Please if you will, help me. I am currently trying to clean up an elderly couple's computer. It started when there password would not work while trying to connect to AOL. AoL sent them a new install disk, which still did not work. Windows has not been updated. It is still running Service pack 1. Any help would be greatly appreciated, for they cannot afford to take it to a computer repair shop. I ran a quick and full scan with malwarebytes. Ran combofix in safemode with networking from the flash drive. I know I should not have ran combofix on my own, but I did save the log. I then installed Avast free, did a scan which again found numerous items. Did not update or register the product, for fear of connecting the computer to the internet.
Best for me to turn to the experts
Thank you in advance for your time.
hubert
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by PATRICIA ANDERS at 13:13:04.62 on Sat 03/19/2011
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.126.23 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\slmss\slmss.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\mdvnii.exe
C:\WINDOWS\System32\a3d55481.exe
C:\WINDOWS\Nsda.exe
C:\WINDOWS\System32\AVWAV034.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\AOL\1189718484\ee\AOLSoftware.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Documents and Settings\PATRICIA ANDERS\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.crawler.com/?tbid=61000
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://default-homepage-network.com/start.cgi?hklm
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=61000
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_custo ... TbId=61000
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: {47e75560-e9a1-e35e-88fd-c36937f2d9cf} - c:\windows\system32\qyevfu.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [slmss] c:\program files\common files\slmss\slmss.exe
mRun: [mswspl]
mRun: [aqadcup] c:\windows\aqadcup.exe
mRun: [stcinstaller] c:\installer\id53.exe
mRun: [Xuia] c:\windows\mdvnii.exe
mRun: [fncsO] c:\documents and settings\patricia anders\local settings\temp\fncsO.exe
mRun: [f43b68d80286] c:\windows\system32\a3d55481.exe
mRun: [eaur] c:\windows\Nsda.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [HostManager] c:\program files\common files\aol\1189718484\ee\AOLSoftware.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
IE: Crawler Search - tbr:iemenu
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://www114.coolsavings.com/download/cscmv5X.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-10-27 138752]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-4-1 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-4-1 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2004-3-6 106496]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2004-3-6 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2004-3-6 23296]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-18 38224]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-4-1 245760]
SUnknown WinToolsSvc;WinToolsSvc; [x]
.
=============== Created Last 30 ================
.
2011-03-18 20:08:36 -------- d-----w- c:\docume~1\patric~1\applic~1\Malwarebytes
2011-03-18 20:08:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 20:08:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-18 20:08:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 20:08:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 19:36:59 21760 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-18 18:43:25 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-18 18:43:14 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-25 20:35:14 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
.
============= FINISH: 13:14:05.85 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2004 5:51:47 PM
System Uptime: 3/20/2011 4:15:10 AM (8 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2393/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 68.547 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_MUGSFDD_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_MUGSFDD_XX
Service: mugsfdd
.
==== System Restore Points ===================
.
RP50: 2/25/2011 3:32:59 PM - Restore Operation
RP51: 3/3/2011 3:23:20 PM - System Checkpoint
RP52: 3/15/2011 9:37:20 PM - System Checkpoint
RP53: 3/18/2011 3:35:42 PM - System Checkpoint
RP54: 3/19/2011 3:42:52 AM - Removed Java 2 Runtime Environment, SE v1.4.2
RP55: 3/19/2011 12:44:42 PM - Spyware Terminator - restore point
RP56: 3/19/2011 1:31:24 PM - Installed HiJackThis
RP57: 3/20/2011 11:07:42 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
avast! Free Antivirus
Banctec Service Agreement
BCM V.92 56K Modem
Broadcom Management Programs
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support
EarthLink Setup Files
Help and Support Customization
HiJackThis
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
MUSICMATCH® Jukebox
QuickTime
RealOne Player
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Support Software
Update for Windows XP (KB898461)
Viewpoint Media Player
WebFldrs XP
Windows XP Hotfix - KB817611
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB826959
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
3/20/2011 4:17:31 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/20/2011 4:17:31 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
3/20/2011 4:17:31 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/19/2011 12:11:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/19/2011 11:35:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor sp_rsdrv2
3/19/2011 11:29:51 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
3/18/2011 10:59:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/18/2011 10:58:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss sp_rsdrv2 Tcpip
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The Spyware Terminator Realtime Shield Service service depends on the Spyware Terminator Driver 2 service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:58:48 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2011 10:57:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/15/2011 4:08:33 PM, error: Service Control Manager [7000] - The WinTools for IE service service failed to start due to the following error: The system cannot find the file specified.
3/15/2011 3:22:33 PM, error: Service Control Manager [7000] - The ATWPKT2 service failed to start due to the following error: Access is denied.
.
==== End Of File ===========================