Jump to content

Recommended Posts

I'm running Windows XP SP3 on an old HP a387x. Yesterday it became infected and I believed it had been sucessfully removed using malwarebytes. Anyway I no longer get the irritating pop up to register, but I have been unable to access the internet and windows firewall remains disabled.

Any help will be greatly appreciated.

Sorry, I forgot to include the DDS.txt file. Here it is:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Lonnie R Shoemaker at 11:17:55 on 2011-12-21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.643 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avast\avastUI.exe

C:\Documents and Settings\Lonnie R Shoemaker\Application Data\mjusbsp\cdloader2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

svchost.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\system32\nvsvc32.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.foxnews.com/

uRun: [cdloader] "c:\documents and settings\lonnie r shoemaker\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [avast] "c:\program files\avast\avastUI.exe" /nogui

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237284453313

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{9EBCA567-C272-43EA-A600-12EE91E93A95} : DhcpNameServer = 192.168.2.1

AppInit_DLLs: prio.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\lonnie r shoemaker\application data\mozilla\firefox\profiles\0ittmpvf.default\

FF - prefs.js: browser.startup.homepage - hxxp://foxnews.com

FF - prefs.js: network.proxy.http_port - 64323

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll

FF - plugin: c:\program files\firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\java\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-18 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-18 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-18 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2011-12-18 44768]

R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-12-18 20480]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-12-18 588032]

S1 MpKsl32f89590;MpKsl32f89590;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{88d1c033-2256-4ca0-91ad-f2488ae354fe}\mpksl32f89590.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{88d1c033-2256-4ca0-91ad-f2488ae354fe}\MpKsl32f89590.sys [?]

S1 MpKsl36c9fe9a;MpKsl36c9fe9a;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpksl36c9fe9a.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKsl36c9fe9a.sys [?]

S1 MpKsl67bc5ba5;MpKsl67bc5ba5;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c70e8a27-3bd8-4e44-83cd-f26872ac962d}\mpksl67bc5ba5.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c70e8a27-3bd8-4e44-83cd-f26872ac962d}\MpKsl67bc5ba5.sys [?]

S1 MpKsl7b01dcb6;MpKsl7b01dcb6;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{5eaa0b29-d481-4e66-b8e0-7629be9cb216}\mpksl7b01dcb6.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{5eaa0b29-d481-4e66-b8e0-7629be9cb216}\MpKsl7b01dcb6.sys [?]

S1 MpKsl7ffefdd4;MpKsl7ffefdd4;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3e91b2dc-d0bc-4c01-95df-b699845484b3}\mpksl7ffefdd4.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3e91b2dc-d0bc-4c01-95df-b699845484b3}\MpKsl7ffefdd4.sys [?]

S1 MpKsl80ca64c2;MpKsl80ca64c2;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{355d2bcf-fd04-4c69-a9c8-c0d6ee96c05a}\mpksl80ca64c2.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{355d2bcf-fd04-4c69-a9c8-c0d6ee96c05a}\MpKsl80ca64c2.sys [?]

S1 MpKsl8c95e3ab;MpKsl8c95e3ab;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{10205639-4756-45b4-97e1-2c869e864461}\mpksl8c95e3ab.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{10205639-4756-45b4-97e1-2c869e864461}\MpKsl8c95e3ab.sys [?]

S1 MpKsl8d027c56;MpKsl8d027c56;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpksl8d027c56.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKsl8d027c56.sys [?]

S1 MpKsl99c80186;MpKsl99c80186;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{59823040-1a5e-4b65-949b-a67f5ef2cd79}\mpksl99c80186.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{59823040-1a5e-4b65-949b-a67f5ef2cd79}\MpKsl99c80186.sys [?]

S1 MpKslb692d310;MpKslb692d310;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{6740d94e-6d41-4e7d-b496-a28523217e58}\mpkslb692d310.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{6740d94e-6d41-4e7d-b496-a28523217e58}\MpKslb692d310.sys [?]

S1 MpKslc585b489;MpKslc585b489;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{49181c38-a696-48db-af85-cb15c31dcd3d}\mpkslc585b489.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{49181c38-a696-48db-af85-cb15c31dcd3d}\MpKslc585b489.sys [?]

S1 MpKslcc44391d;MpKslcc44391d;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\mpkslcc44391d.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{b1b3cc1c-04ed-4aa1-93ea-ef108d6c6678}\MpKslcc44391d.sys [?]

S1 MpKslcd663726;MpKslcd663726;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{19746c8e-1cc1-4c20-9ecf-898ad24893d7}\mpkslcd663726.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{19746c8e-1cc1-4c20-9ecf-898ad24893d7}\MpKslcd663726.sys [?]

S1 MpKslf1554d1d;MpKslf1554d1d;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{804e3637-1ce3-4503-9df2-ccb171b3cd31}\mpkslf1554d1d.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{804e3637-1ce3-4503-9df2-ccb171b3cd31}\MpKslf1554d1d.sys [?]

S1 prio;Prio;c:\windows\system32\drivers\prio.sys [2010-7-28 51408]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 WLSVC;WLSVC;c:\program files\d-link\WLSVC.exe [2011-12-18 167936]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2010-6-16 706304]

S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2009-3-17 465988]

S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-21 07:31:42 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll

2011-12-21 07:31:42 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll

2011-12-21 07:31:42 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll

2011-12-21 07:31:42 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll

2011-12-21 07:31:42 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll

2011-12-21 07:31:42 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll

2011-12-21 07:31:42 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll

2011-12-21 07:31:42 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll

2011-12-21 02:30:44 616024 ----a-w- c:\windows\system32\COMCTL32.OCX

2011-12-19 19:11:38 -------- d-----w- c:\windows\system32\system32

2011-12-19 05:58:41 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-12-19 05:58:17 20480 ----a-w- c:\windows\system32\wlndis50.sys

2011-12-19 05:58:17 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys

2011-12-19 05:57:39 588032 ----a-w- c:\windows\system32\drivers\RTL8192su.sys

2011-12-19 05:57:39 -------- d-----w- c:\windows\pcidevice

2011-12-19 05:57:16 -------- d-----w- c:\program files\D-Link

2011-12-19 03:52:41 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-19 03:52:29 41184 ----a-w- c:\windows\avastSS.scr

2011-12-19 03:52:19 -------- d-----w- c:\program files\Avast

2011-12-19 01:38:37 -------- d-----w- c:\documents and settings\lonnie r shoemaker\local settings\application data\Google

2011-12-18 23:21:46 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software

2011-12-01 21:29:41 -------- d-----w- c:\program files\PrintScreen

2011-11-27 07:41:51 -------- d-----w- c:\program files\Auslogics

.

==================== Find3M ====================

.

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 11:18:36.20 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.