Jump to content

virus?

arnelld
 Share

Recommended Posts

arnelld

arnelld

Posted
Posted

I posted in PC help and they directed me here-

I have a HP Elitebook8560p with Windows XP. I was trying to install a dell printer 3115cn through a router. I put the CD in that came with the printer and then I get a download error and it wouldn't install the printer. It says I can not copy delopd.ui.dll file. Not sure what is up, I have to Control Alt delete to get out of the copy files.

Thanks two files are attached.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6000.17115 BrowserJavaVersion: 1.6.0_26

Run by tarnell at 21:39:08 on 2013-05-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.1625 [GMT -6:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\vcsFPService.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\IDT\WDM\STacSV.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe

C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe

C:\WINDOWS\System32\wbem\unsecapp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe

C:\WINDOWS\system32\rpcnet.exe

C:\Program Files\Symantec AntiVirus\12.1.1101.401.105\Bin\ccSvcHst.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Symantec AntiVirus\12.1.1101.401.105\Bin\Smc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CCM\SMSCliUI.exe

C:\Program Files\Symantec AntiVirus\12.1.1101.401.105\Bin\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe

C:\Documents and Settings\tarnell\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InfoBox24.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Documents and Settings\tarnell\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\wbem\unsecapp.exe

C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.williams.com

uWindow Title = Windows Internet Explorer provided by Williams

uDefault_Page_URL = hxxp://my.williams.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

mStart Page = hxxp://my.williams.com

mDefault_Page_URL = hxxp://my.williams.com

uInternet Connection Wizard,ShellNext = iexplore

uProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: SFCDisable = dword:4

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec antivirus\12.1.1101.401.105\bin\ips\IPSBHO.dll

BHO: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - <orphaned>

BHO: Price Check by AOL: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - c:\program files\price check by aol\aolpricecheck.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

uRun: [PPScheduler] c:\program files\scansoft\paperport\PPScheduler.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [HP Photosmart 7510 series (NET)] "c:\program files\hp\hp photosmart 7510 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BP3526N05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1

uRun: [Akamai NetSession Interface] "c:\documents and settings\tarnell\local settings\application data\akamai\netsession_win.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg

mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start

mRun: [sEP11] <no file>

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\InfoBox24.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: DisableWindowsUpdateAccess = 1

uPolicies-Explorer: NoWindowsUpdate = dword:1

uPolicies-Explorer: NoAutoUpdate = dword:1

mPolicies-Explorer: disablewindowsupdateaccess = dword:1

mPolicies-Explorer: nodrivetypeautorun = dword:255

mPolicies-Explorer: nowindowsupdate = dword:1

mPolicies-System: dontdisplaylastusername = dword:1

mPolicies-System: LegalNoticeCaption = Warning:

mPolicies-System: legalnoticetext = This system, including all related equipment, networks, and network devices (including Internet access), is provided for authorized users only.

This system may be monitored for all lawful purposes, including to ensure authorized use, to facilitate protection against unauthorized access, for system maintenance, and to verify security procedures and operational security. There is no right of privacy in this system. All information, including personal information, placed on or sent to this system may be monitored. Information obtained through monitoring may be examined, recorded, copied and used for lawful purposes.

Use of this system, authorized or unauthorized, constitutes consent to the monitoring of this system and to the lawful use of any information obtained through monitoring. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal or adverse action, and use of this system constitutes consent to monitoring for these purposes.mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.williams.com/CACHE/stc/1/binaries/vpnweb.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229958089812

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245256796906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{8065A06A-25D5-44AA-B595-AAE286197B5A} : DHCPNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - <no file>

Notify: SEP - c:\program files\symantec antivirus\12.1.1101.401.105\bin\WinLogoutNotifier.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\tarnell\application data\mozilla\firefox\profiles\vf8f4zsa.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-amonetizetest1-chromesbox-en-us&tb_uuid=20120914030319109&tb_oid=10-10-1010&tb_mrud=10-10-1010

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-amonetizetest1-ab-en-us&tb_uuid=20120914030319109&tb_oid=10-10-1010&tb_mrud=10-10-1010&query=

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll

FF - ExtSQL: !HIDDEN! 2011-04-29 08:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extentions.y2layers.installId, 9506adf9-d925-443a-8967-cb39ed0e7f5f

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\SymDS.sys [2012-4-19 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\SymEFA.sys [2012-4-19 759416]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\bashdefs\20130502.011\BHDrvx86.sys [2013-5-7 1000024]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\Ironx86.sys [2012-4-19 137336]

R2 GobiQDLService;Sierra Wireless QDL Service;c:\program files\sierra wireless inc\gobi\qdlservice\GobiQDLService.exe [2011-3-16 308592]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2011-5-13 317496]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-18 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-18 701512]

R2 MSSQL$OASYSHDB;SQL Server (OASYSHDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]

R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\all users\application data\rpcnet\bin\rpcld.exe --> c:\documents and settings\all users\application data\rpcnet\bin\rpcld.exe [?]

R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec antivirus\12.1.1101.401.105\bin\ccSvcHst.exe [2012-4-19 137208]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-3-24 2762032]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-5-18 641464]

R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2012-1-24 113664]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-1-24 101392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-3-20 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\ipsdefs\20130517.012\IDSXpx86.sys [2013-5-18 373728]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-1-24 44800]

R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2012-1-24 23640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-18 22856]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-1-24 41088]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\virusdefs\20130518.003\NAVENG.SYS [2013-5-18 93296]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\virusdefs\20130518.003\NAVEX15.SYS [2013-5-18 1603824]

R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2012-1-24 7473152]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2012-1-24 62336]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2012-1-24 141440]

R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\drivers\SPUVCBv.sys [2012-1-24 2468728]

R3 swg3kflt02;Sierra Wireless USB Composite Device Filter Driver 02;c:\windows\system32\drivers\swg3kflt02.sys [2011-2-3 27264]

R3 swg3knet02;Sierra Wireless QMI USB-NDIS miniport for HP;c:\windows\system32\drivers\swg3knet02.sys [2011-2-3 280064]

R3 swg3kser02;Sierra Wireless QMI USB Device for Legacy Serial Communication - HP;c:\windows\system32\drivers\swg3kser02.sys [2011-2-3 213504]

R3 swibus02;Sierra Wireless Bus Enumerator 02;c:\windows\system32\drivers\swibus02.sys [2011-2-3 59904]

R3 swibusflt02;Sierra Wireless Bus Enumerator Filter 02;c:\windows\system32\drivers\swibusflt02.sys [2011-2-3 59904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2012-1-24 144984]

S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec antivirus\12.1.1101.401.105\bin\SyDvCtrl32.sys [2012-4-19 23984]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-05-18 23:35:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-18 23:35:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-18 23:13:12 -------- d-----w- c:\program files\Dell Printers

2013-05-18 23:11:55 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll

2013-05-18 23:11:55 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll

2013-05-18 23:11:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

2013-05-18 23:11:55 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll

2013-05-18 23:11:55 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll

2013-05-18 23:11:54 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll

2013-05-18 23:11:54 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll

2013-05-15 12:25:32 -------- d-----w- c:\program files\williams

2013-05-15 01:48:22 -------- d-----w- c:\program files\Dell Inc

2013-05-14 03:41:45 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2013-05-14 03:41:45 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2013-05-14 03:24:00 -------- d-----w- c:\documents and settings\tarnell\local settings\application data\Akamai

2013-05-14 03:21:01 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll

2013-05-14 03:21:01 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll

2013-05-14 03:21:01 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2013-05-14 03:21:01 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll

2013-05-14 03:21:01 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll

2013-05-14 03:20:58 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll

2013-05-14 03:20:58 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll

2013-05-06 15:37:52 -------- d-----w- c:\documents and settings\tarnell\application data\Intel

2013-04-30 21:39:28 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-04-30 21:39:28 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys

.

==================== Find3M ====================

.

2013-05-19 02:12:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2013-05-19 02:12:27 57776 ----a-w- c:\windows\system32\rpcnet.dll

2013-05-19 02:10:38 74752 ----a-w- c:\windows\system32\spoolss.dll

2013-05-19 02:10:38 57856 ----a-w- c:\windows\system32\spoolsv.exe

2013-04-16 13:31:40 17920 ----a-w- c:\windows\system32\rpcnetp.dll

2013-03-20 19:44:44 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-20 19:44:44 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

============= FINISH: 21:39:31.82 ===============

attach.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello arnelld.

A failing hardware install may well be due to factors other than malware. If that is so, (if no malware is found) I will suggest you seek help on the Dell support forum.

Before we get started on "hunting" for malware, close all your browsers and apps, and Restart Windows fresh.

You'd showed a number of open browser windows, plus several instances of MS installer.

We want a clean fresh start.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites
  • 3 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.