27/2011 3:12:09 PM - System Checkpoint
RP592: 6/28/2011 6:34:04 PM - System Checkpoint
RP593: 6/28/2011 10:00:17 PM - Software Distribution Service 3.0
RP594: 6/30/2011 11:45:44 PM - System Checkpoint
RP595: 7/3/2011 2:48:23 PM - System Checkpoint
RP596: 7/5/2011 12:35:33 AM - System Checkpoint
RP597: 7/6/2011 1:22:04 AM - System Checkpoint
RP598: 7/7/2011 5:50:55 PM - System Checkpoint
RP599: 7/10/2011 3:32:58 PM - System Checkpoint
RP600: 7/10/2011 8:09:38 PM - Restore Operation
RP601: 7/11/2011 12:08:44 AM - Installed Ad-Aware
RP602: 7/11/2011 12:09:04 AM - Installed Ad-Aware
RP603: 7/11/2011 10:45:15 AM - Software Distribution Service 3.0
RP604: 7/11/2011 10:56:20 AM - Installed HiJackThis
RP605: 7/12/2011 1:55:49 PM - Restore Operation
RP606: 7/12/2011 2:12:53 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
HiJackThis
Microsoft Office File Validation Add-In
WebFldrs XP
.
==== Event Viewer Messages From Past Week ========
.
7/5/2011 10:34:00 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001644AFCC5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/12/2011 12:03:02 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001644AFCC5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/11/2011 9:18:26 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
7/11/2011 11:38:48 AM, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Update\1.3.21.57\GoogleUpdateOnDemand.exe" -Embedding
7/10/2011 9:45:20 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/10/2011 7:50:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the STacSV service.
7/10/2011 1:45:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/10/2011 1:45:18 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/10/2011 1:38:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
7/10/2011 1:37:23 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================



Thanks so much for your help!
Last edited by Wingman on July 13th, 2011, 7:55 am, edited 1 time in total.
Reason: Edited for inappropriate content
sswimr88
Active Member
 
Posts: 11
Joined: July 12th, 2011, 3:19 pm
Top
Advertisement
Register to Remove

Re: Before I chuck this thing out the window...

Unread postby Wingman » July 13th, 2011, 7:50 am

Altered Logs

You have edited your logs. Additionally, some of the log content show inappropriate language or verbiage. (These inappropriate references have been "edited" to remove the offensive material)

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we do not delete or edit logs to conceal personal or business related details.

The use of inappropriate language is not acceptable, as stated in our forum rules on expected behavior.

Should you wish to receive help here, please remove the inappropriate language and post all information from the required logs.
Thank you for your cooperation and understanding.

This topic is now closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 145 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index