Jump to content

Windows XP machine restarts ONLY when connected to Internet--Please Help

loveyeshu
 Share

Recommended Posts

loveyeshu

loveyeshu

Posted
Posted

I have a Gateway Windows Xp machine and it works great, until you connect to the internet. then it shuts itself down and restarts. I have Run malwarebytes and got 2 trojans that it cleaned ( i guess). When i ran the scan again, it was clean. Prior to that I had run the chckdsk /r and sfc /scannow. I also used the Windows Repair Disk to repair the installation. Nothing is working, please help me. I used a USB Rosewill Wireless adapter to connect to my home router and I also tried direct Ethernet.

I dont know if this is malware or hardware or what...i was told to run dds.scr and post the 2 logs, so they are included in this post.

DDS.txt

---------------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - FAT32_x86

Internet Explorer: 6.0.2900.2180

Run by Owner at 23:12:51 on 2013-04-27

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.780 [GMT -4:00]

.

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\Program Files\Rosewill\Common\RegistryWriter.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office11\REFIEBAR.DLL

uRun: [setDefaultMIDI] MIDIDef.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [setDefaultMIDI] MIDIDef.exe

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donotrackplus\ScriptHost.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366828245884

DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab

DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab

DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab

DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab

DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{C664A34E-4157-4DFC-A8D6-10E4417F20FA} : DHCPNameServer = 192.168.1.254

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\rosewill\common\RegistryWriter.exe [2013-4-24 185632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-9-29 1723840]

S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]

S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]

S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]

S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2013-4-24 16512]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2013-4-24 719616]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-04-25 19:41:42 -------- d-sh--w- C:\FOUND.023

2013-04-24 18:50:59 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2013-04-24 18:50:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-04-24 18:27:38 315510 ----a-w- c:\windows\system32\RAPI.dll

2013-04-24 18:27:38 200704 ----a-w- c:\windows\system32\ssleay32.dll

2013-04-24 18:27:38 16512 ----a-w- c:\windows\system32\drivers\RAPIProtocol.sys

2013-04-24 18:27:38 1093632 ----a-w- c:\windows\system32\libeay32.dll

2013-04-24 18:27:33 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2013-04-24 18:27:33 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2013-04-24 18:27:22 719616 ----a-w- c:\windows\system32\drivers\rt2870.sys

2013-04-24 18:27:22 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2013-04-24 18:27:20 -------- d-----w- c:\program files\Rosewill

2013-04-24 18:27:20 -------- d-----w- c:\documents and settings\all users\application data\Rosewill Driver

2013-04-24 16:49:41 -------- d-----w- c:\windows\system32\wbem\repository.001\FS

2013-04-24 16:49:41 -------- d-----w- c:\windows\system32\wbem\Repository.001

2013-04-24 16:49:27 380416 ------w- c:\windows\system32\irprops.cpl

2013-04-24 16:49:26 162304 ------w- c:\windows\system32\wuaucpl.cpl

2013-04-24 16:47:01 19528 ----a-w- c:\windows\002530_.tmp

2013-04-22 19:05:05 51200 ----a-w- c:\windows\system32\sfman32.dll

2013-04-22 19:05:05 51200 ----a-w- c:\windows\system32\dllcache\sfman32.dll

2013-04-22 18:51:59 111104 ----a-w- c:\windows\system32\dllcache\mtstocom.exe

2013-04-22 18:48:36 68608 ----a-w- c:\windows\system32\access.cpl

2013-04-22 18:43:32 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys

2013-04-22 18:43:26 6400 ----a-w- c:\windows\system32\drivers\splitter.sys

2013-04-22 18:43:17 57472 ----a-w- c:\windows\system32\drivers\redbook.sys

2013-04-22 18:41:41 753664 ----a-w- c:\windows\system32\nwiz.exe

2013-04-22 18:41:41 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl

2013-04-22 18:41:41 450560 ----a-w- c:\windows\system32\nvshell.dll

2013-04-22 18:41:41 397312 ----a-w- c:\windows\system32\nvappbar.exe

2013-04-22 18:41:41 1175552 ----a-w- c:\windows\system32\nview.dll

2013-04-22 18:41:41 1007616 ----a-w- c:\windows\system32\nviewimg.dll

2013-04-22 18:41:24 40840 ----a-w- c:\windows\system32\drivers\termdd.sys

2013-04-21 21:43:26 -------- d-----w- c:\program files\Creative

2013-04-21 21:43:14 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll

2013-04-21 21:43:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll

2013-04-21 21:43:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe

2013-04-21 21:43:14 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll

2013-04-21 21:43:14 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll

2013-04-21 21:43:11 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll

2013-04-21 21:43:11 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll

.

==================== Find3M ====================

.

2013-04-24 17:33:42 49152 ----a-w- c:\windows\ctdcres.dll

2013-04-24 17:33:42 20480 ----a-w- c:\windows\inRes.dll

2013-02-12 00:32:24 12928 ------w- c:\windows\system32\drivers\usb8023x.sys

2013-02-05 05:53:58 385024 ----a-w- c:\windows\system32\html.iec

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1600JD-22FYB0 rev.02.05D02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x863B949F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863c0738]; MOV EAX, [0x863c08ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E19BC] -> \Device\Harddisk0\DR0[0x86773AB8]

3 CLASSPNP[0xF78C405B] -> nt!IofCallDriver[0x804E19BC] -> \Device\00000065[0x867C8F18]

5 ACPI[0xF781A620] -> nt!IofCallDriver[0x804E19BC] -> [0x86751D98]

\Driver\atapi[0x86569F38] -> IRP_MJ_CREATE -> 0x863B949F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x863B92C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 23:13:30.20 ===============

Then the Attach.txt

---------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/22/2013 2:52:31 PM

System Uptime: 4/27/2013 11:11:05 PM (0 hours ago)

.

Motherboard: Intel Corporation | | D865GLC

Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 2992/200mhz

Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 2992/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (FAT32) - 149 GiB total, 114.876 GiB free.

D: is Removable

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 4/22/2013 2:59:31 PM - System Checkpoint

RP2: 4/22/2013 7:24:37 PM - Chasse Fix

RP3: 4/22/2013 7:14:00 PM - System Checkpoint

RP4: 4/24/2013 12:47:03 PM - Installed Windows XP Service Pack 2.

RP5: 4/24/2013 2:27:20 PM - Installed Rosewill Wireless Network 11N USB adapter RNX-N2X

RP6: 4/25/2013 4:15:19 PM - System Checkpoint

RP7: 4/26/2013 5:11:17 PM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.3.4

AiO_Scan_CDA

AiOSoftwareNPI

Apple Application Support

Apple Software Update

BufferChm

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

Creative Driver

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

Do Not Track Plus Add-on 2.1.0.322

DocProc

eSupportQFolder

F300

F300_Help

F300Trb

Fax_CDA

Gateway Drivers and Applications Recovery

Gateway IE Customizations

HP Deskjet 3000 J310 series Basic Device Software

HP Deskjet 3000 J310 series Help

HP Deskjet 3000 J310 series Product Improvement Study

HP Extended Capabilities 6.1

HP Imaging Device Functions 6.1

HP Photo Creations

HP Photosmart Essential

HP Product Assistant

HP PSC & OfficeJet 6.1.A

HP Solution Center and Imaging Support Tools 6.1

HP Update

HPProductAssistant

Intel® 537EP Data Fax Modem

Intel® PRO Network Adapters and Drivers

Intel® PROSet

iTunes

Java 2 Runtime Environment, SE v1.4.2

Java Auto Updater

Java 6 Update 19

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Mozilla Thunderbird 12.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NewCopy_CDA

NVIDIA Display Driver

Office 2003 Setup Files

ProductContextNPI

QuickTime

Readme

Rosewill Wireless Network 11N USB adapter RNX-N2X

Scan

ScannerCopy

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

SolutionCenter

Spotify

Status

Toolbox

TrayApp

Unload

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 2

Yahoo! BrowserPlus 2.9.8

Yahoo! Install Manager

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

4/26/2013 8:34:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor

4/26/2013 5:53:30 PM, error: Service Control Manager [7000] - The Fast User Switching Compatibility service failed to start due to the following error: The I/O operation has been aborted because of either a thread exit or an application request.

4/25/2013 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error

4/25/2013 7:32:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error

4/25/2013 5:10:41 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

4/25/2013 5:10:33 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

4/25/2013 5:10:30 PM, error: Service Control Manager [7034] - The Ralink Registry Writer service terminated unexpectedly. It has done this 1 time(s).

4/25/2013 5:10:24 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).

4/25/2013 5:10:18 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2013 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error

4/24/2013 12:54:36 PM, error: Service Control Manager [7023] - The Portable Media Serial Number service terminated with the following error: The specified module could not be found.

4/23/2013 5:23:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips FltMgr Processor

4/22/2013 6:38:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FltMgr

4/22/2013 6:38:54 PM, error: Service Control Manager [7022] - The DCOM Server Process Launcher service hung on starting.

4/22/2013 6:38:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

4/22/2013 6:38:54 PM, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

4/22/2013 5:01:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/22/2013 4:58:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips FltMgr IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 3:35:24 PM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: The specified procedure could not be found.

4/22/2013 3:35:24 PM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The specified procedure could not be found.

4/22/2013 2:56:20 PM, error: Service Control Manager [7024] - The Wireless Zero Configuration service terminated with service-specific error 11 (0xB).

4/22/2013 2:53:55 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.

4/22/2013 2:50:23 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

4/21/2013 5:50:45 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

4/21/2013 4:03:09 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

4/21/2013 4:01:23 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The I/O operation has been aborted because of either a thread exit or an application request.

4/21/2013 4:01:23 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The I/O operation has been aborted because of either a thread exit or an application request.

4/21/2013 4:01:23 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service has not been started.

4/21/2013 3:58:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/21/2013 3:55:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/21/2013 3:28:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

4/21/2013 3:28:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello loveyeshu! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

In your next reply, post the following log files:

  • TDSSKiller log
  • a new fresh DDS log

Link to post
Share on other sites
loveyeshu

loveyeshu

Posted
  • Author
Posted

The TSSKILLER log is too long to post, i attached it and posted the dds log and the attach log (from dds)

dds log

---------------------------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - FAT32_x86

Internet Explorer: 6.0.2900.2180

Run by Owner at 12:54:26 on 2013-04-29

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.782 [GMT -4:00]

.

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\Program Files\Rosewill\Common\RegistryWriter.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office11\REFIEBAR.DLL

uRun: [setDefaultMIDI] MIDIDef.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [setDefaultMIDI] MIDIDef.exe

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donotrackplus\ScriptHost.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366828245884

DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab

DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab

DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab

DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab

DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab

DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab

DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{C664A34E-4157-4DFC-A8D6-10E4417F20FA} : DHCPNameServer = 192.168.1.254

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\rosewill\common\RegistryWriter.exe [2013-4-24 185632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-9-29 1723840]

S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]

S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]

S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]

S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2013-4-24 16512]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2013-4-24 719616]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-04-29 16:51:37 -------- d-----w- C:\TDSSKiller_Quarantine

2013-04-25 19:41:42 -------- d-sh--w- C:\FOUND.023

2013-04-24 18:50:59 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2013-04-24 18:50:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-04-24 18:27:38 315510 ----a-w- c:\windows\system32\RAPI.dll

2013-04-24 18:27:38 200704 ----a-w- c:\windows\system32\ssleay32.dll

2013-04-24 18:27:38 16512 ----a-w- c:\windows\system32\drivers\RAPIProtocol.sys

2013-04-24 18:27:38 1093632 ----a-w- c:\windows\system32\libeay32.dll

2013-04-24 18:27:33 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2013-04-24 18:27:33 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2013-04-24 18:27:22 719616 ----a-w- c:\windows\system32\drivers\rt2870.sys

2013-04-24 18:27:22 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2013-04-24 18:27:20 -------- d-----w- c:\program files\Rosewill

2013-04-24 18:27:20 -------- d-----w- c:\documents and settings\all users\application data\Rosewill Driver

2013-04-24 16:49:41 -------- d-----w- c:\windows\system32\wbem\repository.001\FS

2013-04-24 16:49:41 -------- d-----w- c:\windows\system32\wbem\Repository.001

2013-04-24 16:49:27 380416 ------w- c:\windows\system32\irprops.cpl

2013-04-24 16:49:26 162304 ------w- c:\windows\system32\wuaucpl.cpl

2013-04-24 16:47:01 19528 ----a-w- c:\windows\002530_.tmp

2013-04-22 19:05:05 51200 ----a-w- c:\windows\system32\sfman32.dll

2013-04-22 19:05:05 51200 ----a-w- c:\windows\system32\dllcache\sfman32.dll

2013-04-22 18:51:59 111104 ----a-w- c:\windows\system32\dllcache\mtstocom.exe

2013-04-22 18:48:36 68608 ----a-w- c:\windows\system32\access.cpl

2013-04-22 18:43:32 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys

2013-04-22 18:43:26 6400 ----a-w- c:\windows\system32\drivers\splitter.sys

2013-04-22 18:43:17 57472 ----a-w- c:\windows\system32\drivers\redbook.sys

2013-04-22 18:41:41 753664 ----a-w- c:\windows\system32\nwiz.exe

2013-04-22 18:41:41 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl

2013-04-22 18:41:41 450560 ----a-w- c:\windows\system32\nvshell.dll

2013-04-22 18:41:41 397312 ----a-w- c:\windows\system32\nvappbar.exe

2013-04-22 18:41:41 1175552 ----a-w- c:\windows\system32\nview.dll

2013-04-22 18:41:41 1007616 ----a-w- c:\windows\system32\nviewimg.dll

2013-04-22 18:41:24 40840 ----a-w- c:\windows\system32\drivers\termdd.sys

2013-04-21 21:43:26 -------- d-----w- c:\program files\Creative

2013-04-21 21:43:14 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll

2013-04-21 21:43:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll

2013-04-21 21:43:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe

2013-04-21 21:43:14 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll

2013-04-21 21:43:14 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll

2013-04-21 21:43:11 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll

2013-04-21 21:43:11 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll

.

==================== Find3M ====================

.

2013-04-24 17:33:42 49152 ----a-w- c:\windows\ctdcres.dll

2013-04-24 17:33:42 20480 ----a-w- c:\windows\inRes.dll

2013-02-12 00:32:24 12928 ------w- c:\windows\system32\drivers\usb8023x.sys

2013-02-05 05:53:58 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 12:55:00.25 ===============

--------------------------------------------------------------------------------------------------------------------------------------

attach log

---------------------------------------------------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/22/2013 2:52:31 PM

System Uptime: 4/29/2013 12:52:13 PM (0 hours ago)

.

Motherboard: Intel Corporation | | D865GLC

Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 2992/200mhz

Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 2992/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (FAT32) - 149 GiB total, 114.87 GiB free.

D: is Removable

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 4/22/2013 2:59:31 PM - System Checkpoint

RP2: 4/22/2013 7:24:37 PM - Chasse Fix

RP3: 4/22/2013 7:14:00 PM - System Checkpoint

RP4: 4/24/2013 12:47:03 PM - Installed Windows XP Service Pack 2.

RP5: 4/24/2013 2:27:20 PM - Installed Rosewill Wireless Network 11N USB adapter RNX-N2X

RP6: 4/25/2013 4:15:19 PM - System Checkpoint

RP7: 4/26/2013 5:11:17 PM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.3.4

AiO_Scan_CDA

AiOSoftwareNPI

Apple Application Support

Apple Software Update

BufferChm

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

Creative Driver

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

Do Not Track Plus Add-on 2.1.0.322

DocProc

eSupportQFolder

F300

F300_Help

F300Trb

Fax_CDA

Gateway Drivers and Applications Recovery

Gateway IE Customizations

HP Deskjet 3000 J310 series Basic Device Software

HP Deskjet 3000 J310 series Help

HP Deskjet 3000 J310 series Product Improvement Study

HP Extended Capabilities 6.1

HP Imaging Device Functions 6.1

HP Photo Creations

HP Photosmart Essential

HP Product Assistant

HP PSC & OfficeJet 6.1.A

HP Solution Center and Imaging Support Tools 6.1

HP Update

HPProductAssistant

Intel® 537EP Data Fax Modem

Intel® PRO Network Adapters and Drivers

Intel® PROSet

iTunes

Java 2 Runtime Environment, SE v1.4.2

Java Auto Updater

Java 6 Update 19

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Mozilla Thunderbird 12.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NewCopy_CDA

NVIDIA Display Driver

Office 2003 Setup Files

ProductContextNPI

QuickTime

Readme

Rosewill Wireless Network 11N USB adapter RNX-N2X

Scan

ScannerCopy

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

SolutionCenter

Spotify

Status

Toolbox

TrayApp

Unload

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 2

Yahoo! BrowserPlus 2.9.8

Yahoo! Install Manager

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

4/26/2013 8:34:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor

4/26/2013 5:53:30 PM, error: Service Control Manager [7000] - The Fast User Switching Compatibility service failed to start due to the following error: The I/O operation has been aborted because of either a thread exit or an application request.

4/25/2013 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error

4/25/2013 7:32:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error

4/25/2013 5:10:41 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

4/25/2013 5:10:33 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

4/25/2013 5:10:30 PM, error: Service Control Manager [7034] - The Ralink Registry Writer service terminated unexpectedly. It has done this 1 time(s).

4/25/2013 5:10:24 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).

4/25/2013 5:10:18 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2013 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error

4/24/2013 12:54:36 PM, error: Service Control Manager [7023] - The Portable Media Serial Number service terminated with the following error: The specified module could not be found.

4/24/2013 12:04:54 AM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: The specified procedure could not be found.

4/24/2013 12:04:54 AM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The specified procedure could not be found.

4/24/2013 12:04:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FltMgr

4/24/2013 12:04:51 AM, error: Service Control Manager [7022] - The DCOM Server Process Launcher service hung on starting.

4/24/2013 12:04:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

4/24/2013 12:04:51 AM, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

4/24/2013 12:02:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/23/2013 5:27:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/23/2013 5:23:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips FltMgr Processor

4/22/2013 4:58:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips FltMgr IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 4:58:56 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

4/22/2013 2:56:20 PM, error: Service Control Manager [7024] - The Wireless Zero Configuration service terminated with service-specific error 11 (0xB).

4/22/2013 2:53:55 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.

4/22/2013 2:50:23 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

.

==== End Of File ===========================

TDSSKiller.2.8.8.0_29.04.2013_12.48.11_log.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please run TDSSKiller and use Delete option on this entry:

12:51:39.0078 1084 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

12:51:39.0078 1084 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites
loveyeshu

loveyeshu

Posted
  • Author
Posted

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

4/29/2013 7:55:51 PM

mbam-log-2013-04-29 (19-55-51).txt

Scan type: Quick scan

Objects scanned: 296832

Time elapsed: 13 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
loveyeshu

loveyeshu

Posted
  • Author
Posted

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.01.08

Windows XP Service Pack 2 x86 FAT32

Internet Explorer 6.0.2900.2180

Owner :: LAURIE-6VRHKP2S [administrator]

5/1/2013 5:23:15 PM

mbam-log-2013-05-01 (17-23-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 298905

Time elapsed: 16 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
loveyeshu

loveyeshu

Posted
  • Author
Posted

It deletes files then hangs up while trying to delete folder:

C:\Documents and Settings\All Users\Application Data\Temp

All desktop icons go away and the taskbar. Desktop wallpaper remains but there is just a blinking cursor under the folder deletion.

Link to post
Share on other sites
  • 2 weeks later...
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept