Jump to content

Ping.exe hijacked


Recommended Posts

Hello.

I'm having an issue similar to many people on this site. Somehow my computer ended up with the Antivirus 2012 on it. I was able to remove it without issue, but malwarebytes is now picking up consistent outgoing connections that it is blocking as malicious. Seems like I've caught the ping.exe hack.

Can someone assist me in step-by-step walking through to get rid of this. I've never done much with some of the programs mentioned in other threads like ComboFix and others. As a note, this computer is a really old-ass Dell at my work; it's not attached to the network at the moment, so no worries about spreading across the network.

Attached below is the DDS log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

Run by robert at 11:41:00 on 2011-12-13

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.150 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://store.adobe.com/WebObjects/WEC?pageID=RegMp1&awe_571001&platformCode=WIN&prodData=m5qen5uYmpOcnZmSnpyckp2ck5yYnZKZ&version=7.0&nameCode=PHSP&languageCode=USENGLIS&systemCode=AOLN

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [XeroxRegistation] "c:\docume~1\shar\locals~1\temp\xerox\ereg\opbreg.exe" /Startup

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{F5386830-6B9D-472A-8B24-E90DBEDFCCC2} : NameServer = 192.168.1.100,192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: TPSvc - TPSvc.dll

Notify: xmlproservice - xmlrpw32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\robert\application data\mozilla\firefox\profiles\42vqjj4v.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\documents and settings\robert\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\robert\application data\Move Networks

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-26 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-26 29712]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-26 243152]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-12-2 312592]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-18 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-18 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-15 135664]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-12 855904]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-15 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

.

=============== Created Last 30 ================

.

2011-12-13 12:48:34 -------- d-----w- c:\documents and settings\robert\application data\AVG Secure Search

2011-12-12 17:04:24 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2011-12-12 17:04:17 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-12-12 17:04:12 -------- d-----w- c:\program files\AVG Secure Search

2011-12-09 17:57:05 57472 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-12-09 17:57:05 57472 ----a-w- c:\windows\system32\dllcache\redbook.sys

2011-12-09 04:34:28 1409 ----a-w- c:\windows\QTFont.for

.

==================== Find3M ====================

.

2006-11-10 20:46:36 9000041 -c--a-w- c:\program files\trillian-v3[1].1.exe

.

============= FINISH: 11:42:31.17 ===============

Do you need the second, attach.log as well? Any help would be appreciated.

And attach.txt since I saw in the 'start topic' thread that it should be attached.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 8/1/2006 9:34:45 AM

System Uptime: 12/13/2011 7:26:15 AM (4 hours ago)

.

Motherboard: Dell Inc. | | 0JC474

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 53 GiB total, 18.555 GiB free.

D: is FIXED (NTFS) - 18 GiB total, 18.426 GiB free.

E: is CDROM ()

Y: is NetworkDisk (NTFS) - 233 GiB total, 138.744 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1729: 11/27/2011 12:06:39 PM - System Checkpoint

RP1730: 11/28/2011 8:42:21 AM - System Checkpoint

RP1731: 11/29/2011 11:12:49 AM - System Checkpoint

RP1732: 11/30/2011 11:16:34 AM - System Checkpoint

RP1733: 12/1/2011 12:17:39 PM - System Checkpoint

RP1734: 12/2/2011 1:17:39 PM - System Checkpoint

RP1735: 12/3/2011 2:16:34 PM - System Checkpoint

RP1736: 12/4/2011 3:16:34 PM - System Checkpoint

RP1737: 12/5/2011 3:29:49 PM - System Checkpoint

RP1738: 12/6/2011 4:16:34 PM - System Checkpoint

RP1739: 12/8/2011 11:35:00 AM - Restore Operation

RP1740: 12/8/2011 11:52:54 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP1741: 12/8/2011 11:53:43 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP1742: 12/9/2011 11:43:40 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

RP1743: 12/9/2011 12:07:19 PM - Restore Operation

RP1744: 12/9/2011 12:15:01 PM - Restore Operation

RP1745: 12/12/2011 12:01:18 PM - Avg Update

RP1746: 12/13/2011 8:31:12 AM - Avg Update

.

==== Installed Programs ======================

.

Ad-Aware SE Personal

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop 7.0

Adobe Photoshop CS3

Adobe Reader 7.0.9

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AIM 7

AVG Free 9.0

Business Contact Manager for Outlook 2003

CD Designer 7.51.1432

Compatibility Pack for the 2007 Office system

CutePDF Writer 2.7

Dell Driver Reset Tool

Dell System Restore

DellSupport

Digital Content Portal

FileZilla Client 3.3.2.1

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

IObit Security 360

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 11

Java 6 Update 2

Java 6 Update 7

Macromedia Flash Player

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Access 2003

Microsoft Office Professional Edition 2003

Microsoft Visual C++ 2005 Redistributable

Move Media Player

Mozilla Firefox (3.6.24)

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySQL Connector/ODBC 5.1

Nortel Networks Desktop Assistant Pro

OstroSoft SMTP Component

OstroSoft SMTP Component (C:\Program Files\OSSMTP\)

PDF Settings

Qualxserve Service Agreement

QuickTime

Rimage CD Designer Software Suite

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944533)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

SureThing CD Labeler 4 SE - MicroBoards Edition

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB912945)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

WebCyberCoach 3.2 Dell

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format Runtime

Windows Media Player 10

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Xerox Support Centre

.

==== Event Viewer Messages From Past Week ========

.

12/9/2011 8:35:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: General access denied error

12/9/2011 7:35:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error

12/9/2011 6:35:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error

12/9/2011 6:35:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error

12/9/2011 5:35:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error

12/9/2011 5:35:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error

12/9/2011 4:35:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error

12/9/2011 4:35:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error

12/9/2011 3:35:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error

12/9/2011 3:35:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error

12/9/2011 2:35:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error

12/9/2011 2:35:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error

12/9/2011 12:35:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error

12/9/2011 12:35:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error

12/9/2011 1:35:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error

12/9/2011 1:35:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error

12/8/2011 9:35:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: General access denied error

12/8/2011 9:35:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: General access denied error

12/8/2011 8:48:25 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

12/8/2011 8:35:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: General access denied error

12/8/2011 8:35:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: General access denied error

12/8/2011 7:35:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: General access denied error

12/8/2011 7:35:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: General access denied error

12/8/2011 6:35:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: General access denied error

12/8/2011 6:35:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: General access denied error

12/8/2011 5:35:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: General access denied error

12/8/2011 5:35:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: General access denied error

12/8/2011 4:35:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: General access denied error

12/8/2011 4:35:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: General access denied error

12/8/2011 3:35:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: General access denied error

12/8/2011 3:35:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: General access denied error

12/8/2011 2:35:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: General access denied error

12/8/2011 2:35:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: General access denied error

12/8/2011 12:35:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: General access denied error

12/8/2011 12:35:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error

12/8/2011 12:09:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

12/8/2011 11:50:11 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).

12/8/2011 11:46:43 AM, error: NETLOGON [5719] - No Domain Controller is available for domain ADVANCEMEDIA due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

12/8/2011 11:45:42 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/8/2011 11:39:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

12/8/2011 11:39:53 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 11:39:53 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 11:39:53 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 11:39:53 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 11:39:53 AM, error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 11:39:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/8/2011 11:39:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

12/8/2011 11:35:18 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/8/2011 11:35:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: General access denied error

12/8/2011 11:35:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: General access denied error

12/8/2011 11:35:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error

12/8/2011 11:35:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error

12/8/2011 10:35:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: General access denied error

12/8/2011 10:35:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: General access denied error

12/8/2011 1:35:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: General access denied error

12/8/2011 1:35:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: General access denied error

12/7/2011 11:43:45 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'redbook.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

12/13/2011 9:35:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: General access denied error

12/13/2011 9:35:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: General access denied error

12/13/2011 7:57:07 AM, error: Service Control Manager [7034] - The vToolbarUpdater service terminated unexpectedly. It has done this 1 time(s).

12/13/2011 10:35:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: General access denied error

12/13/2011 10:35:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: General access denied error

12/12/2011 2:50:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm

12/12/2011 12:15:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\components\toolbarhomewmp.dll. Reference error message: The operation completed successfully. .

12/12/2011 12:15:26 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .

12/12/2011 12:15:26 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\42vqjj4v.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll. Reference error message: The operation completed successfully. .

12/12/2011 12:15:26 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\components\FF4\toolbarhomewmp.dll. Reference error message: The operation completed successfully. .

12/12/2011 12:15:26 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

.

==== End Of File ===========================

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.