Jump to content

Internet disabled by virus


Recommended Posts

Hi,

I'm trying to fix a Windows XP Media Center computer for a friend's family. It was running incredibly slow for several months or more and every few weeks they would be required to do a system restore. I went over to their house to see if I could help and found the computer had several suspicious programs including Elf Toolbar and Gamespy, which I have had issues with in the past. I used Avast free antivirus and Malwarebytes to scan for viruses. I did not think to look for help on this forum and am now regreting it as I did a few things on my one that had adverse effects. While the scan was running I uninstalled Gamespy with Add/Remove Programs on Control Panel and then uninstalled Elf Toolbar, surprisingly without any visible problems. I left that evening and left the scans running, telling my friend's family to delete anything the scans came up with. When I was able to get back to their computer they said there were over 150 viruses as well as several malware programs. Also, in the uninstalation/deletion of the viruses and malware the CD drives, Microsoft security software, and Internet were disabled. I was able to get the CD drives to work but the Internet and security software still don't work. I went over to look at their computer today but the overall status is unchanged: the computer runs better that ever with the exception of the Internet and security software.

Any help is apreciated!

Here are the logs from the dds.com program:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Mike at 13:14:32 on 2012-06-29

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.354 [GMT -7:00]

.

AV: AVG 7.5.484 *Disabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\HPZipm12.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

C:\Documents and Settings\Mike\Application Data\U3\07747013F900866B\LaunchPad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en

uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Productivity 2 Toolbar: {795828a9-f271-43a8-8536-4484bb991d3d} - c:\program files\productivity_2\prxtbPro2.dll

uURLSearchHooks: H - No File

BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: Productivity 2 Toolbar: {795828a9-f271-43a8-8536-4484bb991d3d} - c:\program files\productivity_2\prxtbPro2.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Productivity 2 Toolbar: {795828a9-f271-43a8-8536-4484bb991d3d} - c:\program files\productivity_2\prxtbPro2.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: musicmatch.com\online

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DC445D52-39A6-42AD-BFB4-F009E7968B05} - hxxp://gotpicturesonline.com/GFOZipper.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{D7E16D41-E351-4B38-88CA-6FF3EC3F5DB5} : DhcpNameServer = 10.0.0.1

Notify: WRNotifier - WRLogonNTF.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-19 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-19 337880]

R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2006-11-27 4224]

R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2006-11-27 3968]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-28 913792]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-19 20696]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-19 44768]

R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2006-11-27 353280]

R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2006-11-27 49664]

R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2006-11-27 353280]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-19 654408]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-29 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-19 22344]

S0 vkabq;vkabq;c:\windows\system32\drivers\hjgtal.sys --> c:\windows\system32\drivers\hjgtal.sys [?]

S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2006-11-27 27776]

S2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2006-11-27 4960]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-19 136176]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-19 136176]

.

=============== Created Last 30 ================

.

2012-06-28 21:14:59 -------- d-----w- c:\documents and settings\all users\application data\IObit

2012-06-28 21:14:48 -------- d-----w- c:\documents and settings\mike\application data\IObit

2012-06-28 21:14:33 -------- d-----w- c:\program files\IObit

2012-06-28 21:11:20 -------- d-----w- c:\documents and settings\mike\application data\Ad-Aware Antivirus

2012-06-28 21:01:13 388096 ----a-r- c:\documents and settings\mike\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-06-28 21:01:10 -------- d-----w- c:\program files\AntiHijacker

2012-06-22 06:14:44 -------- d-----w- C:\ERDNT

2012-06-21 00:01:28 57472 ----a-w- c:\windows\system32\drivers\redbook.sys

2012-06-21 00:01:28 57472 ----a-w- c:\windows\system32\dllcache\redbook.sys

2012-06-20 23:54:56 99840 ----a-w- c:\windows\system32\drivers\tdx.sys

2012-06-20 23:24:22 -------- d-----w- c:\windows\system32\GroupPolicy

2012-06-19 23:09:42 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-06-19 23:08:37 41184 ----a-w- c:\windows\avastSS.scr

2012-06-19 23:08:07 -------- d-----w- c:\program files\AVAST Software

2012-06-19 23:08:07 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-06-19 22:42:45 -------- d-----w- c:\documents and settings\mike\application data\Malwarebytes

2012-06-19 22:42:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-19 22:42:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-19 22:42:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-06-12 03:21:25 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-06-12 03:21:25 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2012-05-29 05:15:26 7258 --s-a-w- c:\windows\system32\KGyGaAvL.sys

2012-05-24 00:54:34 0 --s-a-w- c:\windows\system32\dds_trash_log.cmd

.

============= FINISH: 13:18:06.87 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 3/6/2006 10:29:46 PM

System Uptime: 6/28/2012 1:28:21 PM (24 hours ago)

.

Motherboard: Dell Inc. | | 0WG261

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 82.81 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM (CDFS)

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP2095: 4/2/2012 11:12:53 PM - System Checkpoint

RP2096: 4/4/2012 1:12:45 AM - System Checkpoint

RP2097: 4/6/2012 9:00:36 PM - System Checkpoint

RP2098: 4/8/2012 7:02:55 AM - System Checkpoint

RP2099: 4/9/2012 11:34:31 AM - System Checkpoint

RP2100: 4/10/2012 12:21:56 PM - System Checkpoint

RP2101: 4/12/2012 10:48:25 AM - System Checkpoint

RP2102: 4/13/2012 5:58:16 PM - System Checkpoint

RP2103: 4/13/2012 11:36:23 PM - Software Distribution Service 3.0

RP2104: 4/16/2012 11:23:46 AM - System Checkpoint

RP2105: 4/18/2012 9:42:11 AM - System Checkpoint

RP2106: 4/19/2012 10:57:15 AM - System Checkpoint

RP2107: 4/20/2012 12:54:36 PM - System Checkpoint

RP2108: 4/22/2012 9:45:07 AM - System Checkpoint

RP2109: 4/24/2012 3:55:04 AM - System Checkpoint

RP2110: 4/26/2012 3:55:49 PM - System Checkpoint

RP2111: 4/27/2012 7:07:26 PM - System Checkpoint

RP2112: 4/28/2012 7:50:25 PM - System Checkpoint

RP2113: 4/30/2012 10:29:36 AM - System Checkpoint

RP2114: 5/1/2012 11:24:37 AM - System Checkpoint

RP2115: 5/2/2012 4:02:43 PM - System Checkpoint

RP2116: 5/3/2012 6:19:01 PM - System Checkpoint

RP2117: 5/5/2012 4:03:19 PM - System Checkpoint

RP2118: 5/6/2012 4:52:07 PM - System Checkpoint

RP2119: 5/8/2012 4:08:00 PM - System Checkpoint

RP2120: 5/9/2012 9:01:01 PM - System Checkpoint

RP2121: 5/11/2012 11:22:15 AM - Restore Operation

RP2122: 5/11/2012 2:55:02 PM - Restore Operation

RP2123: 5/12/2012 3:00:41 AM - Software Distribution Service 3.0

RP2124: 5/17/2012 12:33:14 PM - System Checkpoint

RP2125: 5/18/2012 5:01:40 PM - Restore Operation

RP2126: 5/18/2012 8:01:26 PM - Restore Operation

RP2127: 5/19/2012 3:00:39 AM - Software Distribution Service 3.0

RP2128: 5/21/2012 8:28:33 PM - System Checkpoint

RP2129: 5/23/2012 6:10:10 PM - System Checkpoint

RP2130: 5/26/2012 6:13:13 PM - System Checkpoint

RP2131: 5/30/2012 1:26:04 AM - System Checkpoint

RP2132: 5/31/2012 1:37:44 AM - System Checkpoint

RP2133: 6/1/2012 8:52:32 PM - System Checkpoint

RP2134: 6/3/2012 11:51:05 PM - System Checkpoint

RP2135: 6/5/2012 12:59:45 PM - System Checkpoint

RP2136: 6/6/2012 1:25:40 PM - System Checkpoint

RP2137: 6/7/2012 5:46:11 PM - System Checkpoint

RP2138: 6/8/2012 6:13:33 PM - System Checkpoint

RP2139: 6/8/2012 8:28:31 PM - Restore Operation

RP2140: 6/9/2012 8:38:06 PM - System Checkpoint

RP2141: 6/11/2012 4:42:22 PM - System Checkpoint

RP2142: 6/11/2012 8:19:17 PM - Restore Operation

RP2143: 6/12/2012 8:51:12 PM - System Checkpoint

RP2144: 6/14/2012 4:27:10 AM - System Checkpoint

RP2145: 6/15/2012 5:22:02 AM - System Checkpoint

RP2146: 6/16/2012 3:00:34 AM - Software Distribution Service 3.0

RP2147: 6/17/2012 5:18:16 PM - System Checkpoint

RP2148: 6/19/2012 5:13:10 AM - System Checkpoint

RP2149: 6/19/2012 4:08:07 PM - avast! Free Antivirus Setup

RP2150: 6/21/2012 6:02:50 AM - System Checkpoint

RP2151: 6/22/2012 6:08:27 AM - System Checkpoint

RP2152: 6/23/2012 9:19:15 PM - System Checkpoint

RP2153: 6/24/2012 9:21:26 PM - System Checkpoint

RP2154: 6/25/2012 9:27:27 PM - System Checkpoint

RP2155: 6/26/2012 9:38:41 PM - System Checkpoint

RP2156: 6/27/2012 10:04:56 PM - System Checkpoint

RP2157: 6/28/2012 2:01:09 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

1500

1500_Help

1500Trb

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.4

Adobe Shockwave Player 11.6

Advanced SystemCare 5

Age of Empires III

AiO_Scan

AiOSoftware

Andrea VoiceCenter

AOL Uninstaller (Choose which Products to Remove)

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Control Panel

ATI Display Driver

avast! Free Antivirus

AVG Free Edition

Banctec Service Agreement

Blasterball 2 Holidays

Bonjour

BufferChm

CCleaner (remove only)

Classic PhoneTools

Copy

Costco Photo Organizer

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

Creative MediaSource

Creative MuVo V100

Creative System Information

CreativeProjects

CreativeProjectsTemplates

Critical Update for Windows Media Player 11 (KB959772)

CueTour

Dartfish Software 5.0

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Game Console

Dell Support Center

Dell System Restore

DellConnect

DellSupport

Destinations

Digital Content Portal

DiMAGE Viewer

Director

DocProc

DocumentViewer

EducateU

ELIcon

ESPNMotion

Fax

ffdshow [rev 2527] [2008-12-19]

FIFA 99

Finale NotePad 2006

Finale PrintMusic 2009

GemMaster Mystic

Google AFE

Google Chrome

Google Desktop

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 4.0.0.320

Haali Media Splitter

High Definition Audio Driver Package - KB835221

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Extended Capabilities 4.7

HP Games

HP Image Zone 4.7

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Software Update

HPSystemDiagnostics

InstantShare

Intel® 537EP V9x DFV PCI Modem

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

iPhone Configuration Utility

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 2

Learn2 Player (Uninstall Only)

LEGO Racers

LEGO® Batman™

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

MCU

Microsoft .NET Framework 1.0 Hotfix (KB887998)

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MobileMe Control Panel

Modem Event Monitor

Modem Helper

Modem On Hold

MSN Messenger 7.5

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Musicmatch for Windows Media Player

Musicmatch® Jukebox

Musicnotes Player V1.23.2 and Viewer

Norton Security Scan

Otto

PanoStandAlone

PhotoGallery

Pivot Stickfigure Animator

Plants vs. Zombies

Plants vs. Zombies - Game of the Year

Plants vs. Zombies™

PowerDVD 5.5

ProductContext

Productivity 2 Toolbar

QFolder

QuickTime

Readme

RealPlayer

Rhapsody Player Engine

RollerCoaster Tycoon 3

Safari

Scan

ScannerCopy

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944338)

Security Update for Windows XP (KB944533)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB947864)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

SigmaTel Audio

Skies of War

SkinsHP1

Sonic Advanced Decoder

Sonic DLA

Sonic Encoders

Sonic MyDVD LE

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sound Blaster Audigy ADVANCED MB

Sound Blaster Audigy ADVANCED MB Product Registration

Spelling Dictionaries Support For Adobe Reader 9

Star Wars Battlefront II

swMSM

TrayApp

Uninstall Dual Mode Camera (V25)

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Installer for WildTangent Games App

Update Rollup 2 for Windows XP Media Center Edition 2005

Viewpoint Manager (Remove Only)

Viewpoint Media Player

Vivitar Experience Image Manager

WebCyberCoach 3.2 Dell

WebFldrs XP

WebReg

WildTangent Games

WildTangent Games App (HP Games)

WildTangent Web Driver

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix - KB895316

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB888310

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890927

Windows XP Hotfix - KB891781

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

WordPerfect Office 12

Zoo Tycoon 2 - Extinct Animals

.

==== Event Viewer Messages From Past Week ========

.

6/27/2012 9:02:14 AM, error: Service Control Manager [7003] - The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

6/27/2012 9:01:40 AM, error: Service Control Manager [7003] - The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

6/27/2012 9:01:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AswRdr Avg7RsXP Tcpip

6/27/2012 9:01:21 AM, error: Service Control Manager [7001] - The AswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

6/27/2012 9:01:20 AM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).

6/27/2012 9:01:20 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.

6/27/2012 9:01:20 AM, error: Service Control Manager [7023] - The Cpqarry2 service terminated with the following error: The specified module could not be found.

6/27/2012 9:01:20 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450

6/27/2012 9:01:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

6/27/2012 9:01:20 AM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: Afd

6/27/2012 9:01:20 AM, error: Service Control Manager [7003] - The IPSEC Services service depends on the following nonexistent service: IPSec

6/27/2012 9:01:20 AM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT

6/27/2012 9:01:20 AM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The operation completed successfully.

6/27/2012 9:01:20 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/27/2012 9:01:20 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.

6/27/2012 9:01:20 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/27/2012 9:01:20 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/27/2012 9:01:20 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/27/2012 9:01:20 AM, error: Service Control Manager [7000] - The AVG Network Redirector service failed to start due to the following error: The system cannot find the file specified.

6/27/2012 9:01:05 AM, error: Workstation [5727] - Could not load RDR device driver.

6/26/2012 5:38:25 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

.

==== End Of File ===========================

Link to post
Share on other sites

Hello QubicComputers! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall AVG Free Edition and to keep avast! Free Antivirus.

Also, uninstall the following applications:

Productivity 2 Toolbar

Viewpoint Manager (Remove Only)

Viewpoint Media Player

Step 2

Run this tool in the infected system.

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

In your next reply, post the following log files:

  • TDSSKiller log
  • Farbar Service Scanner log
  • a new fresh DDS log file

Link to post
Share on other sites

Here are the logs. I may or may not proceed on repairing the computer based on what my friend's father decides, he may decide that the OS should just be reinstalled. Also, the Flash-disinfector program did not create a autorun.inf file on the USB flash drive I used. Is that a problem?

P.S. Sorry that the TDSS Killer log is not directly in the post but it made the post to long, it is attached instead.

TDSSKiller.2.7.44.0_05.07.2012_13.18.39_log.txtTDSSKiller.2.7.44.0_05.07.2012_13.18.39_log.txtTDSSKiller.2.7.44.0_05.07.2012_13.18.39_log.txtTDSSKiller.2.7.44.0_05.07.2012_13.18.39_log.txtTDSSKiller.2.7.44.0_05.07.2012_13.18.39_log.txtTDSSKiller.2.7.44.0_05.07.2012_13.18.39_log.txtTDSSKiller.2.7.44.0_05.07.2012_13.18.39_log.txt

Farbar Service Scanner Version: 02-07-2012

Ran by Mike (administrator) on 05-07-2012 at 13:23:46

Running from "C:\"

Microsoft Windows XP Professional Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.

NetBt Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.

Tcpip Service is not running. Checking service configuration:

The start type of Tcpip service is OK.

The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open IpSec registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open IpSec registry key. The service key does not exist.

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

There is no connection to network.

Attempt to access Google IP returned error: Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2005-08-16 03:18] - [2006-05-19 05:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.

ATTENTION!=====> C:\WINDOWS\system32\Drivers\netbt.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\tcpip.sys

[2005-08-16 03:18] - [2008-06-20 03:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\dnsrslvr.dll

[2005-08-16 03:18] - [2008-02-19 22:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll

[2005-08-16 03:18] - [2004-08-10 04:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll

[2005-08-16 03:18] - [2005-08-22 11:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2005-08-16 03:37] - [2004-08-10 04:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll

[2005-08-16 03:40] - [2004-08-10 04:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys

[2005-08-16 03:40] - [2004-08-10 04:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll

[2005-08-16 03:18] - [2004-08-10 04:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2005-08-16 03:37] - [2004-08-10 04:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll

[2005-08-16 03:40] - [2004-08-10 04:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll

[2005-08-16 03:40] - [2004-08-10 04:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll

[2005-08-16 03:18] - [2008-07-07 13:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll

[2005-08-16 03:18] - [2004-08-10 04:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe

[2005-08-16 03:18] - [2004-08-10 04:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll

[2005-08-16 03:18] - [2009-02-09 03:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe

[2005-08-16 03:18] - [2009-02-06 03:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD

Extra List:

=======

aswTdi(8) Gpc(6) PSched(7) Tcpip(3)

0x080000000400000001000000020000000300000008000000050000000600000007000000

ATTENTION!=====> IpSec Tag value should be 4. ATTENTION!=====> IpSec Tag value is missing and it should be 4.

**** End of log ****

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Mike at 13:25:30 on 2012-07-05

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.474 [GMT -7:00]

.

AV: AVG 7.5.484 *Disabled/Outdated* {41564737-3200-1071-989B-0000E87B4FB1}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\HPZipm12.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en

uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: musicmatch.com\online

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DC445D52-39A6-42AD-BFB4-F009E7968B05} - hxxp://gotpicturesonline.com/GFOZipper.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{D7E16D41-E351-4B38-88CA-6FF3EC3F5DB5} : DhcpNameServer = 10.0.0.1

Notify: WRNotifier - WRLogonNTF.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-19 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-19 337880]

R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2006-11-27 4224]

R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2006-11-27 3968]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-19 20696]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-19 44768]

R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2006-11-27 353280]

R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2006-11-27 49664]

R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2006-11-27 353280]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-19 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-19 22344]

S0 vkabq;vkabq;c:\windows\system32\drivers\hjgtal.sys --> c:\windows\system32\drivers\hjgtal.sys [?]

S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2006-11-27 27776]

S2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2006-11-27 4960]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-19 136176]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-19 136176]

.

=============== Created Last 30 ================

.

2012-07-05 20:23:37 341299 ----a-w- C:\FSS.exe

2012-06-28 21:14:59 -------- d-----w- c:\documents and settings\all users\application data\IObit

2012-06-28 21:14:48 -------- d-----w- c:\documents and settings\mike\application data\IObit

2012-06-28 21:14:33 -------- d-----w- c:\program files\IObit

2012-06-28 21:11:20 -------- d-----w- c:\documents and settings\mike\application data\Ad-Aware Antivirus

2012-06-28 21:01:10 -------- d-----w- c:\program files\AntiHijacker

2012-06-22 06:14:44 -------- d-----w- C:\ERDNT

2012-06-21 00:01:28 57472 ----a-w- c:\windows\system32\drivers\redbook.sys

2012-06-21 00:01:28 57472 ----a-w- c:\windows\system32\dllcache\redbook.sys

2012-06-20 23:54:56 99840 ----a-w- c:\windows\system32\drivers\tdx.sys

2012-06-20 23:24:22 -------- d-----w- c:\windows\system32\GroupPolicy

2012-06-19 23:09:42 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-06-19 23:08:37 41184 ----a-w- c:\windows\avastSS.scr

2012-06-19 23:08:07 -------- d-----w- c:\program files\AVAST Software

2012-06-19 23:08:07 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-06-19 22:42:45 -------- d-----w- c:\documents and settings\mike\application data\Malwarebytes

2012-06-19 22:42:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-19 22:42:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-19 22:42:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-06-12 03:21:25 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-06-12 03:21:25 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2012-05-29 05:15:26 7258 --s-a-w- c:\windows\system32\KGyGaAvL.sys

2012-05-24 00:54:34 0 --s-a-w- c:\windows\system32\dds_trash_log.cmd

.

============= FINISH: 13:29:10.71 ===============

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.