Jump to content

Recommended Posts

Yesterday morning our Dell Dimension 8300, P4 running XP had no icons on the desktop. The wallpaper was still there. Clicking Start/Programs showed no programs on the computer. Search thru My Comp/Program Files showed the same, no programs. I was able to running Avira and it found some issues but after restart, same problem. I have tried to run MBAM and keep getting popups that say:

Setup

Access Denied

and then:

Error

An error occurred. Report error code to MBAM support team.

Error Code: 730 (0, 0)

I tried renaming the MBAM download and I tried it from the randon file name download with the same results. The odd thing is, when I was downloading and it asked where I wanted to Save the file, when I clicked Browse, all my programs were there in the Program Files folder.

Anybody have any clues as to what may be causing this? Any help will be greatly appreciated.

Thanks in advance,

Dave

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Link to post
Share on other sites

Ok, finally manged to run unhide.exe. It did bring back my programs to the Start/Programs menu, but when i hover the mouse over them, they say (empty) and have no efeect when clicked on. Also, the desktop is still hijacked as there are no icons on it and right clicking on it has no effect. Also, I can't drag and drop icons to the desktop. Again, any help would be greatly appreciated.

Thanks in advance,

Dave

Link to post
Share on other sites

First we need to rehide hidden / system files so they don't get deleted.

To re-hide those files:

[*]Click on My Computer from your desktop and from the menu click on Tools and then Folder Options.

toolsfolderoptions.png

[*]Click on the View tab and under the Hidden Files and Folders section, choose the radio button that says

Link to post
Share on other sites

Ok, very cool, got desktop back with icons. Drag and drop works and right clicking on desktop works. There still seems to be missing programs in the Start?Programs menu. For example, Start/Programs/Accessories/System Tools on has Internet Explorer. No System Restore or anything else. Also, getting a lot of Script Errors for some reason. Everything else seems fine.

Thanks,

Dave

Link to post
Share on other sites

Yes. Here is the log from it:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6520

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

5/6/2011 4:29:38 PM

mbam-log-2011-05-06 (16-29-29).txt

Scan type: Full scan (C:\|F:\|Z:\|)

Objects scanned: 572546

Time elapsed: 4 hour(s), 4 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

f:\documents and settings\Dad\start menu\Programs\windows recovery (Trojan.FakeAV) -> No action taken.

Files Infected:

f:\documents and settings\Dad\Desktop\windows recovery.lnk (Trojan.FakeAV) -> No action taken.

f:\documents and settings\Dad\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> No action taken.

f:\documents and settings\Dad\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> No action taken.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Still just a blinking cursor. Also getting lots of strange Windows Internet Explorer popups saying Are you sure you want to navigate away from this page? PRESS ENTER TO CLOSE THIS ALERT.

Also was getting some redirects while trying to get back to the MBAM forum.

Link to post
Share on other sites

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt in your next reply

Link to post
Share on other sites

Here's the log for the first:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Dad at 14:23:56.79 on Mon 05/09/2011

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1379 [GMT -8:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

F:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

F:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Avira\AntiVir Desktop\sched.exe

F:\Program Files\Avira\AntiVir Desktop\avguard.exe

F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

F:\Program Files\Bonjour\mDNSResponder.exe

F:\WINDOWS\System32\svchost.exe -k HTTPFilter

F:\Program Files\Avira\AntiVir Desktop\avshadow.exe

F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

F:\Program Files\Java\jre6\bin\jqs.exe

F:\WINDOWS\System32\nvsvc32.exe

F:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

F:\WINDOWS\System32\svchost.exe -k imgsvc

F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\wscntfy.exe

F:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe

F:\WINDOWS\system32\wuauclt.exe

F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Program Files\Messenger\msmsgs.exe

F:\Program Files\Mozilla Firefox\firefox.exe

F:\Program Files\Mozilla Firefox\plugin-container.exe

F:\Documents and Settings\Dad\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - f:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - f:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - f:\program files\yahoo!\search protection\ysp.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - f:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - f:\program files\yahoo!\companion\installs\cpn0\yt.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background

uRun: [spybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [sSBkgdUpdate] "f:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "f:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "f:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "f:\program files\scansoft\paperport\ereg\ereg.exe" -r "f:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini

mRun: [Nikon Transfer Monitor] f:\program files\common files\nikon\monitor\NkMonitor.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - f:\program files\yahoo!\search protection\ysp.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: intuit.com\ttlc

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - f:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - f:\docume~1\dad\applic~1\mozilla\firefox\profiles\np865n7u.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GAM2&o=41647940&locale=en_US&apn_uid=16D8E3C9-0885-49DF-A58E-D001DEED756F&apn_ptnrs=7K&apn_sauid=209A1458-A064-4A02-9D33-A2CB8C8DDDA5&apn_dtid=YYYYYYS9US&q=

FF - prefs.js: network.proxy.type - 1

FF - component: f:\documents and settings\dad\application data\mozilla\firefox\profiles\np865n7u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - plugin: f:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: f:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;f:\program files\avira\antivir desktop\avgio.sys [2011-5-4 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\avira\antivir desktop\sched.exe [2011-5-4 136360]

R2 AntiVirService;Avira AntiVir Guard;f:\program files\avira\antivir desktop\avguard.exe [2011-5-4 269480]

R2 avgntflt;avgntflt;f:\windows\system32\drivers\avgntflt.sys [2011-5-4 61960]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 pmxscan;Visioneer USB Service;f:\windows\system32\drivers\usbscan.sys [2011-3-18 15104]

.

=============== Created Last 30 ================

.

2011-05-09 04:43:48 502253 ----a-w- f:\windows\unhide.exe

2011-05-08 01:00:07 -------- d-----w- f:\program files\XML Notepad 2007

2011-05-06 20:17:06 -------- d-----w- f:\windows\pss

2011-05-04 16:30:22 -------- d-----w- f:\windows\system32\NtmsData

2011-05-04 16:28:14 -------- d-----w- f:\docume~1\dad\applic~1\Avira

2011-05-04 16:24:47 61960 ----a-w- f:\windows\system32\drivers\avgntflt.sys

2011-05-04 16:24:46 -------- d-----w- f:\program files\Avira

2011-05-04 16:24:46 -------- d-----w- f:\docume~1\alluse~1\applic~1\Avira

2011-05-04 15:40:05 -------- d-----w- F:\Malwarebytes' Anti-Malware

2011-05-04 15:35:58 -------- d-----w- F:\Internet Explorer

2011-05-04 09:00:21 509392 ----a-w- f:\windows\system32\PerfStringBackup.TMP

2011-05-03 16:57:29 142296 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll

2011-05-03 16:57:28 89048 ----a-w- f:\program files\mozilla firefox\libEGL.dll

2011-05-03 16:57:28 781272 ----a-w- f:\program files\mozilla firefox\mozsqlite3.dll

2011-05-03 16:57:28 465880 ----a-w- f:\program files\mozilla firefox\libGLESv2.dll

2011-05-03 16:57:28 1974616 ----a-w- f:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-03 16:57:28 1892184 ----a-w- f:\program files\mozilla firefox\d3dx9_42.dll

2011-05-03 16:57:28 1874904 ----a-w- f:\program files\mozilla firefox\mozjs.dll

2011-05-03 16:57:28 15832 ----a-w- f:\program files\mozilla firefox\mozalloc.dll

2011-05-01 00:49:52 -------- d-----w- f:\program files\Linksys EasyLink Advisor

2011-04-30 16:32:54 -------- d-----w- f:\program files\Native Instruments

2011-04-30 16:31:18 36864 ----a-w- f:\windows\system32\Mros432.dll

2011-04-30 16:31:16 36864 ----a-w- f:\windows\system32\audioencoderenum.dll

2011-04-15 19:27:31 -------- d-----w- f:\docume~1\dad\locals~1\applic~1\Intuit

2011-04-15 19:26:48 -------- d-----w- f:\docume~1\dad\applic~1\Intuit

2011-04-15 19:20:49 -------- d-----w- f:\docume~1\dad\locals~1\applic~1\IsolatedStorage

2011-04-15 19:20:42 -------- d-----w- f:\program files\common files\Intuit

2011-04-15 19:01:42 -------- d-----w- f:\windows\system32\XPSViewer

2011-04-15 19:01:10 89088 ----a-w- f:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2011-04-15 19:00:49 89088 -c----w- f:\windows\system32\dllcache\filterpipelineprintproc.dll

2011-04-15 19:00:49 597504 -c----w- f:\windows\system32\dllcache\printfilterpipelinesvc.exe

2011-04-15 19:00:49 597504 ------w- f:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2011-04-15 19:00:49 575488 -c----w- f:\windows\system32\dllcache\xpsshhdr.dll

2011-04-15 19:00:49 575488 ------w- f:\windows\system32\xpsshhdr.dll

2011-04-15 19:00:49 1676288 -c----w- f:\windows\system32\dllcache\xpssvcs.dll

2011-04-15 19:00:49 1676288 ------w- f:\windows\system32\xpssvcs.dll

2011-04-15 19:00:49 117760 ------w- f:\windows\system32\prntvpt.dll

2011-04-15 18:58:33 -------- d-----w- f:\program files\MSXML 6.0

2011-04-15 18:49:35 -------- d-----w- f:\docume~1\alluse~1\applic~1\Intuit

2011-04-13 06:40:22 -------- d-----w- f:\program files\Ask.com

.

==================== Find3M ====================

.

2011-04-02 20:12:51 73728 ----a-w- f:\windows\system32\javacpl.cpl

2011-04-02 20:12:51 472808 ----a-w- f:\windows\system32\deployJava1.dll

2011-03-19 23:03:48 106496 ----a-w- f:\windows\system32\ATL71.DLL

2011-02-19 00:36:58 4184352 ----a-w- f:\windows\system32\usbaaplrc.dll

.

============= FINISH: 14:24:52.70 ===============

Then here's the second one:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 3/18/2011 11:45:02 AM

System Uptime: 5/9/2011 7:10:57 AM (7 hours ago)

.

Motherboard: Dell Computer Corp. | | 0M2035

Processor: Intel® Pentium® 4 CPU 2.60GHz | Microprocessor | 2593/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 155.094 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

F: is FIXED (NTFS) - 74 GiB total, 59.07 GiB free.

Z: is FIXED (NTFS) - 466 GiB total, 351.725 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 3/18/2011 11:55:40 AM - System Checkpoint

RP2: 3/18/2011 1:27:00 PM - Installed Java 2 Runtime Environment, SE v1.4.2

RP3: 3/18/2011 1:04:33 PM - Removed Java 2 Runtime Environment, SE v1.4.2

RP4: 3/18/2011 1:05:45 PM - Installed Java 2 Runtime Environment, SE v1.4.2

RP5: 3/18/2011 7:25:31 PM - Update to an unsigned driver

RP6: 3/18/2011 8:41:00 PM - Software Distribution Service 3.0

RP7: 3/18/2011 8:41:05 PM - Installed Windows XP KB842773.

RP8: 3/18/2011 8:41:41 PM - Installed Windows Installer KB893803v2.

RP9: 3/18/2011 8:41:54 PM - Installed Windows XP KB892130.

RP10: 3/18/2011 8:41:58 PM - Installed Windows XP KB898461.

RP11: 3/18/2011 8:56:29 PM - Installed ScanSoft PaperPort 11

RP12: 3/18/2011 8:58:00 PM - Installed OneTouch 4.0

RP13: 3/18/2011 9:24:42 PM - Software Distribution Service 3.0

RP14: 3/18/2011 9:27:22 PM - Installed Windows XP Service Pack 2.

RP15: 3/18/2011 9:45:34 PM - Software Distribution Service 3.0

RP16: 3/18/2011 9:47:12 PM - Installed Windows XP KB915865.

RP17: 3/18/2011 9:47:33 PM - Installed Windows NLSDownlevelMapping.

RP18: 3/18/2011 9:47:48 PM - Installed Windows IDNMitigationAPIs.

RP19: 3/18/2011 9:48:55 PM - Installed Windows Internet Explorer 7.

RP20: 3/18/2011 9:49:19 PM - Software Distribution Service 3.0

RP21: 3/18/2011 9:56:15 PM - Installed Windows Media Player 11

RP22: 3/18/2011 9:56:33 PM - Installed Windows XP Wudf01000.

RP23: 3/18/2011 9:57:40 PM - Installed Windows XP MSCompPackV1.

RP24: 3/18/2011 9:57:50 PM - Installed Windows XP KB926239.

RP25: 3/19/2011 2:21:59 PM - Installed iTunes

RP26: 3/19/2011 2:50:34 PM - Installed DirectX

RP27: 3/19/2011 2:51:21 PM - Installed Nero 7 Essentials

RP28: 3/19/2011 3:01:52 PM - Installed Panorama Maker

RP29: 3/19/2011 3:02:55 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP30: 3/19/2011 3:05:29 PM - Installed Nikon Transfer

RP31: 3/19/2011 3:08:31 PM - Installed Nikon Message Center

RP32: 3/20/2011 11:25:22 AM - Installed Adobe Reader X (10.0.1).

RP33: 3/21/2011 12:15:45 PM - System Checkpoint

RP34: 3/22/2011 1:25:54 PM - System Checkpoint

RP35: 3/23/2011 1:34:39 PM - System Checkpoint

RP36: 3/24/2011 2:18:38 PM - System Checkpoint

RP37: 3/25/2011 3:04:53 PM - System Checkpoint

RP38: 3/26/2011 3:19:35 PM - System Checkpoint

RP39: 3/27/2011 7:43:51 PM - System Checkpoint

RP40: 3/28/2011 8:18:30 PM - System Checkpoint

RP41: 3/29/2011 11:15:43 PM - System Checkpoint

RP42: 3/31/2011 12:27:31 AM - System Checkpoint

RP43: 4/1/2011 1:18:30 AM - System Checkpoint

RP44: 4/1/2011 8:00:15 PM - Installed Wizard101

RP45: 4/2/2011 12:11:53 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP46: 4/2/2011 12:12:46 PM - Installed Java 6 Update 22

RP47: 4/2/2011 12:13:16 PM - Installed OpenOffice.org 3.3

RP48: 4/3/2011 12:18:25 PM - System Checkpoint

RP49: 4/4/2011 2:09:19 PM - System Checkpoint

RP50: 4/5/2011 2:17:19 PM - System Checkpoint

RP51: 4/6/2011 4:05:53 PM - System Checkpoint

RP52: 4/7/2011 7:36:46 PM - System Checkpoint

RP53: 4/8/2011 8:24:05 PM - System Checkpoint

RP54: 4/9/2011 9:20:42 PM - System Checkpoint

RP55: 4/10/2011 9:52:33 PM - System Checkpoint

RP56: 4/11/2011 10:54:31 PM - System Checkpoint

RP57: 4/13/2011 2:55:21 AM - System Checkpoint

RP58: 4/14/2011 3:48:36 AM - System Checkpoint

RP59: 4/15/2011 4:47:31 AM - System Checkpoint

RP60: 4/15/2011 10:58:46 AM - Installed Windows XP WIC.

RP61: 4/15/2011 11:00:59 AM - Installed Windows KB954550-v5.

RP62: 4/15/2011 11:01:07 AM - Printer Driver Microsoft XPS Document Writer Installed

RP63: 4/15/2011 11:18:16 AM - Printer Driver Microsoft XPS Document Writer Installed

RP64: 4/15/2011 11:21:07 AM - Installed TurboTax 2010 wrapper

RP65: 4/16/2011 11:24:27 AM - System Checkpoint

RP66: 4/17/2011 12:20:14 PM - System Checkpoint

RP67: 4/18/2011 8:48:29 AM - Installed TurboTax 2010 wcaiper

RP68: 4/19/2011 9:20:15 AM - System Checkpoint

RP69: 4/20/2011 10:20:15 AM - System Checkpoint

RP70: 4/21/2011 11:20:20 AM - System Checkpoint

RP71: 4/22/2011 12:32:17 PM - System Checkpoint

RP72: 4/23/2011 1:20:17 PM - System Checkpoint

RP73: 4/24/2011 2:20:17 PM - System Checkpoint

RP74: 4/25/2011 3:20:17 PM - System Checkpoint

RP75: 4/26/2011 5:03:38 PM - System Checkpoint

RP76: 4/27/2011 5:20:19 PM - System Checkpoint

RP77: 4/28/2011 5:20:25 PM - System Checkpoint

RP78: 4/29/2011 5:21:29 PM - System Checkpoint

RP79: 4/30/2011 6:23:10 PM - System Checkpoint

RP80: 5/1/2011 7:38:04 PM - System Checkpoint

RP81: 5/2/2011 8:01:25 PM - System Checkpoint

RP82: 5/3/2011 8:06:25 PM - System Checkpoint

RP83: 5/4/2011 12:59:01 AM - Software Distribution Service 3.0

RP84: 5/5/2011 1:25:08 AM - System Checkpoint

RP85: 5/6/2011 2:24:02 AM - System Checkpoint

RP86: 5/7/2011 2:45:39 AM - System Checkpoint

RP87: 5/7/2011 5:00:04 PM - Installed XML Notepad 2007

RP88: 5/8/2011 5:10:51 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Panorama Maker 4

Ask Toolbar

Avira AntiVir Personal - Free Antivirus

BCM V.92 56K Modem

Bonjour

C-Media PCI Audio

CCleaner

Dell ResourceCD

Drivers Install For Linksys Easylink Advisor

File Uploader

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB954550-v5)

Intel® PRO Network Adapters and Drivers

iTunes

Java 2 Runtime Environment, SE v1.4.2

Java Auto Updater

Java 6 Update 22

Linksys EasyLink Advisor 1.6 (0032)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0.1 (x86 en-US)

MSXML 6.0 Parser (KB933579)

Native Instruments Traktor DJ Audigy Edition

Nero 7 Essentials

neroxml

Nikon Message Center

Nikon Transfer

NVIDIA Drivers

OneTouch 4.0

OpenOffice.org 3.3

PowerDVD

QuickTime

ScanSoft PaperPort 11

Security Update for Windows Internet Explorer 7 (KB982381)

SmartMusic 2011a

SoulSeek Client 156c

SoundMAX

Spybot - Search & Destroy

Steinberg Cubasis VST 4

TurboTax 2010

TurboTax 2010 wcaiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

Update for Windows XP (KB898461)

Update for Windows XP (KB904942)

Visioneer 7600 USB Scanner Driver

WaveLab Lite

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 2

Wizard101

XML Notepad 2007

Yahoo! Install Manager

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

5/8/2011 9:33:17 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

5/8/2011 9:32:55 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

5/8/2011 11:08:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

5/8/2011 11:08:09 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here's the log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-12 10:49:07

-----------------------------

10:49:07.281 OS Version: Windows 5.1.2600 Service Pack 2

10:49:07.281 Number of processors: 1 586 0x209

10:49:07.281 ComputerName: HOMECOMPUTER UserName: Dad

10:49:09.093 Initialize success

10:49:23.843 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

10:49:23.859 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3

10:49:23.875 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c

10:49:23.890 Disk 1 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3

10:49:27.937 Disk 2 MBR read successfully

10:49:27.953 Disk 2 MBR scan

10:49:27.984 Disk 2 Windows XP default MBR code

10:49:28.000 Disk 2 MBR hidden

10:49:30.031 Disk 2 scanning sectors +976768065

10:49:30.046 Disk 2 scanning F:\WINDOWS\system32\drivers

10:49:39.875 Service scanning

10:49:48.062 Disk 2 trace - called modules:

10:49:48.093 ntoskrnl.exe CLASSPNP.SYS disk.sys USBSTOR.SYS hal.dll usbhub.sys USBPORT.SYS usbehci.sys

10:49:48.109 1 nt!IofCallDriver -> \Device\Harddisk2\DR4[0x89965250]

10:49:53.843 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000056[0x89991290]

10:49:54.187 5 USBSTOR.SYS[bace5706] -> nt!IofCallDriver -> \Device\USBPDO-5[0x89985de8]

10:49:54.484 7 usbhub.sys[f76f7504] -> nt!IofCallDriver -> \Device\USBPDO-4[0x89a85030]

10:49:54.812 Scan finished successfully

10:50:14.312 Disk 2 MBR has been saved successfully to "F:\Documents and Settings\Dad\Desktop\MBR.dat"

10:50:14.328 The log file has been saved successfully to "F:\Documents and Settings\Dad\Desktop\aswMBRlog.txt"

Link to post
Share on other sites

Lets see if it's an add-on for IE that's causing the issues.

You can open Internet Explorer without add-ons in 2 ways. One way to open is to navigate to start menu-> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.