Jump to content

Recommended Posts

Long story short had a virus, used malwarebytes to remove virus/malware, and now I cannot access the internet. I read some forums on the internet and "thought" I narrowed it down to a missing driver....but this is my noncomputer guys opinon so worth about 5 cents. I don't have the windows XP cd's, didn't come with the dell. Anyway, that's the quick summation, and thank you in advance for your help. dds.txt and attach.txt posted below.

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Jada and Aaron at 21:07:49 on 2012-05-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.586 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {70DE7956-479D-4EB7-8641-2B45774C350E} - No File

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [hcsystray] c:\program files\kuma games\hcsystray\hc_tray.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F4430FE8-2638-42e5-B849-800749B94EED}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: musicmatch.com\online

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143094851980

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

TCP: Interfaces\{C743B2E2-AF0C-452C-859C-A8CDE93C121B} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jada and aaron\application data\mozilla\firefox\profiles\vgfg5fqn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll

FF - plugin: c:\documents and settings\jada and aaron\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\jada and aaron\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa2.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox

FF - Ext: XULRunner: {9538ED55-A687-4328-A5EA-E0DBED2FAAF1} - c:\documents and settings\administrator\local settings\application data\{9538ED55-A687-4328-A5EA-E0DBED2FAAF1}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]

S4 0268541270047218mcinstcleanup;McAfee Application Installer Cleanup (0268541270047218);c:\windows\temp\026854~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\026854~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2009-09-14 17:44:21 10038 ----a-w- c:\program files\common files\fedykyjasi.pif

.

============= FINISH: 21:11:36.42 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/3/2006 12:19:49 PM

System Uptime: 5/17/2012 9:04:21 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0YC523

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 70 GiB total, 19.027 GiB free.

D: is CDROM ()

E: is CDROM ()

G: is CDROM (CDFS)

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP622: 12/15/2011 10:39:24 PM - Software Distribution Service 3.0

RP623: 12/16/2011 11:18:32 PM - System Checkpoint

RP624: 12/18/2011 10:55:29 AM - System Checkpoint

RP625: 12/20/2011 1:08:54 AM - System Checkpoint

RP626: 12/21/2011 4:48:16 PM - System Checkpoint

RP627: 12/23/2011 10:41:27 AM - System Checkpoint

RP628: 12/25/2011 12:10:35 PM - System Checkpoint

RP629: 12/26/2011 12:18:21 PM - System Checkpoint

RP630: 12/27/2011 11:10:40 PM - System Checkpoint

RP631: 12/29/2011 9:08:15 PM - System Checkpoint

RP632: 12/31/2011 3:56:51 AM - System Checkpoint

RP633: 1/2/2012 10:59:19 AM - System Checkpoint

RP634: 1/3/2012 6:36:21 PM - System Checkpoint

RP635: 1/5/2012 6:49:16 PM - System Checkpoint

RP636: 1/7/2012 10:22:02 AM - System Checkpoint

RP637: 1/8/2012 10:40:13 AM - System Checkpoint

RP638: 1/9/2012 5:49:45 PM - System Checkpoint

RP639: 1/10/2012 9:18:01 PM - System Checkpoint

RP640: 1/12/2012 6:43:30 PM - Software Distribution Service 3.0

RP641: 1/14/2012 10:06:38 AM - Software Distribution Service 3.0

RP642: 1/15/2012 2:08:51 PM - System Checkpoint

RP643: 1/16/2012 5:08:45 PM - System Checkpoint

RP644: 1/17/2012 5:38:56 PM - System Checkpoint

RP645: 1/18/2012 9:02:25 PM - System Checkpoint

RP646: 1/21/2012 5:20:02 PM - System Checkpoint

RP647: 1/23/2012 11:51:28 PM - System Checkpoint

RP648: 1/25/2012 8:16:44 PM - System Checkpoint

RP649: 1/26/2012 3:00:30 AM - Software Distribution Service 3.0

RP650: 1/28/2012 12:00:11 PM - System Checkpoint

RP651: 1/29/2012 1:01:16 PM - System Checkpoint

RP652: 1/30/2012 9:16:12 PM - System Checkpoint

RP653: 2/2/2012 7:36:53 PM - Restore Operation

RP654: 2/8/2012 7:22:07 PM - System Checkpoint

RP655: 2/13/2012 8:55:41 PM - System Checkpoint

RP656: 2/20/2012 3:50:01 PM - System Checkpoint

RP657: 2/22/2012 8:00:44 PM - System Checkpoint

RP658: 3/11/2012 8:12:45 PM - System Checkpoint

RP659: 3/12/2012 9:11:54 PM - System Checkpoint

RP660: 3/13/2012 10:36:14 PM - System Checkpoint

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 7.0.9

Adobe Shockwave Player 11.5

AGEIA PhysX v2.4.4

Air Conflicts Single Player Demo

AOL Instant Messenger

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Panorama Maker 4

ATI Control Panel

ATI Display Driver

Battlefield Vietnam

Blasterball 2

Bonjour

Canon PhotoRecord

Canon PowerShot A40 WIA Driver

Canon Utilities PhotoStitch 3.1

Canon Utilities RAW Image Converter

Canon Utilities RemoteCapture 2.2

Canon Utilities ZoomBrowser EX

Company of Heroes

Compatibility Pack for the 2007 Office system

Corel Photo Album 6

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Game Console

Dell Photo AIO Printer 924

Dell System Restore

DellSupport

Digital Content Portal

EducateU

Facebook Plug-In

FastStone Image Viewer 3.9

File Uploader

GEAR driver installer for x86 and x64

Google AFE

Google Earth

Google Gears

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel Matrix Storage Manager

Intel® 537EP V9x DF PCI Modem

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

iPod for Windows 2006-01-10

iTunes

Jasc Paint Shop Photo Album 5

Java Auto Updater

Java 6 Update 24

Learn2 Player (Uninstall Only)

Macromedia Flash Player

Malwarebytes' Anti-Malware

MCU

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Document Explorer 2005

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox (3.6.3)

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Musicmatch for Windows Media Player

Musicmatch® Jukebox

Nikon Message Center

Nikon Transfer

Otto

Picasa 3

PowerDVD 5.5

PunkBuster Services

Quake Live Mozilla Plugin

QuickBooks Simple Start Special Edition

QuickTime

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic Encoders

Spybot - Search & Destroy

SpywareBlaster 4.2

Tweak UI

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

V1 Home 2.0

VandM

Viewpoint Media Player

WD Diagnostics

WebCyberCoach 3.2 Dell

WebFldrs XP

WildTangent Web Driver

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix - KB895316

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows PowerShell 1.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinPatrol 2009

WordPerfect Office 12

.

==== Event Viewer Messages From Past Week ========

.

5/17/2012 8:57:33 PM, error: Print [6161] - The document C70Passport80-81ServMan.pdf owned by Jada and Aaron failed to print on printer Dell Photo AIO Printer 924. Data type: LEMF. Size of the spool file in bytes: 2078518. Number of bytes printed: 2078518. Total number of pages in the document: 4. Number of pages printed: 0. Client machine: \\JADA. Win32 error code returned by the print processor: 0 (0x0).

5/17/2012 8:57:10 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

5/17/2012 8:57:10 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT

.

==== End Of File ===========================

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Per the question regarding how the computer behaves. It acts pretty much normal outside of an inability to access the internet. Might also be a little slower to load things like itunes, etc. Thanks, and I'll await further instructions.

ComboFix 12-05-20.04 - Jada & Aaron Admin 05/20/2012 23:03:07.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.703 [GMT -5:00]

Running from: c:\documents and settings\Jada & Aaron Admin\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\D1B5B4F1.TMP

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\documents and settings\Jada and Aaron\GoToAssistDownloadHelper.exe

c:\documents and settings\Jada and Aaron\WINDOWS

c:\windows\$NtUninstallKB64869$

c:\windows\$NtUninstallKB64869$\2356113674\@

c:\windows\$NtUninstallKB64869$\2356113674\bckfg.tmp

c:\windows\$NtUninstallKB64869$\2356113674\cfg.ini

c:\windows\$NtUninstallKB64869$\2356113674\Desktop.ini

c:\windows\$NtUninstallKB64869$\2356113674\keywords

c:\windows\$NtUninstallKB64869$\2356113674\kwrd.dll

c:\windows\$NtUninstallKB64869$\2356113674\L\pdmzmplg

c:\windows\$NtUninstallKB64869$\2356113674\lsflt7.ver

c:\windows\$NtUninstallKB64869$\2356113674\U\00000001.@

c:\windows\$NtUninstallKB64869$\2356113674\U\00000002.@

c:\windows\$NtUninstallKB64869$\2356113674\U\00000004.@

c:\windows\$NtUninstallKB64869$\2356113674\U\80000000.@

c:\windows\$NtUninstallKB64869$\2356113674\U\80000004.@

c:\windows\$NtUninstallKB64869$\2356113674\U\80000032.@

c:\windows\$NtUninstallKB64869$\809559149

c:\windows\system32\SET204.tmp

c:\windows\system32\SET205.tmp

c:\windows\system32\SET23D.tmp

c:\windows\system32\SET242.tmp

c:\windows\system32\SET249.tmp

c:\windows\system32\SET251.tmp

c:\windows\system32\SET252.tmp

c:\windows\system32\SET254.tmp

c:\windows\system32\SET257.tmp

c:\windows\system32\SET28A.tmp

c:\windows\system32\Temp

.

.

((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))

.

.

2012-05-21 03:46 . 2012-05-21 03:46 -------- d-----w- c:\documents and settings\Jada & Aaron Admin\Application Data\Memeo

2012-05-21 03:46 . 2012-05-21 03:46 -------- d-----w- c:\documents and settings\Jada & Aaron Admin\Application Data\Seagate

2012-05-20 18:51 . 2012-05-20 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon

2012-05-20 18:50 . 2012-05-20 18:50 -------- d-----w- c:\documents and settings\Jada and Aaron\Application Data\Memeo

2012-05-20 18:50 . 2012-05-20 18:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Seagate

2012-05-20 18:50 . 2012-05-20 18:50 -------- d-----w- c:\documents and settings\Jada and Aaron\Application Data\Seagate

2012-05-20 18:50 . 2012-05-20 18:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest

2012-05-20 18:49 . 2012-05-20 18:50 -------- d-----w- c:\program files\Common Files\Memeo

2012-05-20 18:49 . 2012-05-20 18:49 -------- d-----w- c:\program files\Memeo

2012-05-20 18:49 . 2012-05-20 18:49 -------- d-----w- c:\program files\Seagate

2012-05-18 02:01 . 2012-05-18 02:01 -------- d-----w- c:\documents and settings\Jada & Aaron Admin\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-14 17:44 . 2009-09-14 17:44 10038 ----a-w- c:\program files\Common Files\fedykyjasi.pif

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]

"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]

"hcsystray"="c:\program files\Kuma Games\hcsystray\hc_tray.exe" [2006-11-02 30928]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]

"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]

.

c:\documents and settings\Jada and Aaron\Start Menu\Programs\Startup\

Seagate NA0CYPXD Product Registration.lnk - c:\documents and settings\Jada & Aaron Admin\Application Data\Leadertech\PowerRegister\Seagate NA0CYPXD Product Registration.exe [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 8:19 PM 135664]

S4 0268541270047218mcinstcleanup;McAfee Application Installer Cleanup (0268541270047218);c:\windows\TEMP\026854~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\026854~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 8:19 PM 135664]

S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:04 PM 25824]

S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-03-13 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-19 16:08]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:18]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

Trusted Zone: musicmatch.com\online

TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

FF - ProfilePath - c:\documents and settings\Jada & Aaron Admin\Application Data\Mozilla\Firefox\Profiles\1si0uzzj.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: XULRunner: {9538ED55-A687-4328-A5EA-E0DBED2FAAF1} - c:\documents and settings\Administrator\Local Settings\Application Data\{9538ED55-A687-4328-A5EA-E0DBED2FAAF1}

FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-20 23:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2008)

c:\windows\system32\WININET.dll

c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\locator.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\stsystra.exe

c:\windows\eHome\ehmsas.exe

c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe

c:\windows\system32\dlcccoms.exe

c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Memeo\AutoBackup\InstantBackup.exe

.

**************************************************************************

.

Completion time: 2012-05-20 23:21:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-21 04:21

.

Pre-Run: 22,057,377,792 bytes free

Post-Run: 23,902,855,168 bytes free

.

- - End Of File - - 52E4EF49DC5D2BAAB1F86E536DFC39AA

Link to post
Share on other sites

Are you using a router?

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /renew

IPCONFIG /flushdns

IPCONFIG /registerdns

regsvr32 netshell.dll

regsvr32 netcfgx.dll

regsvr32 netman.dll

Exit

Restart the computer.

Link to post
Share on other sites

If that didn't work please do this:

First can you check if there are any warnings in device manager, probably under Network Connection Adapter.

To do this click Start >run Type the following command in the Open: text box, and then hit the Enter key or click on the OK button.

devmgmt.msc

Link to post
Share on other sites

If you're happy, I'm happy

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.