Jump to content

Recommended Posts

I have been doing battle with cleaning my XP Media Ctr Edition SP3 PC for a number of days now with little success. Alas, I need help in cleaning this sucker. The XP Security 2012 pop-ups have stopped, still have ping.exe process running and can't get rid of it (also have no less than 9 svchost.exe processes running as well). MalwareByte's protection is constantly blocking outbound IPs. I've scanned with MalwareByte's, SpyBot S&D, TSSKiller, CCleaner, HiJackThis & MS Security Essentials. This is the overall status of my PC. Below are the results of my DDS.scr. I copy/pasted the dds.txt and zipped & attached the attach.txt file as attach.zip. Thanks in advance on help with this.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19

Run by Administrator at 15:29:07 on 2011-12-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1155 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\ehome\RMSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\AirPort\APAgent.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\ehome\RMSysTry.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Dun74\VLC360\vlc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Transcode360] c:\program files\transcode360\Transcode360Tray.exe

mRun: [My Movies Tray] "c:\program files\mce\my movies\My Movies Tray.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [usbBoost] c:\program files\usbboost\TurboHddUsb.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\administrator\desktop\MTV.vbs

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vlc360.lnk - c:\program files\dun74\vlc360\VLC360.bat

uPolicies-explorer: GreyMSIAds = 0 (0x0)

uPolicies-explorer: HideSCABattery = 1 (0x1)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: Interfaces\{E6B482D6-C571-43EE-B7CF-80D299D37BAF} : NameServer = 192.168.1.1,68.237.161.12

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

Notify: xmlproservice - xmlrpw32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Notification Packages = scecli scecli

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\a26tfnti.default\

FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\administrator\application

data\mozilla\firefox\profiles\a26tfnti.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-6-1 7936]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsla8b7afdb;MpKsla8b7afdb;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{ed38aca9-da6c-4adb-8a1e-9aa0e13577d6}\MpKsla8b7afdb.sys [2011-12-18 29904]

R1 oxfwlf;oxfwlf;c:\windows\system32\drivers\OxFWLF.sys [2010-6-17 12043]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 286736]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-6 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 366152]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]

R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-6-1 23680]

R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2011-5-26 55296]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 22216]

R3 powerfil;powerfil;c:\windows\system32\drivers\powerfil.sys [2008-11-15 8832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 NAVAPEL;NAVAPEL;\??\c:\program files\symantec_client_security\symantec antivirus\navapel.sys --> c:\program files\symantec_client_security\symantec

antivirus\NAVAPEL.SYS [?]

S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2004-8-10 14336]

S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);c:\windows\system32\drivers\ceusbaud.sys [2011-6-11 17920]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 NAVAP;NAVAP;\??\c:\progra~1\symant~1\symant~1\navap.sys --> c:\progra~1\symant~1\symant~1\NAVAP.sys [?]

S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20101018.002\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [?]

S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20101018.002\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742); [x]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-12-18 20:21:34 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{ed38aca9-da6c-4adb-8a1e-9aa0e13577d6}\MpKsla8b7afdb.sys

2011-12-18 20:21:31 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{ed38aca9-da6c-4adb-8a1e-9aa0e13577d6}\offreg.dll

2011-12-17 17:34:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-17 17:34:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-17 06:31:02 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-12-17 06:31:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-12-17 05:59:29 388096 ----a-r- c:\documents and settings\administrator\application

data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-12-17 05:59:25 -------- d-----w- c:\program files\Trend Micro

2011-12-16 08:00:02 -------- d-----w- c:\program files\AVG

2011-12-16 07:56:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-12-16 07:55:48 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-12-16 03:12:20 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\backup\mpengine.dll

2011-12-16 03:10:52 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{ed38aca9-da6c-4adb-8a1e-9aa0e13577d6}\mpengine.dll

2011-12-15 18:57:39 37888 ----a-w- c:\windows\system32\xmlrpw32.dll

2011-12-15 01:37:39 -------- d-----w- c:\program files\iPod

2011-12-15 01:37:34 -------- d-----w- c:\program files\iTunes

2011-12-09 05:31:10 -------- d-----w- c:\documents and settings\administrator\application data\Auslogics

2011-12-09 05:31:03 -------- d-----w- c:\program files\Auslogics

2011-12-09 04:49:10 -------- d-----w- c:\program files\CCleaner

2011-12-09 04:38:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-12-09 04:35:35 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-09 02:45:47 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2011-12-09 02:45:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2011-12-08 07:25:39 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-11-27 23:03:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-15 21:45:30 0 ---ha-w- c:\documents and settings\administrator\hwrufegslf.tmp

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 14:30:43 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-07 14:30:42 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-07 14:30:42 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-10-07 14:30:42 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 15:30

attach.zip

Link to post
Share on other sites

I apologize for having 2 posts in this forum. I originally posted in the general forum after reading the "I have a virus, what now" admin post and clicked the "click here" link (had to register) and posted in the general by accident instead of this forum. I read thru the general forum & realized I should have posted here and then reposted here. An admin moved my original post from the general forum to this forum where I now have 2 identical posts. Again, sorry bout that. Could an admin get rid of one of these? I am still awaiting assistance and realize that there is a long queue for help. I hope the double-post doesn't interfere with my receiving assistance. Thank!

-- Dondi

Link to post
Share on other sites

  • 3 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.