Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

BITS & Automatic Update services uninstalled

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 17th, 2012, 3:57 pm

Hi kuboa,

Please download aswMBR and save it to your Desktop.
  • Double click aswMBR.exe to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 18th, 2012, 5:26 pm

aswMBR has been running for at least 90 minutes, but seems to have stalled-- the timer is not moving, nor has it been for at least an hour.

The line it stopped at reads:

Scanning: C:\Documents and Settings\All Users\ Application Data\Windows Codecs\Dat... {screen is cutoff}

Perhaps more importantly, these lines are listed earlier in the visible log:

Service MpKsl2caeef84 C:\Documents and Settings\All Users\ Application Data\Micros.... {Hopefully you can view this as yellow}

Module C:\Windows\System32\DLA\DLADResN.SYS **SUSPICIOUS** {This text appears in red}

These lines were not copy-n-pastable directly from the aswMBR window, therefore typed as carefully as I could. I will let the scan continue, as it may not actually be stalled, unless/ until you suggest otherwise.
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 18th, 2012, 5:54 pm

Hi kuboa,

Module C:\Windows\System32\DLA\DLADResN.SYS **SUSPICIOUS**


That file is a false positive and I have seen detected before by aswMBR so is not an issue.

The scan does a very deep scan so can take several hours but do let me know if it is still running after 6 hours or so.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 18th, 2012, 7:16 pm

It finally ended. MBR.dat has been backed up.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-18 12:41:37
-----------------------------
12:41:37.027 OS Version: Windows 5.1.2600 Service Pack 3
12:41:37.027 Number of processors: 1 586 0x409
12:41:37.027 ComputerName: ROLARAUS UserName: Admin
12:41:40.011 Initialize success
12:42:57.136 AVAST engine defs: 12081800
12:43:02.027 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
12:43:02.027 Disk 0 Vendor: Maxtor_6Y060P0 YAR41BW0 Size: 58644MB BusType: 3
12:43:02.043 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
12:43:02.043 Disk 1 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 3
12:43:02.058 Disk 1 MBR read successfully
12:43:02.058 Disk 1 MBR scan
12:43:02.168 Disk 1 unknown MBR code
12:43:02.168 Disk 1 Partition 1 00 DE Dell Utility Dell 8.0 15 MB offset 63
12:43:02.199 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71508 MB offset 32130
12:43:02.230 Disk 1 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 146496735
12:43:02.246 Disk 1 scanning sectors +156232125
12:43:02.339 Disk 1 scanning C:\WINDOWS\system32\drivers
12:43:39.839 Service scanning
12:43:58.511 Service MpKsl2caeef84 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAF8DFAF-63D6-4271-9385-E0B33C91C726}\MpKsl2caeef84.sys **LOCKED** 32
12:44:14.980 Modules scanning
12:44:18.293 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
12:44:19.011 Disk 1 trace - called modules:
12:44:19.027 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
12:44:19.043 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a8b9ab8]
12:44:19.043 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a910d98]
12:44:19.636 AVAST engine scan C:\WINDOWS
12:44:31.793 AVAST engine scan C:\WINDOWS\system32
12:49:52.293 AVAST engine scan C:\WINDOWS\system32\drivers
12:50:55.730 AVAST engine scan C:\Documents and Settings\Admin
13:20:47.152 AVAST engine scan C:\Documents and Settings\All Users
15:43:34.168 Scan finished successfully
16:12:14.605 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\Malware\6 aswMBR\MBR.dat"
16:12:14.668 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\Malware\6 aswMBR\aswMBR.txt"
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 19th, 2012, 9:01 am

Hi kuboa,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Documents and Settings\Admin\Desktop\Malware\6 aswMBR\MBR.dat

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Please also run another scan with DDS and post the dds.txt log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 19th, 2012, 9:43 pm

It's a bit hard to tell if/ when the VirusTotal scan is complete, but after it seemed to stall for awhile, I copy-n-pasted the following, and will post an official log once one becomes available (Note: the angel/ devil meter is at 0-0).

SHA256: 07f6681ce075631840f463a08680cf826903ae8204d85717d9acaaacdd85aca8
SHA1: 8eba88c767f599f6ee99c603d8084958c9ea0241
MD5: 1d43d5241223bce2a5c46a831fe115a8
File size: 512 bytes ( 512 bytes )
File name: MBR.dat
File type: unknown
Detection ratio: 0 / 40
Analysis date: 2012-08-20 01:06:21 UTC ( 1 minute ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120819
AntiVir - 20120819
Antiy-AVL - 20120817
Avast - 20120820
AVG - 20120819
BitDefender - 20120820
ByteHero - 20120817
CAT-QuickHeal - 20120819
ClamAV - 20120820
Commtouch - 20120820
Comodo - 20120819
DrWeb - 20120820
Emsisoft - 20120820
eSafe - 20120819
ESET-NOD32 - 20120819
F-Prot - 20120819
F-Secure - 20120820
Fortinet - 20120820
GData - 20120820
Ikarus - 20120818
Jiangmin - 20120819
K7AntiVirus - 20120818
Kaspersky - 20120820
McAfee - 20120820
McAfee-GW-Edition - 20120820
Norman - 20120819
nProtect - 20120819
Panda - 20120819
Rising - 20120817
Sophos - 20120819
SUPERAntiSpyware - 20120819
Symantec - 20120819
TheHacker - 20120818
TotalDefense - 20120819
TrendMicro - 20120820
TrendMicro-HouseCall - 20120820
VBA32 - 20120817
VIPRE - 20120820
ViRobot - 20120819
VirusBuster - 20120819





New DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Admin at 18:42:37 on 2012-08-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1038 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 1983546703
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1983537141
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EA9DF2EB-A861-4BA4-B611-C0C5A79B9D99} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\gqczuag7.default\
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\gqczuag7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl2caeef84;MpKsl2caeef84;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aaf8dfaf-63d6-4271-9385-e0b33c91c726}\MpKsl2caeef84.sys [2012-8-17 29904]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-12-25 30576]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-2-12 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-16 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 Normandy;Normandy SR2; [x]
S4 Kinetic Books License Service;Kinetic Books License Service;"c:\program files\common files\kinetic books shared\service\kineticbookslicenseservice.exe" --> c:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [?]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-16 655944]
.
=============== Created Last 30 ================
.
2012-08-20 01:32:52 -------- d--h--w- c:\windows\PIF
2012-08-19 08:41:20 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aaf8dfaf-63d6-4271-9385-e0b33c91c726}\offreg.dll
2012-08-17 19:16:46 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aaf8dfaf-63d6-4271-9385-e0b33c91c726}\MpKsl2caeef84.sys
2012-08-16 22:30:05 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aaf8dfaf-63d6-4271-9385-e0b33c91c726}\mpengine.dll
2012-08-16 22:27:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-16 18:41:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 18:41:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-16 18:28:49 -------- d-----w- c:\program files\CCleaner
2012-08-16 16:34:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 09:49:20 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-13 19:38:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-13 19:38:56 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-13 07:00:30 9728 ------w- c:\windows\system32\rwnh.dll
2012-08-13 07:00:30 10752 ------w- c:\windows\system32\smtpapi.dll
2012-08-13 07:00:28 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2012-08-13 07:00:27 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2012-08-13 07:00:20 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2012-08-13 07:00:17 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2012-08-13 07:00:16 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2012-08-13 07:00:16 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2012-08-13 07:00:16 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-08-13 05:43:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-08-13 05:30:39 -------- d-----w- c:\documents and settings\all users\application data\Windows Codecs
2012-08-13 05:30:26 -------- d-----w- c:\program files\Mega Codec Pack
2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-16 16:35:46 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-08-15 09:49:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 09:49:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-13 19:38:31 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
1998-12-09 10:53:54 99840 -c--a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 10:53:54 70144 -c--a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 10:53:54 48640 -c--a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 10:53:54 31744 -c--a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 10:53:54 186368 -c--a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 10:53:54 17920 -c--a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 18:43:09.13 ===============
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 20th, 2012, 5:20 am

Hi kuboa,

In an earlier post I wrote

Your computer has multiple infections, including a rootkit


As you chose to attempt to clean, we removed ZeroAccess rootkit

09:34:24.0131 1412 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
using TDSSKiller.

However there are still symptoms of the rootkit showing in the DDS log

LSP: mswsock.dll


The tools we have at our disposal have failed to completely remove the infection and because of the restrictions imposed by working in XP's Recovery Console I do not recommend trying to remove Zero Access manually.

I therefore have no other option than to recommend that you back up your personal files, then reformat the hard drive and re-install Windows.

If you have any questions please feel free to ask.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby kuboa » August 20th, 2012, 2:40 pm

Drag. OK... thanks for the attempt!!!
kuboa
Regular Member
 
Posts: 29
Joined: March 27th, 2011, 9:59 pm

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 20th, 2012, 2:43 pm

You're welcome!

Sorry we couldn't clean but a reformat will give you a machine that you can have confidence in.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: BITS & Automatic Update services uninstalled

Unread postby deltalima » August 20th, 2012, 2:43 pm

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware